Presenting managed security credentials to network sites

US 8,819,795 B2
Filed: 02/01/2012
Issued: 08/26/2014
Est. Priority Date: 02/01/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying at least one program executable in a computing device, the at least one program comprising:

code that maintains a plurality of accounts of a user for a plurality of network sites;

code that determines that a secured resource of a network site is to be accessed by the computing device;

code that identifies a plurality of the accounts which are accepted by the network site for authentication to the secured resource based in part on a domain name of the network site and a listing of supported third-party authentication providers obtained from the network site;

code that renders for display a user interface configured to obtain a user selection of at least one of the plurality of the accounts;

code that stores the user selection of the at least one of the plurality of the accounts in association with the domain name of the network site;

code that determines if an authentication endpoint for the network site is defined, wherein the authentication endpoint comprises a system configured to facilitate authentication of the user for the network site;

code that, in response to determining the authentication endpoint is defined, automatically submits, independent of a user interaction with the user interface, to the authentication endpoint a hypertext transfer protocol (HTTP) request comprising a security credential associated with the at least one of the plurality of the accounts that is selected by the user selection; and

code that, in response to determining the authentication endpoint is not defined, automatically completes an authentication form for the network site using the security credential and automatically manipulates a submit button on the authentication form.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for providing managed security credentials to network sites for authentication. Multiple accounts of a user are maintained for multiple network sites. A secured resource of a network site is to be accessed by a computing device. One of the accounts is identified according to a domain name of the network site. The account is associated with a different network site having a different domain name from the domain name. The computing device is automatically authenticated with the network site using a security credential associated with the account.

Citations

20 Claims

1. A non-transitory computer-readable medium embodying at least one program executable in a computing device, the at least one program comprising:
- code that maintains a plurality of accounts of a user for a plurality of network sites;
  
  code that determines that a secured resource of a network site is to be accessed by the computing device;
  
  code that identifies a plurality of the accounts which are accepted by the network site for authentication to the secured resource based in part on a domain name of the network site and a listing of supported third-party authentication providers obtained from the network site;
  
  code that renders for display a user interface configured to obtain a user selection of at least one of the plurality of the accounts;
  
  code that stores the user selection of the at least one of the plurality of the accounts in association with the domain name of the network site;
  
  code that determines if an authentication endpoint for the network site is defined, wherein the authentication endpoint comprises a system configured to facilitate authentication of the user for the network site;
  
  code that, in response to determining the authentication endpoint is defined, automatically submits, independent of a user interaction with the user interface, to the authentication endpoint a hypertext transfer protocol (HTTP) request comprising a security credential associated with the at least one of the plurality of the accounts that is selected by the user selection; and
  
  code that, in response to determining the authentication endpoint is not defined, automatically completes an authentication form for the network site using the security credential and automatically manipulates a submit button on the authentication form.
- View Dependent Claims (2, 3)
- - 2. The non-transitory computer-readable medium of claim 1, wherein a respective at least one of the plurality of the accounts is associated with the plurality of network sites.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the code that identifies the plurality of the accounts further comprises code that compares a second-level portion of the domain name with a second-level portion of a different stored domain name.

4. A system, comprising:
- a computing device; and
  
  an authentication management client application executable in the computing device, the authentication management client application comprising;
  
  logic that maintains a plurality of accounts of a user for a plurality of network sites;
  
  logic that determines that a secured resource of a network site is to be accessed by the computing device;
  
  logic that identifies at least one of the accounts according to a domain name of the network site, the at least one of the accounts being associated with a different network site having a different domain name from the domain name; and
  
  logic that automatically completes an authentication form for the network site using the identified at least one of the accounts and automatically manipulates a submit button on the authentication form.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 5. The system of claim 4, wherein the logic that identifies the at least one of the accounts further comprises:
    - logic that sends an account identification request to an authentication management service, the account identification request including the domain name of the network site; and
      
      logic that obtains an account identification from the authentication management service in response to the account identification request, the account identification request specifying the at least one of the accounts.
  - 6. The system of claim 4, wherein the different domain name of the different network site includes a portion in common with the domain name, and the portion in common excludes a first-level domain name.
  - 7. The system of claim 4, wherein the network site is an affiliate of the different network site.
  - 8. The system of claim 4, wherein the logic that automatically authenticates with the network site is further configured to obtain a consent indication from the user before automatically authenticating with the network site.
  - 9. The system of claim 8, wherein the consent indication is previously stored by the user.
  - 10. The system of claim 4, wherein the logic that identifies the at least one of the accounts is further configured to identify the at least one of the accounts according to a second-level domain name of the network site.
  - 11. The system of claim 4, wherein the authentication management client application further comprises:
    - logic that determines that another secured resource of another network site is to be accessed by the computing device;
      
      logic that identifies the at least one of the accounts according to another domain name of the another network site; and
      
      logic that automatically authenticates with the another network site using a security credential associated with the at least one of the accounts.
  - 12. The system of claim 11, wherein the domain name and the another domain name each have a same second-level domain name and a different first-level domain name.
  - 13. The system of claim 4, wherein the logic that identifies the at least one of the accounts further comprises:
    - logic that identifies a plurality of the accounts according to the domain name of the network site;
      
      logic that generates a user interface configured to obtain a user selection of one of the plurality of the accounts; and
      
      logic that identifies the at least one of the accounts according to the user selection.
  - 14. The system of claim 4, wherein the logic that identifies the one of the accounts further comprises:
    - logic that identifies a plurality of the accounts according to the domain name of the network site; and
      
      logic that identifies the at least one of the accounts out of the plurality of the accounts according to a stored user preference.

15. A method, comprising:
- maintaining, in a computing device, a plurality of accounts of a user for a plurality of network sites;
  
  determining, in the computing device, that a secured resource of a network site is to be accessed by the computing device;
  
  determining, in the computing device, a plurality of the accounts which are accepted by the network site for authentication to the secured resource;
  
  selecting, in the computing device, at least one of the plurality of the accounts for authentication to the secured resource;
  
  determining, via the computing device, whether a supplemental authentication credential is required for authentication with the network site in addition to a security credential associated with the at least one of the plurality of accounts that is selected;
  
  automatically authenticating, in the computing device, with the network site using the security credential associated with the at least one of the plurality of the accounts in response to determining that the supplemental authentication credential is not required;
  
  obtaining, via the computing device, the supplemental authentication credential in response to determining that the supplemental authentication credential is required; and
  
  automatically authenticating, via the computing device, with the network site using both the security credential and the supplemental authentication credential in response to obtaining the supplemental authentication credential.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the selecting further comprises:
    - rendering for display, in the computing device, a user interface configured to obtain a user selection of the at least one of the plurality of the accounts; and
      
      obtaining, in the computing device, the user selection.
  - 17. The method of claim 15, wherein the selecting further comprises selecting, in the computing device, the at least one of the plurality of the accounts according to a stored preference.
  - 18. The method of claim 15, wherein the at least one of the plurality of the accounts is with a third-party authentication provider.
  - 19. The method of claim 15, wherein determining, in the computing device, the plurality of the accounts which are accepted by the network site for authentication to the secured resource further comprises identifying, in the computing device, the plurality of the accounts based at least in part on a domain name of the network site.
  - 20. The method of claim 15, wherein the determining, in the computing device, the plurality of the accounts which are accepted by the network site for authentication to the secured resource further comprises obtaining, in the computing device, a listing of a plurality of supported authentication providers from the network site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Hitchcock, Daniel W., Campbell, Brad Lee
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US13/363,675
Publication Number

US 20130198823A1
Time in Patent Office

937 Days
Field of Search

726 1- 21
US Class Current

726/6
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Presenting managed security credentials to network sites

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Presenting managed security credentials to network sites

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links