Zero sign-on authentication

US 8,955,078 B2
Filed: 06/30/2011
Issued: 02/10/2015
Est. Priority Date: 06/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating zero sign-on access to media services comprising:

providing a trust credential through a first access point to a client application operating on a user device, the trust credential specifying media service permissions for the user device, the first access point being trusted;

allowing the user device zero sign-on access to media services through a second access point in accordance with the trust credential specified media service permissions;

wherein if the second access point is untrusted;

i. permitting access through the second access point to a first tier of the media services if the trust credential is unexpired when provided through the second access point; and

ii. permitting access through the second access point to a second tier of the media services if the trust credential is expired when provided through the second access point;

wherein if the second access point is trusted;

i. permitting access through the second access point to a third tier of the media services if the trust credential is unexpired when provided through the second access point; and

wherein the third tier includes more of the media services than the first tier and the first tier includes more of the media services than the second tier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device.

Citations

20 Claims

1. A method of facilitating zero sign-on access to media services comprising:
- providing a trust credential through a first access point to a client application operating on a user device, the trust credential specifying media service permissions for the user device, the first access point being trusted;
  
  allowing the user device zero sign-on access to media services through a second access point in accordance with the trust credential specified media service permissions;
  
  wherein if the second access point is untrusted;
  
  i. permitting access through the second access point to a first tier of the media services if the trust credential is unexpired when provided through the second access point; and
  
  ii. permitting access through the second access point to a second tier of the media services if the trust credential is expired when provided through the second access point;
  
  wherein if the second access point is trusted;
  
  i. permitting access through the second access point to a third tier of the media services if the trust credential is unexpired when provided through the second access point; and
  
  wherein the third tier includes more of the media services than the first tier and the first tier includes more of the media services than the second tier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising relating the media service permissions to a subscriber associated with the access point.
  - 3. The method of claim 2 further comprising the media service permissions of the subscriber associated with the access point being different than a subscriber associated with the user device.
  - 4. The method of claim 1 further comprising relating the media service permissions to a subscriber associated with the user device.
  - 5. The method of claim 1 further comprising configuring the trust credential as a cookie to be stored in a computer-readable medium of the user device, including providing the cookie through the trusted first access point to the client application without requiring username-password verification and prior to the client application attempting to perform zero sign-on access to media services through the untrusted second access point.
  - 6. The method of claim 1 further comprising configuring the trust credential as a certificate to be stored in a computer-readable medium of the user device, including providing the certificate through the trusted first access point to the client application following username-password verification and prior to the client application attempting to perform zero sign-on access to media services through the untrusted second access point.
  - 7. The method of claim 1 further comprising providing the trust credential to the user device through the first access prior to allowing the user device access through the second access point to media services specified for the trust credential such that the trust credential is provided to the user device as part of a provisioning stage occurring through the first access point and prior to an authentication stage where the user device attempts zero sign-on access through the second access point to the media services specified for the trust credential.
  - 8. The method of claim 1 further comprising:
    - a first television program being streamed over the Internet to a third access point after the trust credential is provided to the user device through the first access point;
      
      determining the third access point to be one of trusted and untrusted; and
      
      allowing the user device zero sign-on access to the first television program through the third access point in response to the user device communicating a first request therethrough, including;
      
      i. allowing zero sign-on access to the first television program without requiring the user device to provide the trust credential through the third access point if the third access point is determined to be trusted; and
      
      ii. allowing zero sign-on access to the first television program when the user device provides the trust credential through the third access point if the third access point is determined to be untrusted.
  - 9. The method of claim 8 further comprising:
    - a second television program being streamed over the Internet to a fourth access point after the trust credential is provided to the user device through the first access point;
      
      determining the fourth access point to be one of trusted and untrusted; and
      
      allowing the user device access to the second television program through the fourth access point in response to the user device communicating a second request therethrough, including;
      
      i. allowing zero sign-on access to the second television program if the fourth access point is determined to be trusted or if the fourth access point is determined to be untrusted and the user device provides the trust credential therethrough; and
      
      ii. allowing sign-on access when the fourth access point is determined to be untrusted and the trust credential is expired when provided from the user device through the fourth access point if a user of the user device inputs a sufficient username and password combination proximate in time to the request for the second television program being communicated through the fourth access point.
  - 10. The method of claim 8 further comprising determining whether the third access point is trusted and untrusted depending on whether an Internet Protocol (IP) address specified in the first request as being assigned to the user device is within a trusted domain of a service provider streaming the first television program.

11. A method of facilitating zero sign-on access to media services comprising:
- providing a trust credential through a first access point to a client application operating on a user device, the trust credential specifying media service permissions for the user device and being unexpired when provided through the first access point to the client;
  
  subsequently to the client being provided the trust credential through the first access point, receiving a request from the client to access media services through a second access point, the request including the trust credential provided through the first access point;
  
  allowing the user device zero sign-on access to media services through the second access point, including;
  
  i. permitting access through the second access point to a first tier of the media service permissions if the second access point is trusted and the trust credential previously provided through the first access point to the user device is expired when transmitted with the request through the second access point;
  
  ii. permitting access through the second access point to a second tier of the media service permissions if the second access point is untrusted and the trust credential previously provided through the first access point to the user device is expired when transmitted with the request through the second access point;
  
  iii. permitting access through the second access point to a third tier of the media service permissions if the second access point is trusted and the trust credential previously provided through the first access point to the user device is unexpired when transmitted with the request through the second access point; and
  
  wherein the first tier includes more of the media service permission than the second tier and the third tier includes more of the media service permissions than the first tier.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11 further comprising the first and third tiers of media service permissions corresponding with subscriber specific services and the second tier of media service permissions corresponding with non-subscriber specific services.
  - 13. The method of claim 11 further comprising:
    - determining the first access point to be trusted in the event a first IP address of the user device provided through the first access point is within a trusted domain of IP addresses; and
      
      determining the second access point to be untrusted in the event a second IP address of the user device provided through the second access point is within an untrusted domain of IP addresses.

14. A method of facilitating zero sign-on access to media services comprising:
- determining whether an access point through which a user device desires to access the media services is one of trusted and untrusted;
  
  in the event the access point is trusted, allowing zero sign-on access to a first tier of the media services without verifying whether a trust credential stored on the user device is one of expired and unexpired; and
  
  in the event the access point is untrusted, determining whether the trust credential stored on the user device is one of expired and unexpired;
  
  i. in the event the trust credential is unexpired, allowing zero sign-on access to a second tier of the media services, the second tier at least including the first tier of the media services; and
  
  ii. in the event the trust credential is expired, allowing zero sign-on-on access to a third tier of the media services and requiring sign-on access to the first tier of the media services, the third tier including less than each of the first and second tiers of the media services.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 further comprising limiting the zero sign-on access to media permissions specified in the trust credential, the zero sign-on access being the same regardless of whether the access point is trusted or untrusted.
  - 16. The method of claim 15 further comprising relating the media permissions to a subscriber associated with the access point or a subscriber associated with the user device.
  - 17. The method of claim 14 further comprising:
    - determining the access point to be trusted in the event an IP address of the user device provided through the access point is within a trusted domain of IP addresses; and
      
      determining the access point to be untrusted in the event the IP address of the user device provided through the access point is within an untrusted domain of IP addresses.

18. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable to facilitate media services, the plurality of non-transitory instructions being sufficient for:
- determining whether an access point through which a user device desires to access the media services is one of trusted and untrusted;
  
  in the event the access point is trusted, allowing zero sign-on access to a first tier of the media services without verifying whether a trust credential stored on the user device is one of expired and unexpired; and
  
  in the event the access point is untrusted, determining whether the trust credential stored on the user device is one of expired and unexpired;
  
  i. in the event the trust credential is unexpired, allowing zero sign-on access to a second tier of the media services, the second tier at least including the first tier of the media services; and
  
  ii. in the event the trust credential is expired, allowing zero sign-on-on access to a third tier of the media services and requiring sign-on access to the first tier of the media services, the third tier including less than each of the first and second tiers of the media services.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18 wherein the plurality of non-transitory instructions are sufficient for limiting the zero sign-on access to media permissions specified in the trust credential, the zero sign-on access being the same regardless of whether the access point is trusted or untrusted.
  - 20. The non-transitory computer-readable medium of claim 18 wherein the plurality of non-transitory instructions are sufficient for:
    - determining the access point to be trusted in the event an IP address of the user device provided through the access point is within a trusted domain of IP addresses; and
      
      determining the access point to be untrusted in the event the IP address of the user device provided through the access point is within an untrusted domain of IP addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart A., Durbha, Seetharama R.
Primary Examiner(s)
Vaughan, Michael R
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US13/173,630
Publication Number

US 20130007868A1
Time in Patent Office

1,321 Days
Field of Search

380/200, 726/8, 726/12, 726/27, 725/118
US Class Current

726/8
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 9/3263   involving certificates, e.g...

Zero sign-on authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Zero sign-on authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links