Trusted third party client authentication
First Claim
1. A computer-implemented method comprising:
- receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, wherein the SAML token is encrypted for the video service provider system and signed by a third party security token service (STS) device, and the third party device is associated with a third party user account and a third party entity;
decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system;
validating the SAML assertion based on a third party public key associated with the third party STS device;
retrieving a third party account user identifier (ID) and a device type from an account link table wherein the account link table includes an authorization identifier, the third party account user ID, the device type, and a link time, wherein the link time identifies a time that the third party user account was linked with a service provider user account associated with the video service provider system;
identifying the link time based on the third party account user identifier;
identifying a password change time (PCT) stamp associated with the service provider user account; and
providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system, validating the SAML assertion based on a third party public key associated with the third party STS, and retrieving a third party account user identifier and a device type. The method also includes identifying a link time based on the third party account user identifier, identifying a password change time (PCT) stamp associated with the service provider user account, and providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, at a video service provider system, a request for an online video session from a third party device with a security markup assertion language (SAML) token as an input, wherein the SAML token is encrypted for the video service provider system and signed by a third party security token service (STS) device, and the third party device is associated with a third party user account and a third party entity; decrypting a SAML assertion in the SAML token with a private key associated with the video service provider system; validating the SAML assertion based on a third party public key associated with the third party STS device; retrieving a third party account user identifier (ID) and a device type from an account link table wherein the account link table includes an authorization identifier, the third party account user ID, the device type, and a link time, wherein the link time identifies a time that the third party user account was linked with a service provider user account associated with the video service provider system; identifying the link time based on the third party account user identifier; identifying a password change time (PCT) stamp associated with the service provider user account; and providing the online video session to the third party device in response to determining that the PCT stamp is not later than the link time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method comprising:
-
sending, from a third party device, a simple object access protocol (SOAP) web services (WS) trust request including service provider login credentials associated with a service provider user account to a partner identity (ID) STS device, wherein the third party device is associated with a third party entity and a third party user account and the partner ID STS device is associated with a partner entity of a service provider entity that manages a video service provider system; receiving a SOAP response including an a security assertion markup language (SAML) assertion signed by the partner ID STS device and encrypted for a partner federated STS (FSTS) device after the partner ID STS device validates the service provider login credentials; sending a request for an online video session to the video service provider system;
wherein the video service provider system is to decrypt and validate the SAML assertion, lookup the third party user account from an account link table, wherein the account link table includes an authorization identifier, a third party account user identifier, a device type, and a link time, wherein the link time identifies a time that the third party user account was linked with a service provider user account associated with the video service provider system, identify the link time based on the third party account user identifier, identify a password change time (PCT) stamp associated with the service provider user account and provide the online video session to the third party device in response to determining that the PCT stamp is not later than the link time; andreceiving a success response and a session cookie. - View Dependent Claims (11, 12, 13)
-
-
14. A video service provider device, comprising:
-
a memory to store a plurality of instructions; and a processor configured to execute instructions in the memory to; receive a request for an online video session from a third party device, with a security assertion markup language (SAML) token as an input, wherein the SAML token is encrypted for the video service provider device and signed by a third party security token service (STS) device, and the third party device is associated with a third party user account and a third party entity; decrypt a SAML assertion in the SAML token with a private key associated with the video service provider device; validate the SAML assertion based on a third party public key associated with the third party STS device; retrieve a third party account user identifier (ID) and a device type from an account link table, wherein the account link table includes an authorization identifier, the third party account user ID, the device type, and a link time, wherein the link time identifies a time that the third party user account was linked with a service provider user account associated with the video service provider device; identify a link time based on the third party account user identifier; identify a password change time (PCT) stamp associated with the service provider user account; and provide the online video session to the third party device in response to determining that the PCT stamp is not later than the link time. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system, comprising:
-
a third party security token service (STS) device that provides security tokens associated with a third party entity; and a video service provider system that provides an online video service and is associated with a service provider entity; and wherein the third party STS device is configured to receive a simple object access protocol (SOAP) web services (WS) trust request for a security markup assertion language (SAML) token with a third party authorization token from a third party device, wherein the third party device is associated with a third party user account and a third party entity; and validate the authorization token and provide a SOAP response including a requested SAML token and SAML assertion signed by the third party STS device and encrypted for the video service provider system; and wherein the video service provider system is configured to receive a request for an online video session from the third party device, decrypt and validate the SAML assertion, lookup the third party user account from an account link table, wherein the account link table includes an authorization identifier, a third party account user identifier, a device type, and link time, wherein the link time identifies a time that the third party user account was linked with a service provider user account associated with the service provider system; identify a link time based on a third party account user identifier, identify a password change time (PCT) stamp associated with the service provider user account, and return a success response and a session cookie to the third party device if the video service provider system determines that the third party user account is associated with a currently linked service provider user account. - View Dependent Claims (20)
-
Specification