Authenticating linked accounts
First Claim
Patent Images
1. A method comprising:
- under a control of one or more processors,receiving one or more inputs from a client that define a link between a plurality of user accounts at one or more service providers;
forming an authentication token for communication to the client which includes a link identifier to reference a set of linked accounts, the authentication token including a time stamp that indicates when a linked account relationship is changed; and
providing access to at least a second user account of the plurality of user accounts after receiving a correct credential corresponding to a first user account of the plurality of user accounts.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.
49 Citations
20 Claims
-
1. A method comprising:
-
under a control of one or more processors, receiving one or more inputs from a client that define a link between a plurality of user accounts at one or more service providers; forming an authentication token for communication to the client which includes a link identifier to reference a set of linked accounts, the authentication token including a time stamp that indicates when a linked account relationship is changed; and providing access to at least a second user account of the plurality of user accounts after receiving a correct credential corresponding to a first user account of the plurality of user accounts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 20)
-
-
14. One or more computer readable memory devices comprising computer executable instructions which, when executed, direct an authentication server to:
-
expose an interface accessible by a client over a network; receive an input from the client via the interface that defines a link between a plurality of user accounts at one or more service providers, each of the plurality of user accounts requiring a separate sign-in; form a link identifier that identifies the plurality of user accounts as a set of linked accounts; store the link identifier; receive a single sign-in of the client to a first user account in the set of linked accounts; issue an authentication token for the first user account, the authentication token including account data of the first user account; receive an indication of a switch from the first user account in the set of linked accounts to a second user account in the set of linked account; overwrite account data of the first user account with account data of the second user account in the authentication token in responsive to the indication; update cached data maintained at a service provider corresponding to the second user account in responsive to the indication; and switch an access from the first user account to the second user account, the first user account being distinct from the second user account. - View Dependent Claims (15, 16)
-
-
17. A method comprising:
-
receiving, via a network from a client, an authentication token issued by an authentication service to the client, the authentication token including a link identifier that identifies a plurality of user accounts at one or more service providers as a set of linked accounts linked via the authentication service, the authentication token further corresponding to a first user account in the set of linked accounts, each of the plurality of user accounts corresponding to a service with which the client is permitted to interact, each of the plurality of user accounts including a user profile, the link identifier permitting the one or more service providers presented with the authentication token to use the authentication token as a proof of an identity of the client to identify the set of linked accounts, the authentication token including a time stamp that indicates when a linked account relationship is changed; outputting an indication of a service corresponding to the first user account; providing a selectable portion in a user interface permitting selection of a second user account in the set of linked accounts identifiable via the link identifier; receiving a selection of the second user account via the selectable portion; communicating the selection of the second user account to the authentication service; receiving an indication that the authentication token has a change to correspond to the second user account, the change including account data of the first user account in the authentication token overwritten with account data of the second user account, the first user account being distinct from the second user account; and outputting an indication of a service corresponding to the second user account. - View Dependent Claims (18, 19)
-
Specification