Unified user login

US 9,203,829 B1
Filed: 07/18/2013
Issued: 12/01/2015
Est. Priority Date: 07/18/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a login request from a user to access an account, wherein the login request is associated with a user identifier;

parsing the user identifier to determine a domain;

determining automatically whether the login request is associated with a known identity provider based at least in part on the determined domain;

directing the user to the known identity provider for authentication responsive to determining, based at least in part on the determined domain, that the login request is associated with the known identity provider;

receiving assertion data and information responsive to the known identity provider authenticating the user;

verifying assertion data using an online verification service;

determining whether the user is associated with an existing account after verifying the assertion data;

responsive to the verification of the assertion data and the determination that the user is not associated with the existing account, creating a new account for the user and logging the user into the new account; and

responsive to the verification of the assertion data and the determination that the user is associated with the existing account, logging the user into the account.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enabling, on any website, a unified user login that supports login through multiple known identity providers and, if necessary, the website'"'"'s legacy login are disclosed. In one example, the system comprises a login receiver module, an identity provider determination module, a legacy account module, a federated account module and a login module. The login receiver module receives a login request associated with a user identifier. The identity provider determination module determines whether the login request is associated with a known identity provider. The legacy account module performs legacy account creation and/or legacy login verification when the address is not associated with any known identity provider. Otherwise, the federated account module performs federated account creation and/or federated login verification. The login module logs the user into the account responsive to one or more of verification and account creation.

29 Citations

View as Search Results

15 Claims

1. A computer-implemented method comprising:
- receiving a login request from a user to access an account, wherein the login request is associated with a user identifier;
  
  parsing the user identifier to determine a domain;
  
  determining automatically whether the login request is associated with a known identity provider based at least in part on the determined domain;
  
  directing the user to the known identity provider for authentication responsive to determining, based at least in part on the determined domain, that the login request is associated with the known identity provider;
  
  receiving assertion data and information responsive to the known identity provider authenticating the user;
  
  verifying assertion data using an online verification service;
  
  determining whether the user is associated with an existing account after verifying the assertion data;
  
  responsive to the verification of the assertion data and the determination that the user is not associated with the existing account, creating a new account for the user and logging the user into the new account; and
  
  responsive to the verification of the assertion data and the determination that the user is associated with the existing account, logging the user into the account.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising:
    - sending an error message responsive to unsuccessful verification of the assertion data; and
      
      prompting the user to create another login request.
  - 3. The method of claim 1 further comprising:
    - directing the user to the account'"'"'s legacy login page responsive to determining that the determined domain is not associated with any known identity provider and determining the user is associated with an existing account;
      
      receiving a legacy password of the user, wherein the legacy password is a password for the account of the user;
      
      verifying the user based at least in part on the legacy password; and
      
      logging the user into the account responsive to verifying the user based at least in part on the legacy password.
  - 4. The method of claim 1 further comprising:
    - directing the user to the account'"'"'s legacy account creation page responsive to determining that the determined domain is not associated with any known identity provider and determining that the user is not associated with an existing account;
      
      creating a new account including a legacy password; and
      
      logging the user into the new account responsive to the creation of the new account.
  - 5. The method of claim 1 wherein logging the user into the account further comprises:
    - creating a user session;
      
      directing the user to the account'"'"'s home page; and
      
      updating an account chooser.

6. A computer program product comprising a non-transitory computer readable medium encoding instructions that, in response to execution by a computing device, cause the computing device to perform operations comprising:
- receiving a login request from a user to access an account, wherein the login request is associated with a user identifier;
  
  parsing the user identifier to determine a domain;
  
  determining automatically whether the login request is associated with a known identity provider based at least in part on the determined domain, wherein the determined domain is associated with one known identity provider at most;
  
  directing the user to the known identity provider for authentication responsive to determining, based at least in part on the determined domain, that the login request is associated with the known identity provider;
  
  receiving assertion data and information responsive to the known identity provider authenticating the user;
  
  verifying assertion data using an online verification service;
  
  determining whether the user is associated with an existing account after verifying the assertion data;
  
  responsive to the verification of the assertion data and the determination that the user is not associated with the existing account, creating a new account for the user and logging the user into the new account; and
  
  responsive to the verification of the assertion data and the determination that the user is associated with the existing account, logging the user into the account.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product of claim 6, the operations further comprising:
    - sending an error message responsive to unsuccessful verification of the assertion data; and
      
      prompting the user to create another login request.
  - 8. The computer program product of claim 6, the operations further comprising:
    - directing the user to a legacy login page of the user responsive to determining that the determined domain is not associated with any known identity provider and determining the user is associated with an existing account;
      
      receiving a legacy password, wherein the legacy password is the user'"'"'s password for the account;
      
      verifying the user based at least in part on the legacy password; and
      
      logging the user into the account responsive to verifying the user based at least in part on the legacy password.
  - 9. The computer program product of claim 6, the operations further comprising:
    - directing the user to the account'"'"'s legacy account creation page responsive to determining that the determined domain is not associated with any known identity provider and determining that the user is not associated with an existing account;
      
      creating a new account including a legacy password; and
      
      logging the user into the new account responsive to the creation of the new account.
  - 10. The computer program product of claim 6, wherein logging the user into the account further comprises the operations:
    - creating a user session;
      
      directing the user to the account'"'"'s home page; and
      
      updating an account chooser.

11. A system for user login, the system comprising:
- a login receiver module operable to receive a login request from a user to access an account, wherein the login request is associated with a user identifier;
  
  an identity provider determination module operable to parse the user identifier to determine a domain, and determine whether the login request is associated with a known identity provider based at least in part on the determined domain, wherein the determined domain is associated with one known identity provider at most;
  
  a legacy account module operable to perform one or more of legacy account creation and legacy login verification responsive to a determination that the determined domain is not associated with any known identity provider;
  
  a federated account module operable to perform one or more of federated account creation and federated login verification responsive to a determination, based at least in part on the determined domain, that the determined domain is associated with the known identity provider, the federated account module including an account upgrader module operable to determine whether the existing account is associated with a legacy password and, responsive to determining that the existing account is associated with the legacy password, deleting the legacy password; and
  
  a login module operable to log the user into the account responsive to one or more of verification by the legacy account module or the federated account module and account creation by the legacy account module or the federated account module, the login module communicatively coupled to receive one or more of verification and account creation from one or more of the legacy account module and the federated account module.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11 wherein the legacy account module further comprises:
    - a user status identifier module operable to identify whether the user is associated with an existing account;
      
      a legacy account creator module operable to create a new legacy account including a legacy password responsive to identifying that the user is not associated with any existing account; and
      
      a legacy account password module operable to verify the user based at least in part on a legacy password responsive to identifying that the user is associated with the existing account.
  - 13. The system of claim 11 wherein the federated account module further comprises:
    - an identity provider routing module operable to direct the user to the known identity provider associated with the login request;
      
      an assertion verification module operable to receive assertion data responsive to successful authentication of the user by the known identity provider and operable to verify assertion data using an online verification service;
      
      a user status identifier module operable to identify whether the user is associated with an existing account; and
      
      an account creator module operable to create a new account responsive to identifying that the user is not associated with any existing account.
  - 14. The system of claim 13, wherein the assertion verification module is operable to perform one or more of sending an error message and prompting the user to create another login request responsive to unsuccessful verification of the assertion data.
  - 15. The system of claim 11, wherein the login request receiver module receives a login request that is one or more of the user entering the user identifier, the user selecting an account from an account chooser, and the user selecting an identity provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Sachs, Eric, Kong, Guibin, Agarwal, Naveen, Levine, Jonathan Philip
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US13/945,743
Time in Patent Office

866 Days
Field of Search

726/8, 726/4, 726/5, 726/10, 713/155, 713/156, 709/224, 709/227
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/41   where a single sign-on prov...

G06F 2221/2117   User registration

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 9/32   including means for verifyi...

Unified user login

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Unified user login

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links