Credential linking across multiple services

US 9,231,940 B2
Filed: 12/16/2013
Issued: 01/05/2016
Est. Priority Date: 12/16/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a first server device and from a user device, a request to authenticate the user device for a first service using first authentication credentials for a second service that is different than the first service;

providing, by the first server device, the first authentication credentials to a second server device that provides the second service;

receiving, by the first server device, from the second server device, and when the first authentication credentials are valid for the second service, user information relating to a user of the user device;

generating, by the first server device and in response to receiving the user information, a token that logically associates the user of the user device, the first authentication credentials for the second service, and the user information;

providing, by the first server device and to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service;

providing the token as part of the authentication response;

receiving the token from a third server device that provides the first service;

providing the user information to the third server device to cause the third server device to provide the user device with access to the first service;

receiving, from the third server device, second authentication credentials, associated with the second service, based on providing the user information to the third server device;

associating the second authentication credentials with the token;

receiving the second authentication credentials from the user device;

identifying the token based on receiving the second authentication credentials from the user device;

providing the token to the user device based on identifying the token;

receiving the token from the second server device based on providing the token; and

providing the user information to the second server device to cause the second server device to provide the user device with access to the first service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first server device may receive, from a user device, a request to authenticate the user device for a first service using authentication credentials for a second service that is different than the first service; provide the authentication credentials to a second server device that provides the second service; receive from the second server device, and when the authentication credentials are valid for the second service, user information relating to a user of the user device; and provide, to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service.

Citations

15 Claims

1. A method comprising:
- receiving, by a first server device and from a user device, a request to authenticate the user device for a first service using first authentication credentials for a second service that is different than the first service;
  
  providing, by the first server device, the first authentication credentials to a second server device that provides the second service;
  
  receiving, by the first server device, from the second server device, and when the first authentication credentials are valid for the second service, user information relating to a user of the user device;
  
  generating, by the first server device and in response to receiving the user information, a token that logically associates the user of the user device, the first authentication credentials for the second service, and the user information;
  
  providing, by the first server device and to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service;
  
  providing the token as part of the authentication response;
  
  receiving the token from a third server device that provides the first service;
  
  providing the user information to the third server device to cause the third server device to provide the user device with access to the first service;
  
  receiving, from the third server device, second authentication credentials, associated with the second service, based on providing the user information to the third server device;
  
  associating the second authentication credentials with the token;
  
  receiving the second authentication credentials from the user device;
  
  identifying the token based on receiving the second authentication credentials from the user device;
  
  providing the token to the user device based on identifying the token;
  
  receiving the token from the second server device based on providing the token; and
  
  providing the user information to the second server device to cause the second server device to provide the user device with access to the first service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - validating the token based on receiving the token from the third server device,wherein validating the token includes;
      
      determining that the token is unexpired, ordetermining that a signature, included in the token, matches a signature inserted in the token by the first server device.
  - 3. The method of claim 1, further comprising:
    - generating an association between the authentication credentials and the token after generating the token; and
      
      identifying the token based on receiving the authentication credentials;
      
      wherein providing the token is based on identifying the token.
  - 4. The method of claim 1, further comprising:
    - identifying the second server device based on a format of the authentication credentials,wherein providing the authentication credentials to the second server device is based on identifying the second server device.
  - 5. The method of claim 1, wherein the second server device is one of a plurality of second server devices,wherein providing the authentication credentials includes providing the authentication credentials to the plurality of second server devices,wherein receiving the user information includes receiving the user information from the one of the plurality of second server devices when the authentication credentials are stored by the one of the plurality of second server devices.
  - 6. The method of claim 1, wherein the first service or the second service includes an account management service or a content delivery service.

7. A system comprising:
- a first server device to;
  
  receive, from a user device, a request to authenticate the user device for a first service using first authentication credentials for a second service that is different than the first service;
  
  provide the first authentication credentials to a second server device that provides the second service;
  
  receive from the second server device, and when the first authentication credentials are valid for the second service, user information relating to a user of the user device;
  
  generate, in response to receiving the user information, a token that logically associates the user of the user device, the first authentication credentials for the second service, and the user information;
  
  provide, to the user device, an authentication response, associated with the user information, that provides authentication of the user device for the first service;
  
  provide the token as part of the authentication response;
  
  receive the token from a third server device that provides the first service;
  
  provide the user information to the third server device to cause the third server device to provide the user device with access to the first service;
  
  receive, from the third server device, second authentication credentials, associated with the second service, based on providing the user information to the third server device;
  
  associate the second authentication credentials with the token;
  
  receive the second authentication credentials from the user device;
  
  identify the token based on receiving the second authentication credentials from the user device;
  
  provide the token to the user device based on identifying the token;
  
  receive the token from the second server device based on providing the token; and
  
  provide the user information to the second server device to cause the second server device to provide the user device with access to the first service.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein the first server device is further to:
    - validate the token based on receiving the token from the third server device,wherein when validating the token, the first server device is to;
      
      determine that the token is unexpired, ordetermine that a signature, included in the token, matches a signature inserted in the token by the first server device.
  - 9. The system of claim 7, wherein the first server device is further to:
    - generate an association between the authentication credentials and the token after generating the token; and
      
      identify the token based on receiving the authentication credentials;
      
      wherein when providing the token, the first server device is to provide the token based on identifying the token.
  - 10. The system of claim 7, wherein the first server device is further to:
    - identify the second server device based on a format of the authentication credentials,wherein when providing the authentication credentials to the second server device, the first server device is to provide the authentication credentials based on identifying the second server device.
  - 11. The system of claim 7, wherein the second server device is one of a plurality of second server devices,wherein when providing the authentication credentials, the first server device is to provide the authentication credentials to the plurality of second server devices,wherein when receiving the user information the first server device is to receive the user information from the one of the plurality of second server devices when the authentication credentials are stored by the one of the plurality of second server devices.

12. A system comprising:
- a first server device to;
  
  receive, from a user device, an enrollment request including user information regarding a user;
  
  authenticate an identity of the user associated with the enrollment request;
  
  generate universal credentials, for the user, based on authenticating the identity, the universal credentials including a logical association between credentials for a first service provided by a second server, credentials for a second service provided by a third server, and the identity of the user;
  
  provide, to the user device and in response to the enrollment request, an authentication response, based on the generated universal credentials, that provides authentication of the user device for the first service provided by the second server device and for the second service that is different from the first service and that is provided by third server device;
  
  generate a token based on generating the universal credentials;
  
  generate an association between the universal credentials and the token;
  
  receive the universal credentials from the user device after generating the association between the universal credentials and the token;
  
  identify the token associated with the universal credentials;
  
  provide, based on identifying the token, the token to the user device as part of the authentication response;
  
  receive the token from the second server device or the third server device;
  
  identify the user information associated with the token;
  
  provide the user information to the second server device or the third server device to cause the second server device to provide the user device with access to the first service or the third server device to provide the user device with access to the second service;
  
  receive updated user information, from the second server device or the third server device, for accessing the first service or the second service; and
  
  update the user information associated with the universal credentials for the user.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the first server device is further to:
    - receive the universal credentials after generating the universal credentials;
      
      identify the user information associated with the universal credentials,wherein when providing the authentication response, the first server device is to provide the authentication response based on identifying the user information.
  - 14. The system of claim 12, wherein the first server device is further to:
    - validate the token based on receiving the token from the second server or the third server,wherein when validating the token, the first server device is further to;
      
      determine that the token is unexpired, ordetermine that a signature, included in the token, matches a signature inserted in the token by the first server device.
  - 15. The system of claim 12, wherein when authenticating the identity of the user, the first server device is further to authenticate the identity based on responses to one or more challenge questions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Counterman, Raymond C
Primary Examiner(s)
Vaughan, Michael R

Application Number

US14/106,913
Publication Number

US 20150172261A1
Time in Patent Office

750 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Credential linking across multiple services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Credential linking across multiple services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links