Customizable sign-on service

US 9,332,001 B2
Filed: 12/09/2013
Issued: 05/03/2016
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having stored contents that cause a computing system of a sign-on service to:

authorize, by the configured computing system, a user based on a match between sign-on information that is received for the user and stored sign-on information in an account of the user with the sign-on service;

determine, by the configured computing system, and for a second service that is a customer of the sign-on service and with which the user is interacting, that the second service is authorized to modify information stored by the sign-on service;

provide, by the configured computing system, a credential to the second service that is generated by the sign-on service to represent the user based at least in part on the authorizing of the user;

after the providing of the credential, receive, by the configured computing system, a request from the second service to modify information for the user that is stored by the sign-on service in the account of the user, wherein the received request includes the credential; and

modify, by the configured computing system and based on the credential included in the received request, the information for the user that is stored by the sign-on service in the account of the user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.

Citations

24 Claims

1. A non-transitory computer-readable medium having stored contents that cause a computing system of a sign-on service to:
- authorize, by the configured computing system, a user based on a match between sign-on information that is received for the user and stored sign-on information in an account of the user with the sign-on service;
  
  determine, by the configured computing system, and for a second service that is a customer of the sign-on service and with which the user is interacting, that the second service is authorized to modify information stored by the sign-on service;
  
  provide, by the configured computing system, a credential to the second service that is generated by the sign-on service to represent the user based at least in part on the authorizing of the user;
  
  after the providing of the credential, receive, by the configured computing system, a request from the second service to modify information for the user that is stored by the sign-on service in the account of the user, wherein the received request includes the credential; and
  
  modify, by the configured computing system and based on the credential included in the received request, the information for the user that is stored by the sign-on service in the account of the user.
- View Dependent Claims (2, 3, 4)
- - 2. The non-transitory computer-readable medium of claim 1 wherein the stored contents include instructions that, when executed, further configure the computing system to:
    - before the authorizing of the user, register the second service with the sign-on service; and
      
      after the registering of the second service, receive, by the configured computing system, a sign-on request for the user to the second service, wherein the received sign-on request includes the sign-on information received for the user, and wherein the authorizing of the user is performed in response to the received sign-on request.
  - 3. The non-transitory computer-readable medium of claim 1 wherein the sign-on service stores information about one or more types of interactions by the user, and wherein the modifying of the information for the user further includes modifying at least some of the stored information about the one or more types of interactions.
  - 4. The non-transitory computer-readable medium of claim 3 wherein the modified at least some stored information about the one or more types of interactions by the user includes information about at least one of purchases made by the user with the second service, products viewed by the user at the second service, or modifications made by the user to information at the second service.

5. A computer-implemented method comprising:
- authorizing, by one or more configured computing systems providing an access manager system, a user based on identifying information received for the user;
  
  determining, by the one or more configured computing systems, that a first service is authorized to participate in modifying information stored by the access manager system;
  
  providing, by the one or more configured computing systems, a credential representing the user for later use on behalf of the user;
  
  after the providing of the credential, receiving, by the one or more configured computing systems, a request for the first service to modify information for the user that is stored by the access manager system, wherein the received request includes the credential; and
  
  modifying, by the one or more configured computing systems and based on the credential included in the received request, the information for the user that is stored by the access manager system.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 6. The computer-implemented method of claim 5 wherein the access manager system provides sign-on services to at least the first service, and wherein the identifying information received for the user is sign-on information stored by the access manager system for the user.
  - 7. The computer-implemented method of claim 5 wherein the providing of the credential includes providing, by the one or more configured computing systems, the credential to the first service to represent the user based at least in part on interactions of the user with the first service.
  - 8. The computer-implemented method of claim 7 further comprising:
    - before the authorizing of the user, registering, by the one or more configured computing systems, the first service as a customer of the access manager system; and
      
      after the registering of the first service, receiving, by the one or more configured computing systems, a sign-on request for the user to the first service, wherein the received sign-on request includes the identifying information received for the user, and wherein the authorizing of the user is based on a match between information stored in an account of the user with the access manager system and the identifying information received for the user that is included in the received sign-on request,and wherein the providing of the credential to the first service is performed based at least in part on the authorizing of the user.
  - 9. The computer-implemented method of claim 7 further comprising, after the providing of the credential to the first service:
    - receiving, by the one or more configured computing systems, a subsequent request from the first service to access information that is stored in an account of the user with the access manager system, the received subsequent request including the credential; and
      
      based on the received subsequent request including the credential, authorizing the subsequent request and sending to the first service at least a portion of the information stored in the account of the user with the access manager system.
  - 10. The computer-implemented method of claim 7 further comprising, after the providing of the credential to the first service:
    - receiving, by the one or more configured computing systems, a subsequent request from the first service to make an indicated payment on behalf of the user using financial information for the user stored by the access manager system, the received subsequent request including the credential; and
      
      based on the received subsequent request including the credential, performing one or more actions to make the indicated payment using the stored financial information.
  - 11. The computer-implemented method of claim 5 wherein the authorizing of the user is further based in part on information stored in an account of the user with the access manager system, and wherein the modifying of the information for the user that is stored by the access manager system includes modifying at least some of the information stored in the account of the user with the access manager system.
  - 12. The computer-implemented method of claim 5 wherein the access manager system stores information about one or more types of interactions by the user, and wherein the modifying of the information for the user that is stored by the access manager system includes modifying at least some of the stored information about the one or more types of interactions.
  - 13. The computer-implemented method of claim 12 wherein the stored information about the one or more types of interactions by the user includes information about purchases made by the user with the first service.
  - 14. The computer-implemented method of claim 12 wherein the stored information about the one or more types of interactions by the user includes information about products viewed by the user at the first service.
  - 15. The computer-implemented method of claim 12 wherein the stored information about the one or more types of interactions by the user includes information about modifications made by the user to information at the first service.
  - 16. The computer-implemented method of claim 12 wherein the stored information about the one or more types of interactions by the user is part of an alternative data pool maintained by the access manager system.
  - 17. The computer-implemented method of claim 5 wherein the first service provides a web site with which the user is interacting, and wherein the first service is operated by a first entity distinct from a second entity that operates the access manager system.

18. A system comprising:
- one or more processors of one or more computing systems; and
  
  a memory including instructions that, upon execution by the one or more processors, cause the system to;
  
  send one or more messages to a sign-on service to determine that a user is authorized in response to one or more first interactions by the user with a service separate from the sign-on service, and to cause the sign-on service to determine that the service is authorized to participate in modifying information stored by the sign-on service;
  
  receive a credential from the sign-on service that represents the user; and
  
  in response to one or more second interactions by the user with the service, send one or more additional messages to the sign-on service to cause a modification of information for the user that is stored by the sign-on service, the sent one or more additional messages including the credential to provide verification of authority to perform the modification on behalf of the user.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18 wherein the instructions further configure the system to:
    - before the sending of the one or more messages, register, by the service, with the sign-on service as a customer of the sign-on service;
      
      and wherein the sent one or more additional messages further include an identifier of the service that is obtained as part of registering with the sign-on service.
  - 20. The system of claim 18 wherein the instructions further configure the system to:
    - send, by the service, one or more further messages to the sign-on service that include a request from the service to access information that is stored in an account of the user with the sign-on service, the sent one or more further messages including the credential; and
      
      receive, from the sign-on service and based on the credential included in the sent one or more further messages, at least a portion of the information stored in the account of the user with the sign-on service.
  - 21. The system of claim 18 wherein the instructions further configure the system to:
    - send, by the service, one or more further messages to the sign-on service that include a request from the service to make an indicated payment on behalf of the user using financial information for the user stored by the sign-on service, the sent one or more further messages including the credential; and
      
      receive, from the sign-on service and based on the credential included in the sent one or more further messages, confirmation from the sign-on service of the indicated payment using the stored financial information.
  - 22. The system of claim 18 wherein the sign-on service stores information about one or more types of interactions by the user, and wherein the modification of the information for the user that is stored by the sign-on service includes modifying at least some of the stored information about the one or more types of interactions.
  - 23. The system of claim 22 wherein the stored information about the one or more types of interactions by the user includes information about purchases made by the user with the service, information about products viewed by the user at the service, or information about modifications made by the user to information at the service.
  - 24. The system of claim 18 wherein the instructions further cause the system to implement the service and to provide a web site of the service with which the user is interacting, and wherein the service is operated by a first entity distinct from a second entity that operates the sign-on service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Sirota, Peter
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/101,161
Publication Number

US 20140101745A1
Time in Patent Office

876 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06Q 10/06315   Needs-based resource requir...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/0201   Market modelling; Market an...

G06Q 30/0203   Market surveys; Market polls

G06Q 30/0621   Item configuration or custo...

H04L 63/06   for supporting key manageme...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Customizable sign-on service

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Customizable sign-on service

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links