Sign-on service and client service information exchange interactions
First Claim
1. A non-transitory computer-readable medium having stored contents that cause a computing system of a sign-on service to:
- authorize, by the computing system, a user based on a match between sign-on information that is received for the user and stored sign-on information in an account of the user with the sign-on service;
determine, by the computing system, and for a second service that is a customer of the sign-on service, that the second service is authorized to receive information for the user;
provide, by the computing system, a credential to the second service that is generated by the sign-on service to represent the user based at least in part on the authorizing of the user, to enable the second service to make subsequent requests to the sign-on service on behalf of the user;
receive, by the computing system and after the providing of the credential, a request from the second service to obtain financial information for the user that is stored by the sign-on service in the account of the user, wherein the received request includes the credential; and
send, by the computing system and based on the credential included in the received request and on the determining that the second service is authorized, the financial information for the user over one or more computer networks to the second service.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium having stored contents that cause a computing system of a sign-on service to:
-
authorize, by the computing system, a user based on a match between sign-on information that is received for the user and stored sign-on information in an account of the user with the sign-on service; determine, by the computing system, and for a second service that is a customer of the sign-on service, that the second service is authorized to receive information for the user; provide, by the computing system, a credential to the second service that is generated by the sign-on service to represent the user based at least in part on the authorizing of the user, to enable the second service to make subsequent requests to the sign-on service on behalf of the user; receive, by the computing system and after the providing of the credential, a request from the second service to obtain financial information for the user that is stored by the sign-on service in the account of the user, wherein the received request includes the credential; and send, by the computing system and based on the credential included in the received request and on the determining that the second service is authorized, the financial information for the user over one or more computer networks to the second service. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
-
authorizing, by one or more computing systems providing an access manager system, a user based on identifying information received for the user; determining, by the one or more computing systems, and for a first service that is a client of the access manager system, that the first service is authorized to receive information for the user; providing, by the one or more computing systems and based at least in part on the authorizing, and to the first service, a credential representing the user from the access manager system to enable the first service to make subsequent requests to the access manager system on behalf of the user; receiving, by the one or more computing systems and after the providing, a request from the first service to obtain information for the user that is stored by the access manager system, wherein the received request includes the credential representing the user; retrieving, by the one or more computing systems, the information for the user that is stored by the access manager system; and sending, by the one or more computing systems and based on the credential included in the received request and on the determining that the first service is authorized, the retrieved information for the user over one or more computer networks to the first service. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
one or more hardware processors of one or more computing systems; and a memory including instructions that, upon execution by the one or more hardware processors, cause the system to implement an access manager system and to; authorize a user based on sign-on information that is received for the user; determine that a first service is authorized to use information for the user; provide, based at least in part on the authorizing of the user, a credential from the access manager system to the first service that represents the user as being authorized and enables the first service to make subsequent requests to the access manager system on behalf of the user; receive, after the providing of the credential, a request from the first service to use stored financial information for the user to cause a payment from the user to the first service, wherein the received request includes the credential; initiate, based on the credential included in the received request and on the determining that the first service is authorized, the payment from the user to the first service; and send information regarding the payment over one or more computer networks to the first service. - View Dependent Claims (20)
-
Specification