Sign-on service and client service information exchange interactions

US 9,537,853 B2
Filed: 04/19/2016
Issued: 01/03/2017
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having stored contents that cause a computing system of a sign-on service to:

authorize, by the computing system, a user based on a match between sign-on information that is received for the user and stored sign-on information in an account of the user with the sign-on service;

determine, by the computing system, and for a second service that is a customer of the sign-on service, that the second service is authorized to receive information for the user;

provide, by the computing system, a credential to the second service that is generated by the sign-on service to represent the user based at least in part on the authorizing of the user, to enable the second service to make subsequent requests to the sign-on service on behalf of the user;

receive, by the computing system and after the providing of the credential, a request from the second service to obtain financial information for the user that is stored by the sign-on service in the account of the user, wherein the received request includes the credential; and

send, by the computing system and based on the credential included in the received request and on the determining that the second service is authorized, the financial information for the user over one or more computer networks to the second service.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.

Citations

20 Claims

1. A non-transitory computer-readable medium having stored contents that cause a computing system of a sign-on service to:
- authorize, by the computing system, a user based on a match between sign-on information that is received for the user and stored sign-on information in an account of the user with the sign-on service;
  
  determine, by the computing system, and for a second service that is a customer of the sign-on service, that the second service is authorized to receive information for the user;
  
  provide, by the computing system, a credential to the second service that is generated by the sign-on service to represent the user based at least in part on the authorizing of the user, to enable the second service to make subsequent requests to the sign-on service on behalf of the user;
  
  receive, by the computing system and after the providing of the credential, a request from the second service to obtain financial information for the user that is stored by the sign-on service in the account of the user, wherein the received request includes the credential; and
  
  send, by the computing system and based on the credential included in the received request and on the determining that the second service is authorized, the financial information for the user over one or more computer networks to the second service.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The non-transitory computer-readable medium of claim 1 wherein the stored contents include instructions that, when executed, further cause the computing system to:
    - before the authorizing of the user, register the second service with the sign-on service; and
      
      after the registering of the second service, receive, by the computing system, a sign-on request for the user to the second service, wherein the received sign-on request includes the sign-on information received for the user, and wherein the authorizing of the user is performed in response to the received sign-on request.
  - 3. The non-transitory computer-readable medium of claim 1 wherein the stored contents further cause the computing system to determine that the second service is authorized to access the financial information for the user, and wherein at least one of the providing of the credential or the sending of the financial information is performed based at least in part on the determining that the second service is authorized.
  - 4. The non-transitory computer-readable medium of claim 1 wherein the stored contents further cause a second computing system of the second service to receive the sent financial information for the user and to use the financial information to initiate a payment from the user to the second service.
  - 5. The non-transitory computer-readable medium of claim 1 wherein the received request is further for the sign-on service to make a payment from the user to the second service, and wherein the stored contents further cause the computing system to use, based at least in part on the credential being included in the received request, the financial information to initiate the payment from the user to the second service.

6. A computer-implemented method comprising:
- authorizing, by one or more computing systems providing an access manager system, a user based on identifying information received for the user;
  
  determining, by the one or more computing systems, and for a first service that is a client of the access manager system, that the first service is authorized to receive information for the user;
  
  providing, by the one or more computing systems and based at least in part on the authorizing, and to the first service, a credential representing the user from the access manager system to enable the first service to make subsequent requests to the access manager system on behalf of the user;
  
  receiving, by the one or more computing systems and after the providing, a request from the first service to obtain information for the user that is stored by the access manager system, wherein the received request includes the credential representing the user;
  
  retrieving, by the one or more computing systems, the information for the user that is stored by the access manager system; and
  
  sending, by the one or more computing systems and based on the credential included in the received request and on the determining that the first service is authorized, the retrieved information for the user over one or more computer networks to the first service.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 7. The computer-implemented method of claim 6 wherein the access manager system provides sign-on services to at least the first service, and wherein the identifying information received for the user is sign-on information stored by the access manager system for the user.
  - 8. The computer-implemented method of claim 6 wherein the user has an account accessible to the access manager system that includes financial information for the user, and wherein the information for the user that is retrieved and sent to the first service includes the financial information for the user.
  - 9. The computer-implemented method of claim 8 further comprising, by a second computing system of the first service, receiving the sent financial information for the user, and using the financial information to initiate a payment from the user.
  - 10. The computer-implemented method of claim 6 wherein the received request is further for the access manager system to cause a payment to be made from the user to the first service, and wherein the method further comprises using, by the one or more computing systems, stored financial information for the user to initiate the payment from the user to the first service.
  - 11. The computer-implemented method of claim 6 wherein the information for the user that is retrieved and sent to the first service includes at least one of contact information for the user or information about an identity of the user, to enable the first service to further interact with the user based on the at least one of the contact information or the information about the identity.
  - 12. The computer-implemented method of claim 6 further comprising, by the one or more computing systems:
    - receiving, before the receiving of the request, instructions from the first service to gather one or more specified types of information from users who use the access manager system to obtain access to the first service; and
      
      gathering, based at least in part on the instructions from the first service, information from the user for the one or more specified types of information,and wherein the information for the user that is retrieved and sent to the first service includes the gathered information from the user, to enable the first service to perform further interactions based on the one or more specified types of information.
  - 13. The computer-implemented method of claim 6 wherein the authorizing of the user is further based in part on information stored in an account of the user with the access manager system, and wherein the retrieving of the information for the user that is stored by the access manager system includes retrieving at least some of the information stored in the account of the user with the access manager system.
  - 14. The computer-implemented method of claim 6 wherein the access manager system stores information about one or more types of interactions by the user with at least one of the first service or the access manager system, and wherein the retrieving of the information for the user that is stored by the access manager system includes retrieving at least some of the stored information about the one or more types of interactions.
  - 15. The computer-implemented method of claim 14 wherein the stored information about the one or more types of interactions by the user includes information about at least one of purchases made by the user with the first service or about products viewed by the user at the first service, and wherein the method further comprises performing, by the first service, further interactions with the user based at least in part on the retrieved at least some stored information.
  - 16. The computer-implemented method of claim 14 wherein the stored information about the one or more types of interactions by the user includes information about modifications made by the user to information at the first service.
  - 17. The computer-implemented method of claim 14 wherein the stored information about the one or more types of interactions by the user is part of an alternative data pool maintained by the access manager system for the first service.
  - 18. The computer-implemented method of claim 6 further comprising obtaining, by the one or more computing systems, acceptance by the user of one or more specified terms for interacting with the first service, and wherein the information for the user that is retrieved and sent to the first service includes information about the acceptance by the user of the one or more specified terms, to enable the first service to further interact with the user based on the acceptance by the user of the one or more specified terms.

19. A system comprising:
- one or more hardware processors of one or more computing systems; and
  
  a memory including instructions that, upon execution by the one or more hardware processors, cause the system to implement an access manager system and to;
  
  authorize a user based on sign-on information that is received for the user;
  
  determine that a first service is authorized to use information for the user;
  
  provide, based at least in part on the authorizing of the user, a credential from the access manager system to the first service that represents the user as being authorized and enables the first service to make subsequent requests to the access manager system on behalf of the user;
  
  receive, after the providing of the credential, a request from the first service to use stored financial information for the user to cause a payment from the user to the first service, wherein the received request includes the credential;
  
  initiate, based on the credential included in the received request and on the determining that the first service is authorized, the payment from the user to the first service; and
  
  send information regarding the payment over one or more computer networks to the first service.
- View Dependent Claims (20)
- - 20. The system of claim 19 wherein the first service is a customer of the access manager system, and wherein the sending of the information to the first service includes sending the financial information for the user from the access manager system to the first service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Sirota, Peter
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US15/133,136
Publication Number

US 20160234201A1
Time in Patent Office

259 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06Q 10/06315   Needs-based resource requir...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/0201   Market modelling; Market an...

G06Q 30/0203   Market surveys; Market polls

G06Q 30/0621   Item configuration or custo...

H04L 63/06   for supporting key manageme...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Sign-on service and client service information exchange interactions

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Sign-on service and client service information exchange interactions

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links