Method and apparatus for identity federation gateway

US 9,660,975 B2
Filed: 04/26/2016
Issued: 05/23/2017
Est. Priority Date: 02/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a provisioning request from a device to access a network resource, wherein the provisioning request includes a request to determine whether to use a provider of the network resource or a different party to identify a user of the device;

deciding that the user is to be identified by the different party;

sending an identification message to the device from an identifier (ID) federation gateway with a redirect instruction to the different party;

receiving identification data that indicates an identity of the user to the different party;

receiving user credentials data from an authentication process of the provider,wherein the user credentials data includes an indication that the user is successfully identified by the different party.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified.

15 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a provisioning request from a device to access a network resource, wherein the provisioning request includes a request to determine whether to use a provider of the network resource or a different party to identify a user of the device;
  
  deciding that the user is to be identified by the different party;
  
  sending an identification message to the device from an identifier (ID) federation gateway with a redirect instruction to the different party;
  
  receiving identification data that indicates an identity of the user to the different party;
  
  receiving user credentials data from an authentication process of the provider,wherein the user credentials data includes an indication that the user is successfully identified by the different party.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method of claim 1, further comprising:
    - determining an identifier associated with the device, wherein the identifier indicates that the user is to be identified via the different party;
      
      determining that the device connects to a network with connectivity to the provider of the network resource based on the identifier;
      
      generating provisioning data that indicates the different party; and
      
      transmitting the provisioning data to the device to include in the provisioning request.
  - 3. A method of claim 2, further comprising:
    - causing, at least in part, a diversion of an initial message directed to an authentication process of the provider away from the authentication process; and
      
      causing, at least in part, a parsing of the initial message to determine the identifier associated with the device,wherein the determining that the device connects to the network is based on the parsing.
  - 4. A method of claim 2, wherein the identifier indicates that the user is to be identifier via the different party if the identifier is included in a database associated with the different party.
  - 5. A method of claim 1, wherein the identification user interface message include a user interface, the method further comprising:
    - causing, at least in part, a presentation of the user interface at the device, wherein the user interface includes one or more prompts for the identification data that indicates an identity of the user.
  - 6. A method of claim 1, wherein the different party is a network access provider.
  - 7. A method of claim 1, wherein the user credentials facilitates access to an interface to allow access to network resource.

8. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  receive a provisioning request from a device to access a network resource, wherein the provisioning request includes a request to determine whether to use a provider of the network resource or a different party to identify a user of the device;
  
  decide that the user is to be identified by the different party;
  
  send an identification message to the device from an identifier (ID) federation gateway with a redirect instruction to the different party;
  
  receive identification data that indicates an identity of the user to the different party;
  
  receive user credentials data from an authentication process of the provider,wherein the user credentials data includes an indication that the user is successfully identified by the different party.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. An apparatus of claim 8, wherein the apparatus is further caused to:
    - determine an identifier associated with the device, wherein the identifier indicates that the user is to be identified via the different party;
      
      determine that the device connects to a network with connectivity to the provider of the network resource based on the identifier;
      
      generate provisioning data that indicates the different party; and
      
      transmit the provisioning data to the device to include in the provisioning request.
  - 10. An apparatus of claim 9, wherein the apparatus is further caused to:
    - cause, at least in part, a diversion of an initial message directed to an authentication process of the provider away from the authentication process; and
      
      cause, at least in part, a parsing of the initial message to determine the identifier associated with the device,wherein the determining that the device connects to the network is based on the parsing.
  - 11. An apparatus of claim 9, wherein the identifier indicates that the user is to be identifier via the different party if the identifier is included in a database associated with the different party.
  - 12. An apparatus of claim 8, wherein the identification user interface message include a user interface, and wherein the apparatus is further caused to:
    - cause, at least in part, a presentation of the user interface at the device, wherein the user interface includes one or more prompts for the identification data that indicates an identity of the user.
  - 13. An apparatus of claim 8, wherein the different party is a network access provider.
  - 14. An apparatus of claim 8, wherein the user credentials facilitates access to an interface to allow access to network resource.

15. A user equipment requesting access for a particular network resource, comprising:
- determining to send a request associated with a user for the particular network resource for identification of the user by a provider of a particular service or by a different party;
  
  when deciding that the user is to be identified by the different party, causing receipt of an identification message at the user equipment from an identifier (ID) federation gateway with a redirect instruction to the different party;
  
  causing to send identification data that indicates an identity for the user to the different party; and
  
  causing receipt of user credentials data from an authentication process of the provider for the particular network resource requested by the user,wherein the user credentials data includes an indication that the user is successfully identified by the different party.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A user equipment of claim 15, further comprising:
    - determining an identifier associated with the user equipment, wherein the identifier indicates that the user is to be identified via the different party;
      
      determining that the user equipment connects to a network with connectivity to the provider for the particular network resource based on the identifier;
      
      generating provisioning data that indicates the different party; and
      
      transmitting the provisioning data to the user equipment to include in the provisioning request.
  - 17. A user equipment of claim 16, further comprising:
    - causing, at least in part, a diversion of an initial message directed to an authentication process of the provider away from the authentication process; and
      
      causing, at least in part, a parsing of the initial message to determine the identifier associated with the user equipment,wherein the determining that the user equipment connects to the network is based on the parsing.
  - 18. A user equipment of claim 16, wherein the identifier indicates that the user is to be identifier via the different party if the identifier is included in a database associated with the different party.
  - 19. A user equipment of claim 15, wherein the identification user interface message include a user interface further comprising:
    - causing, at least in part, a presentation of the user interface at the user equipment, wherein the user interface includes one or more prompts for the identification data that indicates an identity of the user.
  - 20. A user equipment of claim 15, wherein the different party is a network access provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Mononen, Jari Anssi Petteri, Pehkonen, Jari Mikael, Lantiainen, Pasi Allan, Otranen, Jari Tapio
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US15/139,070
Publication Number

US 20160294811A1
Time in Patent Office

392 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

Method and apparatus for identity federation gateway

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for identity federation gateway

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links