Authenticating linked accounts

US 9,692,747 B2
Filed: 05/14/2015
Issued: 06/27/2017
Est. Priority Date: 11/30/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processors; and

one or more memories having stored thereon computer executable instructions that are executable by the one or more processors to perform actions comprising;

receiving, via a network from a client, an authentication token issued by an authentication service to the client, the authentication token including a link identifier that identifies a plurality of user accounts at one or more service providers as a set of linked accounts linked via the authentication service, the plurality of user accounts including a first user account and a second user account, each of the plurality of user accounts corresponding to a service with which the client is permitted to interact, each of the plurality of user accounts including a user profile, the link identifier permitting the one or more service providers presented with the authentication token to use the authentication token as a proof of an identity of the client to identify the set of linked accounts, the authentication token including a time stamp that indicates when an account linked with the client is changed from the first user account to the second user account;

outputting an indication of a service corresponding to the first user account;

providing a selectable portion in a user interface permitting selection of the second user account in the set of linked accounts identifiable via the link identifier;

receiving a selection of the second user account via the selectable portion;

communicating the selection of the second user account to the authentication service;

receiving an indication that the authentication token has a change to correspond to the second user account, the change including account data of the first user account in the authentication token overwritten with account data of the second user account, the first user account being distinct from the second user account; and

outputting an indication of a service corresponding to the second user account.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.

47 Citations

View as Search Results

20 Claims

1. A system comprising:
- one or more processors; and
  
  one or more memories having stored thereon computer executable instructions that are executable by the one or more processors to perform actions comprising;
  
  receiving, via a network from a client, an authentication token issued by an authentication service to the client, the authentication token including a link identifier that identifies a plurality of user accounts at one or more service providers as a set of linked accounts linked via the authentication service, the plurality of user accounts including a first user account and a second user account, each of the plurality of user accounts corresponding to a service with which the client is permitted to interact, each of the plurality of user accounts including a user profile, the link identifier permitting the one or more service providers presented with the authentication token to use the authentication token as a proof of an identity of the client to identify the set of linked accounts, the authentication token including a time stamp that indicates when an account linked with the client is changed from the first user account to the second user account;
  
  outputting an indication of a service corresponding to the first user account;
  
  providing a selectable portion in a user interface permitting selection of the second user account in the set of linked accounts identifiable via the link identifier;
  
  receiving a selection of the second user account via the selectable portion;
  
  communicating the selection of the second user account to the authentication service;
  
  receiving an indication that the authentication token has a change to correspond to the second user account, the change including account data of the first user account in the authentication token overwritten with account data of the second user account, the first user account being distinct from the second user account; and
  
  outputting an indication of a service corresponding to the second user account.
- View Dependent Claims (2, 3)
- - 2. The system as recited in claim 1, wherein the authentication token is changed to correspond to the second user account without additional credentials being provided.
  - 3. The system as recited in claim 1, wherein the authentication token includes the account identifier of the first user account when the authentication token corresponds to the first user account, and wherein the authentication token includes the account identifier of the second user account when the authentication token corresponds to the second user account.

4. A system comprising:
- one or more processors; and
  
  one or more memories having stored thereon computer executable instructions that are executable by the one or more processors to perform actions comprising;
  
  outputting an indication of a service corresponding to a first user account;
  
  providing an interface to receive an indication of a switch from the first user account to a second user account in a set of linked accounts, the set of linked account being identifiable via a link identifier included in an authentication token corresponding to the first user account, the authentication token including a time stamp that indicates when an account linked with the client is changed from the first user account to the second user account; and
  
  receiving the indication of the switch from the first user account to the second user account.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
- - 5. The system as recited in claim 4, wherein the interface is a selectable portion in the user interface permitting a selection of the second user account.
  - 6. The system as recited in claim 4, wherein the actions further comprise receiving an indication that the authentication token has a change to correspond to the second user account.
  - 7. The system as recited in claim 6, wherein the change includes account data of the first user account in the authentication token overwritten with account data of the second user account, the first user account being distinct from the second user account.
  - 8. The system as recited in claim 4, wherein the actions further comprise outputting an indication of a service corresponding to the second user account.
  - 9. The system as recited in claim 4, wherein the link identifier identifies a plurality of user accounts at one or more service providers as the set of linked accounts linked via an authentication service.
  - 10. The system as recited in claim 9, wherein each of the plurality of user accounts corresponds to a service with which a client is permitted to interact.
  - 11. The system as recited in claim 9, wherein each of the plurality of user accounts includes a user profile.
  - 12. The system as recited in claim 9, wherein the link identifier permits the one or more service providers to use the authentication token as a proof of an identity of a client to identify the set of linked accounts.

13. A system comprising:
- one or more processors; and
  
  one or more memories having stored thereon computer executable instructions that are executable by the one or more processors to perform actions comprising;
  
  receiving one or more inputs from a client that define a link between a plurality of user accounts at one or more service providers, the plurality of user accounts including a first user account and a second user account; and
  
  forming an authentication token for communication to the client, the authentication token including a link identifier to reference a set of linked accounts, and a time stamp that indicates when an account linked with the client is changed from the first user account to the second user account.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system as recited in claim 13, wherein the actions further comprise providing access to at least the second user account of the plurality of user accounts after receiving a correct credential corresponding to the first user account of the plurality of user accounts.
  - 15. The system as recited in claim 13, wherein the link identifier permits the one or more service providers presented with the authentication token to use the authentication token as proof of the client'"'"'s identity to identify the set of linked accounts.
  - 16. The system as recited in claim 13, wherein the link identifier permits access to services corresponding to each account described by the link identifier without additional authentication of the client.
  - 17. The system as recited in claim 13, wherein the actions further comprise:
    - storing the link identifier at an authentication service; and
      
      managing authentication of the client to the set of linked accounts, such that the client, upon providing to the authentication service credentials corresponding to one account in the set of linked accounts, receives an access to each account in the set of linked accounts,wherein;
      
      the access to each account in the set of linked accounts includes access to corresponding services provided by the one or more service providers.
  - 18. The system as recited in claim 17, wherein the actions further comprise:
    - exposing an application programming interface callable by the client; and
      
      indicating the plurality of user accounts that are linkable to one another by the client.
  - 19. The system as recited in claim 17, wherein the actions further comprise:
    - exposing one or more interfaces; and
      
      receiving an input from the client through the one or more interfaces as client interaction with the set of linked accounts.
  - 20. The system as recited in claim 19, wherein the one or more interfaces comprise:
    - an application programming interface, callable by the client, indicative of a plurality of accounts that are linkable to one another by the client; and
      
      an additional application programming interface, callable by the client, indicative of at least one link that is removable from the set of linked accounts by the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Ayres, Lynn C., Guo, Wei-Quiang Michael, Huang, Lin, Bailey, David W., Rouskov, Yordan I
Primary Examiner(s)
Herzog, Madhuri

Application Number

US14/712,839
Publication Number

US 20150249660A1
Time in Patent Office

775 Days
Field of Search

726 1- 10, 726 16- 21, 726 26- 30, 713155-159, 713168-186
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 67/10   in which an application is ...

Authenticating linked accounts

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating linked accounts

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links