Federated realm discovery

US 9,735,964 B2
Filed: 06/19/2008
Issued: 08/15/2017
Est. Priority Date: 06/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a user device and via a non-home security authority login user interface implemented at the user device, user credentials of a user, the user credentials comprising at least an identifier of the user and a password;

requesting, by the user device, identification of a home security authority of the user based on the user credentials by accessing a realm list datastore of the user device, the user device having an account with the home security authority but not with the non-home security authority;

responsive to said requesting, receiving the identification of the home security authority of the user; and

requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user'"'"'s credentials before the user'"'"'s secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user'"'"'s home realm and provide realm information directing the user device to login at the home realm.

Citations

14 Claims

1. A method comprising:
- receiving, at a user device and via a non-home security authority login user interface implemented at the user device, user credentials of a user, the user credentials comprising at least an identifier of the user and a password;
  
  requesting, by the user device, identification of a home security authority of the user based on the user credentials by accessing a realm list datastore of the user device, the user device having an account with the home security authority but not with the non-home security authority;
  
  responsive to said requesting, receiving the identification of the home security authority of the user; and
  
  requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority.
- View Dependent Claims (2, 3, 4, 5, 6, 13)
- - 2. The method of claim 1 wherein the non-home security authority and the home security authority are members of a federation.
  - 3. The method of claim 1 further comprising receiving a security token from the identified home security authority for access by the user to a network service.
  - 4. The method of claim 1 wherein requesting identification further comprises sending a request via a communications network to the non-home security authority, the request not including a secret credential of the user credentials of the user, the request requesting the non-home security authority to identify the home security authority of the user.
  - 5. The method of claim 1 wherein the requesting identification further comprises sending a request via a communications network to the non-home security authority, prior to receipt of all of characters of the user credentials.
  - 6. The method of claim 1 wherein the requesting comprises sending a request via a communications network to the non-home security authority, prior to receipt of a secret credential of the user credentials by the login user interface.
  - 13. The method of claim 1 wherein requesting authentication further comprises requesting authentication from the identified home security authority of the user without presenting the user with a separate login user interface from the home security authority.

7. A computer-readable storage device having computer executable instructions for performing a computer process, the computer process comprising:
- presenting to a user a login user interface for a non-home security authority within a federation, the non-home security authority and a home security authority being members of the federation, the user having an account with the home security authority but not with the non-home security authority;
  
  receiving, via the login user interface for the non-home security authority, user credentials of the user, the user credentials comprising at least a portion of a user identifier unique to the user, said receiving performed independent of transmitting the user credentials to the non-home security authority;
  
  requesting identification of the home security authority of the user based on the user credentials from a realm list datastore;
  
  responsive to the requesting, receiving identification of the home security authority of the user; and
  
  transmitting the user credentials of the user, including the user identifier and associated secret information of the user, to the identified home security authority to request authentication for the user to access the non-home security authority without transmitting the associated secret information of the user to the non-home security authority.
- View Dependent Claims (8, 9, 10, 11, 12, 14)
- - 8. The computer-readable storage device of claim 7 wherein the receiving operation receives the user credentials of the user through the login user interface from the non-home security authority but does not transmit the associated secret information of the user to the non-home security authority.
  - 9. The computer-readable storage device of claim 7 wherein the computer process further comprises receiving a security token from the identified home security authority for access by the user to a network service.
  - 10. The computer-readable storage device of claim 7 wherein the requesting further comprises sending a request via a communications network to the non-home security authority, the request including the at least a portion of the user identifier and not including the associated secret information of the user, the request requesting the non-home security authority to identify the home security authority of the user.
  - 11. The computer-readable storage device of claim 7 wherein the requesting further comprises sending a request via a communications network to the non-home security authority, prior to receipt of all of characters of the user identifier.
  - 12. The computer-readable storage device of claim 7 wherein the requesting further comprises sending a request via a communications network to the non-home security authority, prior to receipt of a secret credential of the user by the login user interface.
  - 14. The computer-readable storage device of claim 7 wherein transmitting the user credentials further comprises transmitting the user credentials of the user to the identified home security authority without presenting the user with a separate login user interface from the home security authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Rouskov, Yordan, Faulkner, Sarah, Guo, Wei-Qiang, Ayres, Lynn, Chen, Rui
Primary Examiner(s)
Wang, Harris C

Application Number

US12/141,939
Publication Number

US 20090320114A1
Time in Patent Office

3,344 Days
Field of Search

726 8
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/41   where a single sign-on prov...

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/101   Access control lists [ACL]

H04L 9/3234   involving additional secure...

Federated realm discovery

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Federated realm discovery

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links