Centralized authentication for granting access to online services

US 10,673,858 B2
Filed: 07/31/2017
Issued: 06/02/2020
Est. Priority Date: 05/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method to authenticate a first device for access to a first service provider, the method comprising:

sending, by executing a first instruction with a processor at the first service provider, an authentication request from the first service provider to a second service provider, the authentication request generated in response to an access request from the first device, the authentication request including an identification code assigned to the first device by the second service provider;

obtaining, at the first service provider, an authentication response from the second service provider, the authentication response generated by the second service provider in response to the authentication request; and

when the authentication response indicates the first service provider is not permitted to access centralized authentication information associated with the first device, both (i) sending, by executing a second instruction with the processor, a permission request from the first service provider to the second service provider to request access to the centralized authentication information associated with the first device, and (ii) performing, by executing a third instruction with the processor, a local access control procedure associated with the first service provider to determine whether to grant the first device access to the first service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to authenticate a first device for access to a first service provider are disclosed. Example methods disclosed herein include sending, by executing a first instruction with a processor at a first service provider, an authentication request from the first service provider to a second service provider. The authentication request is generated in response to an access request from the first device and includes an identification code assigned to the first device by the second service provider. Example methods also include obtaining, at the first service provider, an authentication response from the second service provider. The authentication response is generated by the second service provider in response to the authentication request. Example methods further include, based on the authentication response, granting, by executing a second instruction with the processor, the first device access to the first service provider.

77 Citations

15 Claims

1. A method to authenticate a first device for access to a first service provider, the method comprising:
- sending, by executing a first instruction with a processor at the first service provider, an authentication request from the first service provider to a second service provider, the authentication request generated in response to an access request from the first device, the authentication request including an identification code assigned to the first device by the second service provider;
  
  obtaining, at the first service provider, an authentication response from the second service provider, the authentication response generated by the second service provider in response to the authentication request; and
  
  when the authentication response indicates the first service provider is not permitted to access centralized authentication information associated with the first device, both (i) sending, by executing a second instruction with the processor, a permission request from the first service provider to the second service provider to request access to the centralized authentication information associated with the first device, and (ii) performing, by executing a third instruction with the processor, a local access control procedure associated with the first service provider to determine whether to grant the first device access to the first service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein when the authentication response includes a level of trust associated with the first device, the first service provider determines (i) to prompt at least one of the first device and a user of the first device for user authentication information when the level of trust associated with the first device is low, and (ii) not to prompt either of the first device or the user for the user authentication information when the level of trust is high.
  - 3. The method of claim 2, wherein the user authentication information is to include at least one of a username, a password, and biometric data.
  - 4. The method of claim 3, further including granting the first device access to the first service provider based on whether the user authentication information matches reference data stored at the first device.
  - 5. The method of claim 1, wherein the authentication request further includes location information identifying a location of the first device at a time at which the access request was transmitted by the first device to the first service provider.
  - 6. The method of claim 2, wherein the level of trust is high when (1) the first device is being used at an expected location specified in a profile of the first device, (2) a valid access code was received by the second service provider from the first device and (3) a second device also associated with the user of the first device is detected at the expected location.
  - 7. The method of claim 2, wherein the level of trust is low when (1) the first device is not being used at an expected location specified in a profile of the first device, (2) a valid access code was not received by the second service provider from the first device and (3) a second device also associated with the user of the first device is not detected at a same location as a location of the first device.

8. A tangible computer readable storage medium comprising computer readable instructions which, when executed, cause a computer at a first service provider to perform operations comprising:
- generating an authentication request to a second service provider, the authentication request generated in response to an access request from a first device, the authentication request including at least one of an identification code assigned to the first device by the second service provider and location information identifying a location of the first device;
  
  evaluating an authentication response from the second service provider, the authentication response being generated by the second service provider in response to the authentication request; and
  
  when the authentication response indicates the first service provider is not permitted to access centralized authentication information associated with the first device, both (i) sending a permission request from the first service provider to the second service provider to request access to the centralized authentication information associated with the first device, and (ii) performing a local access control procedure associated with the first service provider to determine whether to grant the first device access to the first service provider.
- View Dependent Claims (9, 10, 11)
- - 9. The tangible computer readable storage medium of claim 8, wherein the operations include, when the authentication response includes a level of trust associated with the first device, (i) prompting at least one of the first device and a user of the first device for user authentication information when the level of trust associated with the first device is low, and (ii) not prompting either of the first device or the user for the user authentication information when the level of trust is high.
  - 10. The tangible computer readable storage medium of claim 9, wherein the level of trust is high when (1) the first device is being used at an expected location specified in a profile of the first device, (2) a valid access code was received by the second service provider from the first device and (3) a second device also associated with the user of the first device is detected at the expected location.
  - 11. The tangible computer readable storage medium of claim 9, wherein the level of trust is low when (1) the first device is not being used at an expected location specified in a profile of the first device, (2) a valid access code was not received by the second service provider from the first device and (3) a second device also associated with the user of the first device is not detected at a same location as a location of the first device.

12. An access controller to control access to a first service provider, the access controller comprising:
- memory including machine readable instructions; and
  
  a processor at the first service provider, the processor to execute the machine readable instructions to perform operations comprising;
  
  generating an authentication request in response to an access request from a first device, the authentication request including at least one of an identification code assigned to the first device by a second service provider and location information identifying a location of the first device;
  
  evaluating an authentication response from the second service provider, the authentication response being generated by the second service provider in response to the authentication request; and
  
  when the authentication response indicates the first service provider is not permitted to access centralized authentication information associated with the first device, both (i) sending a permission request from the first service provider to the second service provider to request access to the centralized authentication information associated with the first device, and (ii) performing a local access control procedure associated with the first service provider to determine whether to grant the first device access to the first service provider.
- View Dependent Claims (13, 14, 15)
- - 13. The access controller of claim 12, wherein the operations include, when the authentication response includes a level of trust associated with the first device, (i) prompting at least one of the first device and a user of the first device for user authentication information when the level of trust associated with the first device is low, and (ii) not prompting either of the first device or the user for the user authentication information when the level of trust is high.
  - 14. The access controller of claim 13, wherein the level of trust is high when (1) the first device is being used at an expected location specified in a profile of the first device, (2) a valid access code was received by the second service provider from the first device and (3) a second device also associated with the user of the first device is detected at the expected location.
  - 15. The access controller of claim 13, wherein the level of trust is low when (1) the first device is not being used at an expected location specified in a profile of the first device, (2) a valid access code was not received by the second service provider from the first device and (3) a second device also associated with the user of the first device is not detected at a same location as a location of the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Malik, Dale W.
Primary Examiner(s)
Poltorak, Piotr

Application Number

US15/664,897
Publication Number

US 20170331834A1
Time in Patent Office

1,037 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/63   Location-dependent; Proximi...

H04W 4/02   Services making use of loca...

Centralized authentication for granting access to online services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized authentication for granting access to online services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links