Single token authentication

US 8,839,391 B2
Filed: 07/18/2011
Issued: 09/16/2014
Est. Priority Date: 02/05/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

storing, by a computer system, multiple, separate data sets for a single user where each data set is associated with a service provider, and where each data set is related to an access code that is based on a combination of data identifying the user and data identifying the service provider, with the data identifying the user being the same for each of the access codes, wherein the data identifying the user comprises a user ID identifying the user and the data identifying the service provider comprises a service provider ID identifying the service provider;

providing, by the computer system, access to data in a particular data set of the multiple data sets by;

obtaining the data identifying the user by authenticating the user based on the presence of a token;

generating the access code for the particular data set based on a combination of the data identifying the user and data identifying the service provider associated with the particular data set, wherein generating the access code comprises;

receiving, by an authentication system, the user ID and the service provider ID; and

deriving the access code using a one way function based on the user ID and the service provider ID; and

identifying storage locations for the particular data set based on the access code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method that includes storing multiple, separate data sets where each data set is related to an access code that is based on a combination of data related to the user and data related to a service provider is described herein.

219 Citations

17 Claims

1. A computer-implemented method comprising:
- storing, by a computer system, multiple, separate data sets for a single user where each data set is associated with a service provider, and where each data set is related to an access code that is based on a combination of data identifying the user and data identifying the service provider, with the data identifying the user being the same for each of the access codes, wherein the data identifying the user comprises a user ID identifying the user and the data identifying the service provider comprises a service provider ID identifying the service provider;
  
  providing, by the computer system, access to data in a particular data set of the multiple data sets by;
  
  obtaining the data identifying the user by authenticating the user based on the presence of a token;
  
  generating the access code for the particular data set based on a combination of the data identifying the user and data identifying the service provider associated with the particular data set, wherein generating the access code comprises;
  
  receiving, by an authentication system, the user ID and the service provider ID; and
  
  deriving the access code using a one way function based on the user ID and the service provider ID; and
  
  identifying storage locations for the particular data set based on the access code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein providing access to the data in the particular data set of the multiple data sets further comprises authenticating the service provider associated with the particular data set to obtain the data identifying the service provider.
  - 3. The method of claim 1, wherein providing access to the data in the particular data set of the multiple data sets further comprises authenticating the authentication system.
  - 4. The method of claim 1, wherein providing access to the data in the particular data set of the multiple data sets comprises:
    - providing access to a first data set associated with a first service provider using a first access code based on a combination of the data identifying the user and data identifying the first service provider, andproviding access to a second data set associated with a second service provider using a second access code based on a combination of the data identifying the user and data identifying the second service provider with the data identifying the user in the first access code being the same as the data identifying the user in the second access code.
  - 5. The method of claim 4, further comprising retrieving the data in the first data set based on the first access code and retrieving the data in the second data set based on the second access code.
  - 6. The method of claim 1, wherein storing multiple, separate data sets comprises:
    - generating multiple data segments using calculations involving portions of the data; and
      
      storing the data sets in storage locations in at least three geographically dispersed data storage zones with each of the storage zones storing less than the number of data segments required to restore the data and such that the data can be restored based on the data segments in less than all of the data storage zones.
  - 7. The method of claim 1, wherein deriving the access code comprises performing a one way function on the user identifier, the service provider identifier, and one or more additional inputs.
  - 8. The method of claim 1, wherein storing the multiple data sets comprises:
    - storing the multiple data sets in multiple, different storage locations on different networked storage nodes with each storage node including one or more networked computers and associated data storage media associated with the computer.
  - 9. The method of claim 1, wherein storing the data sets comprises storing the data sets in multiple storage areas with each of the multiple storage areas being located in a geographical area that is different from the geographical area the other ones of the multiple storage areas.
  - 10. The method of claim 1, wherein storing the data sets comprises storing the data sets in multiple storage areas with each of the multiple storage areas existing under a set of legal jurisdictions that is different from legal jurisdictions of each of the other ones of the multiple storage areas.
  - 11. The method of claim 1, wherein storing the multiple data sets comprises:
    - for each of the data sets, generating multiple data segments with each data segment including a portion of the data or data derived based on one or more other portions of the data; and
      
      storing the multiple data segments among multiple geographically dispersed data storage locations.
  - 12. The method of claim 1, wherein storing the multiple data sets comprises:
    - for each of the data sets, generating multiple data segments with each data segment including a portion of the data or data derived based on one or more other portions of the data;
      
      and, storing the multiple data segments among storage locations separated by at least 10 miles.
  - 13. The method of claim 1, wherein storing the multiple data sets comprises:
    - for each of the data sets, generating multiple data segments with each data segment including a portion of the data or data derived based on one or more other portions of the data; and
      
      storing the multiple data segments among storage locations located on different continents.
  - 14. The method of claim 1, wherein storing the multiple data sets comprises:
    - for each of the data sets, generating multiple data segments with each data segment including a portion of the data or data derived based on one or more other portions of the data; and
      
      storing the multiple data segments among storage locations located in different countries.
  - 15. The method of claim 1, wherein the token comprises a physical token.
  - 16. The method of claim 1, wherein the token comprises a computing device associated with the user.
  - 17. The method of claim 1, wherein the token comprises a computing device associated with the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WwPass Corp.
Original Assignee
WwPass Corp.
Inventors
Vysogorets, Mikhail, Shablygin, Eugene
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/184,912
Publication Number

US 20120066752A1
Time in Patent Office

1,156 Days
Field of Search

None
US Class Current

726/7
CPC Class Codes

G06F 21/34 involving the use of extern...

Single token authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

219 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Single token authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links