Automatic replacement of passwords with secure claims
US-10484372-B1 · Nov 19, 2019 · US
Securely authenticating a bot user
US10659464B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10659464-B2 |
| Application number | US-201715640002-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 30, 2017 |
| Priority date | May 10, 2017 |
| Publication date | May 19, 2020 |
| Grant date | May 19, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are provided that securely authenticate a user of a web application. For example, the user may utilize a bot from within a first application, such as a chat application. The user may request the bot to access a second application (e.g., a social-networking application) that is remote from the first application. If the bot does not have authorization, the bot may redirect the user to a webpage for the second application, where the user may enter login credentials. Upon verification, the second application may provide an access token to a webpage associated with the bot. To authenticate the bot user, the bot webpage may generate and cache a nonce that is transmitted back to the first application, which then transmits it to the bot. The bot may then compare the received nonce with the cached nonce. If the nonces match, the user may be securely authenticated.
First claim
Opening claim text (preview).
What is claimed is: 1. A processor-implemented method of authenticating a user of an application, comprising: transmitting, by a first client application, a user identifier to a first web application; receiving, by the first client application, a request to access a second web application that uses different access credentials than the first web application; receiving, by the first client application, a second identifier from a web service, the second identifier identifying authenticated access to the second web application based on access credentials provided by a second client application; sending, by the first client application, the second identifier to the first web application, the first web application configured to associate the user identifier with the second identifier and the authenticated access to the second web application; receiving, by the first client application, an indication from the first web application that the user identifier is authenticated for accessing the second web application; and accessing, by the first client application, the second web application, via the first web application in response to the received indication. 2. The processor-implemented method of claim 1 , further comprising: retrieving an access token for the second web application from the web service. 3. The processor-implemented method of claim 2 , wherein the access token for the second web application is associated with the user identifier for the first client application. 4. The processor-implemented method of claim 3 , further comprising: receiving a second request to access the second web application; and based on the access token for the second web application associated with the user identifier for the first client application, opening a window within the first client application for accessing the second web application via the first web application. 5. The processor-implemented method of claim 1 , wherein the first web application is a chat bot, and wherein the first client application is a chat application. 6. The processor-implemented method of claim 1 , wherein the first web application is a bot, and wherein the first client application is a messaging application. 7. The processor-implemented method of claim 1 , wherein the second web application is a social-networking application. 8. A system for authenticating a user of an application, comprising: at least one hardware processing unit; and at least one memory storing computer-executable instructions that when executed by the at least one processing unit cause the system to: transmit, by a first client application, a user identifier to a first web application; receive, by the first client application, a request to access a second web application that uses different access credentials than the first web application; receiving across a trust boundary with the first client application, access credentials for the second web application; receive, by the first client application, a second identifier from a web service, the second identifier identifying authenticated access to the second web application based on access credentials provided by a second client application; send, by the first client application, the second identifier to the first web application, the first web application configured to associate the user identifier with the second identifier and the authenticated access to the second web application; receive, by the first client application, a confirmation that the sent second identifier matches a cached identifier; based on the confirmation, access, by the first client application, the second web application via the first web application and the user identifier. 9. The system of claim 8 , wherein the first web application is authorized to access the second web application based on the access token. 10. The system of claim 8 , further comprising: in response to receiving the confirmation that the second identifier matches the cached identifier, recognizing the user of the first web application as authenticated. 11. The system of claim 8 , wherein the first web application is a chat bot, and wherein the first client application is a chat application. 12. The system of claim 8 , wherein the first web application is a bot, and wherein the first client application is a messaging application. 13. The system of claim 8 , wherein the second web application is a social-networking application. 14. A computer storage medium comprising computer-executable instructions that when executed by a processing unit perform a method of authenticating a user of an application, the method comprising: transmitting, by a first client application, a user identifier to a first web application; receiving, by the first client application, a request to access a second web application that uses different access credentials than the first web application; receiving, by the first client application, a second identifier from a web service the second identifier identifying authenticated access to the second web application based on the access credentials provided by the second client application; sending, by the first client application, the second identifier to the first web application, the first web application configured to associate the user identifier with the second identifier and the authenticated access to the second web application; receiving, by the first client application, an indication that the user identifier is authenticated for accessing the second web application; and accessing, by the first client application, the second web application via the first web application and user identifier in response to the received indication. 15. The computer storage medium of claim 14 , further comprising: retrieving an access token for the second web application from the web service; and wherein the accessing of the second web application is further based on the access token. 16. The computer storage medium of claim 15 , wherein the access token for the second web application is associated with the user identifier for the first client application. 17. The computer storage medium of claim 16 , further comprising: receiving, by the first client application, a second request to access the second web application; retrieving the access token for the second web application from the user identifier for the first client application; and opening, by the first client application, a for accessing the second web application via the access token. 18. The computer storage medium of claim 14 , wherein the first web application is a chat bot, and wherein the first client application is a chat application. 19. The computer storage medium of claim 14 , wherein the first web application is a bot, and wherein the first client application is a messaging application. 20. The computer storage medium of claim 14 , wherein the second web application is a social-networking application.
Assignees
Inventors
Classifications
- G06F21/31Primary
User authentication · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
- H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10659464B2 cover?
- Systems and methods are provided that securely authenticate a user of a web application. For example, the user may utilize a bot from within a first application, such as a chat application. The user may request the bot to access a second application (e.g., a social-networking application) that is remote from the first application. If the bot does not have authorization, the bot may redirect the…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).