Systems and methods for authenticating users
US-2019050551-A1 · Feb 14, 2019 · US
Restricted content access provision based on third-party verification
US10742659B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10742659-B1 |
| Application number | US-201815979503-A |
| Country | US |
| Kind code | B1 |
| Filing date | May 15, 2018 |
| Priority date | May 15, 2018 |
| Publication date | Aug 11, 2020 |
| Grant date | Aug 11, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Access to a provider's restricted resources for users who are not directly associated with the provider but who are permitted to access the restricted resources based on the users' affiliation with a third-party subscriber is provided. An example affiliation is a university student's (user's) affiliation with a university (third-party subscriber). A user's identity can be authenticated by the third party, and the user's access entitlements can be authorized by the third party based on the third party's authorization policies and by an authorized distributor of the restricted resources of which the third party is a subscriber based on the distributor's authorization policies. An access decision is made by a policy enforcement service based on the authorization access decisions made by the third party and by the authorized distributor. The provider allows the user access to its otherwise restricted resources based on a permit decision made by the policy enforcement service.
First claim
Opening claim text (preview).
We claim: 1. A system for enabling access to restricted resources, the system comprising: at least one processor; a memory storage device including instructions that when executed by the at least one processor are operable to: receive a request from a user device of a user to access a restricted resource associated with a restricted resource provider, wherein the user is not subscribed to the restricted resource provider but is affiliated with a third-party subscriber; in response to receipt of the request to access the restricted resource associated with the restricted resource provider from the user device, begin a multi-party authentication process that includes: transmission of an authentication request to an authentication provider associated with the third-party subscriber that includes a call to a directory services database to authenticate that the user is affiliated with the third-party subscriber, wherein the authentication request includes user login credentials associated with a user account with the third-party subscriber; responsive to receiving an indication from the authentication provider that the authentication request is approved, send an authorization access request associated with the third-party subscriber to a policy decision service managed by an authorized resource distributor to provide access to the restricted resource; receive, from the policy decision service managed by the authorized resource distributor, an authorization access response that indicates whether the third-party subscriber is authorized to access the restricted resource identified in the request to access the restricted resource from the user device and authorized to distribute the restricted resource to authorized users of a network provided by the third-party; and grant permission to the user device to access the restricted resource via the authorized resource distributor when the third-party subscriber is authorized to access and distribute the restricted resource. 2. The system of claim 1 , wherein the user is affiliated with the third-party subscriber based on an affiliation recognized by the restricted resource provider and the authorized resource distributor of the restricted resources, wherein: the third-party subscriber is a university; and the user is a student of the university. 3. The system of claim 1 , wherein: the policy decision service is an identity management server; and an authorization access decision made by the policy decision service is made based on an evaluation of one or more authorization policies against attribute information associated with the third-party subscriber. 4. The system of claim 3 , wherein one authorization policy of the one or more authorization policies indicates a requirement that the third-party subscriber is a subscriber of the authorized resource distributor and a subscriber of the restricted resource provider and that the third-party subscriber is an authorized broker of the restricted resources to affiliated users. 5. The system of claim 3 , wherein: the one or more authorization policies are stored in a policy store; and in making the authorization access decision, the policy decision service evaluates rules defined in the one or more policies against the attribute information associated with the third-party subscriber for determining whether the rules are satisfied. 6. The system of claim 5 , wherein: one authorization policy of the one or more authorization policies indicates a requirement that the third-party subscriber has an active account with the authorized resource distributor that is in good standing; and in evaluating a rule defined in the one authorization policy, the policy decision service is operative to evaluate the rule against attribute information associated with the third-party subscriber's business account status, wherein the attribute information associated with the third-party subscriber's business account status is stored in a policy information point embodied as a billing data store. 7. The system of claim 1 , wherein the system is further operative to: send a second authorization access request to a second policy decision service, wherein the second policy decision service is associated with the third-party subscriber; and receive, from the second policy decision service, a second response comprising a second authorization access decision made by the second policy decision service indicating whether the user is allowed access to the restricted resources; and wherein: in permitting or denying the user access to the restricted resources, the system utilizes a first authorization access decision and the second authorization access decision. 8. The system of claim 7 , wherein: the second policy decision service is an account administrative server; and the second authorization access decision is made based on an evaluation of one or more authorization policies against attribute information associated with one or more of: the user; the user's client device; and the environment. 9. The system of claim 7 , wherein the one or more authorization policies indicate requirements associated with one or more of: the user's student status; the user's housing status; the client device's network connection status; the user's grade point average status; the user's student category; the client device's location status; date of the request; and time of the request. 10. The system of claim 7 , wherein the second policy decision service is operable to evaluate the one or more authorization policies against attribute information provided by one or more policy information points, wherein the one or more policy information points include at least one of: a user attribute store associated with the third-party subscriber; and a user login request, wherein the user login request comprises context attribute information sensed by one or more sensors integrated with or communicatively attached to the client device. 11. The system of claim 7 , wherein in permitting or denying the user access to the restricted resource, a policy enforcement service is operable to make a permit decision when: a first authorization access response indicates that the third-party subscriber is allowed access to the restricted resources and that the third-party subscriber is an authorized broker of the restricted resources to users affiliated with the third-party subscriber; and the second authorization access response indicates that the user is allowed access to the restricted resource. 12. The system of claim 1 , wherein the restricted resource provider and the authorized resource distributor are a same entity. 13. A method for enabling access to restricted resources, the method comprising: receiving a request from a user device of a user to access a restricted resource associated with a restricted resource provider, wherein the user is not subscribed to the restricted resource provider but affiliated with a third-party subscriber of the restricted resource provider; in response to receipt of the request to access the restricted resource associated with the restricted resource provider from the user device, begin a multi-party authentication process that includes: transmitting an authentication request to an authentication provider associated with the third-party subscriber that includes a call to a directory services database to authenticate that the user is affiliated with the third-party subscriber, wherein the authentication request includes user login credentials associated with a user account with the third-party subscriber; responsive to receiving an indication from the authent
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/102Primary
Entity profiles · CPC title
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
using time-dependent-passwords, e.g. periodically changing passwords · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10742659B1 cover?
- Access to a provider's restricted resources for users who are not directly associated with the provider but who are permitted to access the restricted resources based on the users' affiliation with a third-party subscriber is provided. An example affiliation is a university student's (user's) affiliation with a university (third-party subscriber). A user's identity can be authenticated by the t…
- Who is the assignee on this patent?
- Cox Communications Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 11 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).