Mobile communication system implementing integration of multiple logins of mobile device applications
US-10284366-B2 · May 7, 2019 · US
Devices, systems, and methods for zero-trust single sign-on
US10944747B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10944747-B2 |
| Application number | US-201715603980-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 24, 2017 |
| Priority date | May 25, 2016 |
| Publication date | Mar 9, 2021 |
| Grant date | Mar 9, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Devices, systems, and methods receive a token and a request to create a joint tenant, wherein at least one of the token and the request identifies a first user of a first tenant of a first service; receive one or more administrator credentials for a second service; send the one or more administrator credentials and a request to create a service account to the second service; and create a joint tenant that includes a tenant of the first service and a tenant of the second service, wherein the first user is included in the tenant of the first service, and wherein the service account is included in the tenant of the second service.
First claim
Opening claim text (preview).
What is claimed is: 1. A device comprising: one or more computer-readable storage media; and one or more processors that are coupled to the one or more computer-readable storage media and that are configured to cause the device to receive a request to create a joint tenant; receive information that includes an identifier of a first service, a tenant identifier of a tenant of the first service, and an identifier of a first user of the tenant of the first service; receive one or more administrator credentials for a second service; send, to the second service, the one or more administrator credentials and a request to create a service account of a tenant of the second service; and create a joint tenant that includes the tenant identifier of the tenant of the first service, respective identifiers of a plurality of users of the tenant of the first service, wherein the plurality of users of the tenant of the first service include the first user of the tenant of the first service, and an identifier of the service account of the tenant of the second service, wherein the joint tenant associates the plurality of users of the tenant of the first service with the service account of the tenant of the second service. 2. The device of claim 1 , wherein the one or more processors are further configured to cause the device to obtain one or more credentials for the service account; and store the one or more credentials for the service account. 3. The device of claim 2 , wherein the one or more processors are further configured to cause the device to not send the one or more credentials for the service account to a user device. 4. The device of claim 1 , wherein the one or more processors are further configured to cause the device to send a token and a validation request to the first service; and receive a validation response from the first service. 5. The device of claim 1 , wherein the one or more processors are further configured to cause the device to: receive an instruction for a requested operation that includes an identifier of a user of the plurality of users of the tenant of the first service; determine whether the requested operation is provided by the first service or the second service; in a case where the requested operation is provided by the first service, retrieve credentials of the user that are associated with the tenant identifier of the tenant of the first service, and send the instruction and the credentials of the user that are associated with the tenant identifier of the tenant of the first service to the first service; and in a case where the requested operation is provided by the second service, retrieve credentials of the service account of the tenant of the second service, and send the instruction and the credentials of the service account to the second service. 6. The device of claim 1 , wherein the one or more processors are further configured to cause the device to receive a token for a requesting user; identify a joint tenant that is associated with the requesting user; retrieve one or more second-service credentials of a service account in a tenant of the second service that is included in the joint tenant that is associated with the requesting user; and send the one or more second-service credentials to the second service. 7. The device of claim 6 , wherein the requesting user is a user of a tenant of the first service that is included in the joint tenant that is associated with the requesting user. 8. A method comprising: receiving a token and a request to create a joint tenant; receiving user information that includes an identifier of a first service, a tenant identifier of a tenant of the first service, and an identifier of a first user of the tenant of the first service; receiving one or more administrator credentials for a second service that is implemented by one or more second-service devices; sending, to the one or more second-service devices, the one or more administrator credentials and a request to create a service account of a tenant of the second service; and creating a joint tenant that includes the tenant identifier of the tenant of the first service, respective identifiers of a plurality of users of the tenant of the first service, and an identifier of the service account of the tenant of the second service, wherein the plurality of users of the tenant of the first service include the first user of the tenant of the first service, and wherein the joint tenant maps the plurality of users of the tenant of the first service to the service account of the tenant of the second service. 9. The method of claim 8 , further comprising: sending the token and a validation request to one or more first-service devices; and receiving a validation response and the user information from the one or more first-service devices, wherein the user information and the validation response are sent in response to the sending of the token and the validation request. 10. The method of claim 8 , further comprising: generating credentials for the service account; sending the credentials for the service account to the one or more second-service devices; and storing the credentials for the service account. 11. The method of claim 8 , further comprising: receiving credentials for the service account from the one or more second-service devices; and storing the credentials for the service account. 12. The method of claim 8 , further comprising: receiving an instruction for a requested operation that includes an identifier of a user of the plurality of users of the tenant of the first service; determining whether the requested operation is provided by one or more first-service devices or the one or more second-service devices; in a case where the requested operation is provided by the one or more first-service devices, retrieving credentials of the user of the plurality of users of the tenant of the first service, and sending the instruction and the credentials of the user of the plurality of users of the tenant of the first service to the one or more first-service devices; and in a case where the requested operation is provided by the one or more second-service devices, retrieving credentials of the service account of the tenant of the second service, and sending the instruction and the credentials of the service account of the tenant of the second service to the one or more second-service devices. 13. One or more computer-readable storage media storing instructions that, when executed by one or more computing devices, cause the one or more computing devices to perform operations comprising: receiving a request to create a joint tenant; receiving information that includes an identifier of a first service that is provided by one or more first-service devices, an identifier of a tenant of the first service, and an identifier of a first user of the tenant of the first service; receiving one or more administrator credentials for a second service that is provided by one or more second-service devices; sending, to the one or more second-service devices, the one or more administrator credentials and a request to create a service account of a tenant of the second service; and creating a joint tenant that includes the tenant identifier of the tenant of the first service, respective identifiers of a plurality of users of the tenant of the first service, wherein the plurality of users include the first user, and an identifier of the service account of the tenant of the second service, wherein the joint tenant associates the plurality of users of the tenant of the first service with the service
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10944747B2 cover?
- Devices, systems, and methods receive a token and a request to create a joint tenant, wherein at least one of the token and the request identifies a first user of a first tenant of a first service; receive one or more administrator credentials for a second service; send the one or more administrator credentials and a request to create a service account to the second service; and create a joint …
- Who is the assignee on this patent?
- Canon Information & Imaging Solutions Inc, Canon Usa Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 09 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).