Who is the assignee on this patent?

Wetter Allan Edwin, Frei Adrian, Tsang Peter M, and 2 more

What technology area does this patent fall under?

Primary CPC classification G06F21/335. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Aug 16 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Cloud service authentication

US9418216B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9418216-B2
Application number	US-201113187767-A
Country	US
Kind code	B2
Filing date	Jul 21, 2011
Priority date	Jul 21, 2011
Publication date	Aug 16, 2016
Grant date	Aug 16, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, implemented at a computer system that includes one or more processors, for providing access to a cloud service, the method comprising: receiving a request from an application hosted by an operating system (OS) to access a cloud service; sending a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) and a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receiving a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the user assigned ID having been computed by the identity provider based upon the cloud service ID and a user identification associating the user with the identity provider, the token being signed with an identity provider signature; providing the token to the application for submission to a cloud service provider for access to the cloud service; and obtaining access to the cloud service based at least on the cloud service provider having validated an identity provider signature as a signature of the identity provider. 2. The method of claim 1 , wherein the OS cloud credential is associated with authentication information provided by the OS based upon the user successfully authenticating with the OS. 3. The method of claim 1 , further comprising: submitting the token to the cloud service provider for the application to obtain access to the cloud service. 4. The method of claim 1 , wherein the user assigned ID comprises a user pairwise ID computed by the identity provider based upon a pairwise function of the cloud service ID and the user identification associating the user with the identity provider. 5. The method of claim 1 , further comprising: obtaining access to the cloud service based upon the cloud service provider determining the application is authorized to access the cloud service based upon the application ID. 6. A system, comprising: one or more processing units; and memory configured to store instructions that when executed by at least some of the one or more processing units to cause the system to perform at least the following: receive, from a client, a token request comprising (i) an application identifier (ID) identifying an application hosted by an operating system (OS) that is requesting access to a cloud service, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) a cloud service ID that is associated with a cloud service; authenticate the user based upon at least one of a SmartCode, a code sent by phone, a code sent by email, biometrics, or a username and password combination; verify that the application ID is a valid application ID for the application; based at least on authenticating the user, and based at least on verifying that the application ID is valid for the application, compute a user assigned ID that associated with the cloud service, the user assigned ID being computed based upon the cloud service ID and a user identification associating the user with an identity provider; generate a token, the token comprising (i) the user assigned ID, (ii) the application ID, and (iii) the cloud service ID; sign the token with a signature of the identity provider that is usable to validate that the token was signed by the identity provider; and provide the token to the client. 7. The system of claim 6 , wherein the authenticating is based upon the SmartCode. 8. The system of claim 6 , wherein the authenticating is based upon the code sent by phone. 9. The system of claim 6 , wherein the authenticating is based upon the code sent by email. 10. The system of claim 6 , wherein the authenticating is based upon the biometrics. 11. The system of claim 6 , wherein the authenticating is based upon the username and password combination. 12. The system of claim 6 , wherein the verifying that the application ID is a valid application ID for the application also includes identifying that the application is known and authorized to access the cloud service. 13. The system of claim 6 , wherein the verifying that the application ID is a valid application ID for the application also includes identifying that the application is unknown, but that the cloud service will determine whether or not to grant access to the application. 14. The system of claim 6 , wherein computing the user assigned ID comprises computing pairwise ID computed based upon a pairwise function of the cloud service ID and the user identification associating the user with the identity provider. 15. A system, comprising: one or more processing units; and memory configured to store instructions that when executed by at least some of the one or more processing units to cause the system to perform at least the following: receive a request from an application hosted by an operating system (OS) to access a cloud service; send a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) and a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receive a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the user assigned ID having been computed by the identity provider based upon the cloud service ID and a user identification associating the user with the identity provider, the token being signed with an identity provider signature; provide the token to the application for submission to a cloud service provider for access to the cloud service; and obtain access to the cloud service based at least on the cloud service provider having validated the identity provider signature as a signature of the identity provider. 16. The system of claim 15 , wherein the identity provider verifying that the application ID is a valid application ID for the application comprises the identity provider identifying that the application is known and authorized to access the cloud service. 17. The system of claim 15 , wherein the identity provider verifying that the application ID is a valid application ID for the application comprises the identity provider identifying that the application is unknown, but that the cloud service will determine whether or not to grant access to the application.

Assignees

Inventors

Classifications

G06F21/335Primary
for accessing specific resources, e.g. using Kerberos tickets · CPC title
G06F21/41Primary
where a single sign-on provides access to a plurality of computers · CPC title
G06F2221/2115
Third party · CPC title
H04L63/083
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L63/0807
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title

Patent family

Related publications grouped by family.

View patent family 47556770

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9418216B2 cover?: One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing add…
Who is the assignee on this patent?: Wetter Allan Edwin, Frei Adrian, Tsang Peter M, and 2 more
What technology area does this patent fall under?: Primary CPC classification G06F21/335. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Aug 16 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).