Who is the assignee on this patent?

Microsoft Technology Licensing Llc

What technology area does this patent fall under?

Primary CPC classification G06F21/335. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Cloud service authentication

US9699180B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9699180-B2
Application number	US-201615219994-A
Country	US
Kind code	B2
Filing date	Jul 26, 2016
Priority date	Jul 21, 2011
Publication date	Jul 4, 2017
Grant date	Jul 4, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Providing access to a cloud service includes a system receiving an application request to access a cloud service. In response, the system sends an identity provider (IP) a token request, comprising an application identifier (ID), an operating system (OS) cloud credential associated with login credentials of a user of an OS hosting the application, and a cloud service ID of the cloud service. Based on sending the token request, and on the IP authenticating the user and verifying the application ID is valid, the system receives a token from the IP. The token, which is signed with an IP signature, comprises the cloud service ID, the application ID, and a user assigned ID associated with the cloud service. The system provides the token to the application for submission to a cloud service provider for access, and obtains cloud service access based on the cloud service provider validating the IP signature.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, implemented at a computer system that includes one or more processors, for providing access to a cloud service, the method comprising: receiving a request from an application hosted by an operating system (OS) to access a cloud service; sending a token request to an identity provider responsive to the receiving a request, the token request comprising, (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receiving a token from the identity provider, the token comprising, (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the token being signed with an identity provider signature; providing the token to the application for submission to a cloud service provider for access to the cloud service; and obtaining access to the cloud service based at least on the cloud service provider having validated the identity provider signature as a signature of the identity provider. 2. The method of claim 1 , wherein obtaining access to the cloud service is also based at least on the cloud service provider having determined that the application is authorized to access the cloud service based upon the application ID. 3. The method of claim 1 , wherein the application identifier is securely assigned to the application based on an OS application programming model used during development of the application. 4. The method of claim 1 , wherein the token is received from the identity provider based at least on the identity provider having determined that the application has authority to access the cloud service based on the application ID. 5. The method of claim 1 , wherein the token is received from the identity provider based at least on the identity provider having computed the user assigned ID. 6. The method of claim 5 , wherein the user assigned ID is computed using a pairwise computation based upon at least one of the cloud service ID, or a user identification associating the user with the identity provider. 7. The method of claim 5 , wherein the user assigned ID identifies the user uniquely for the application. 8. The method of claim 5 , further comprising obtaining access, from the cloud service, to data associated with a user account identified by the user assigned ID. 9. The method of claim 5 , wherein the user assigned ID is encrypted by the identity provider. 10. The method of claim 1 , wherein the token is encrypted by the identity provider. 11. A computer system, comprising: one or more hardware processors; and one or more computer-readable devices having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to provide access to a cloud service, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following: receive a request from an application hosted by an operating system (OS) to access a cloud service; send a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receive a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the token being signed with an identity provider signature; provide the token to the application for submission to a cloud service provider for access to the cloud service; and obtain access to the cloud service based at least on the cloud service provider having validated the identity provider signature as a signature of the identity provider. 12. The computer system of claim 11 , wherein obtaining access to the cloud service is also based at least on the cloud service provider having determined that the application is authorized to access the cloud service based upon the application ID. 13. The computer system of claim 11 , wherein the application identifier is securely assigned to the application based on an OS application programming model used during development of the application. 14. The computer system of claim 11 , wherein the token is received from the identity provider based at least on the identity provider having determined that the application has authority to access the cloud service based on the application ID. 15. The computer system of claim 11 , wherein the token is received from the identity provider based at least on the identity provider having computed the user assigned ID. 16. The computer system of claim 15 , wherein the user assigned ID is computed using a pairwise computation based upon at least one of the cloud service ID, or a user identification associating the user with the identity provider. 17. The computer system of claim 15 , wherein the user assigned ID identifies the user uniquely for the application. 18. The computer system of claim 15 , wherein the computer-executable instructions that are also executable by the one or more processors to cause the computer system to obtain access, from the cloud service, to data associated with a user account identified by the user assigned ID. 19. The computer system of claim 15 , wherein at least one of the user assigned ID or the token is encrypted by the identity provider. 20. A computer program product comprising one or more hardware storage devices having stored thereon computer-executable instructions that are executable by one or more processors to cause a computer system to provide access to a cloud service, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following: receive a request from an application hosted by an operating system (OS) to access a cloud service; send a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receive a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the token being signed with an identity provider signature; provide the token to the application for submission to a cloud service provider for

Assignees

Microsoft Technology Licensing Llc

Inventors

Classifications

H04L63/0807
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
G06F2221/2115
Third party · CPC title
G06F21/335Primary
for accessing specific resources, e.g. using Kerberos tickets · CPC title
H04L63/083
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title

Patent family

Related publications grouped by family.

View patent family 47556770

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9699180B2 cover?: Providing access to a cloud service includes a system receiving an application request to access a cloud service. In response, the system sends an identity provider (IP) a token request, comprising an application identifier (ID), an operating system (OS) cloud credential associated with login credentials of a user of an OS hosting the application, and a cloud service ID of the cloud service. Ba…
Who is the assignee on this patent?: Microsoft Technology Licensing Llc
What technology area does this patent fall under?: Primary CPC classification G06F21/335. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).