Identity verification and associated platform
US-2024403403-A1 · Dec 5, 2024 · US
Federated realm discovery
US9735964B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9735964-B2 |
| Application number | US-14193908-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 19, 2008 |
| Priority date | Jun 19, 2008 |
| Publication date | Aug 15, 2017 |
| Grant date | Aug 15, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, at a user device and via a non-home security authority login user interface implemented at the user device, user credentials of a user, the user credentials comprising at least an identifier of the user and a password; requesting, by the user device, identification of a home security authority of the user based on the user credentials by accessing a realm list datastore of the user device, the user device having an account with the home security authority but not with the non-home security authority; responsive to said requesting, receiving the identification of the home security authority of the user; and requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority. 2. The method of claim 1 wherein the non-home security authority and the home security authority are members of a federation. 3. The method of claim 1 further comprising receiving a security token from the identified home security authority for access by the user to a network service. 4. The method of claim 1 wherein requesting identification further comprises sending a request via a communications network to the non-home security authority, the request not including a secret credential of the user credentials of the user, the request requesting the non-home security authority to identify the home security authority of the user. 5. The method of claim 1 wherein the requesting identification further comprises sending a request via a communications network to the non-home security authority, prior to receipt of all of characters of the user credentials. 6. The method of claim 1 wherein the requesting comprises sending a request via a communications network to the non-home security authority, prior to receipt of a secret credential of the user credentials by the login user interface. 7. A computer-readable storage device having computer executable instructions for performing a computer process, the computer process comprising: presenting to a user a login user interface for a non-home security authority within a federation, the non-home security authority and a home security authority being members of the federation, the user having an account with the home security authority but not with the non-home security authority; receiving, via the login user interface for the non-home security authority, user credentials of the user, the user credentials comprising at least a portion of a user identifier unique to the user, said receiving performed independent of transmitting the user credentials to the non-home security authority; requesting identification of the home security authority of the user based on the user credentials from a realm list datastore; responsive to the requesting, receiving identification of the home security authority of the user; and transmitting the user credentials of the user, including the user identifier and associated secret information of the user, to the identified home security authority to request authentication for the user to access the non-home security authority without transmitting the associated secret information of the user to the non-home security authority. 8. The computer-readable storage device of claim 7 wherein the receiving operation receives the user credentials of the user through the login user interface from the non-home security authority but does not transmit the associated secret information of the user to the non-home security authority. 9. The computer-readable storage device of claim 7 wherein the computer process further comprises receiving a security token from the identified home security authority for access by the user to a network service. 10. The computer-readable storage device of claim 7 wherein the requesting further comprises sending a request via a communications network to the non-home security authority, the request including the at least a portion of the user identifier and not including the associated secret information of the user, the request requesting the non-home security authority to identify the home security authority of the user. 11. The computer-readable storage device of claim 7 wherein the requesting further comprises sending a request via a communications network to the non-home security authority, prior to receipt of all of characters of the user identifier. 12. The computer-readable storage device of claim 7 wherein the requesting further comprises sending a request via a communications network to the non-home security authority, prior to receipt of a secret credential of the user by the login user interface. 13. The method of claim 1 wherein requesting authentication further comprises requesting authentication from the identified home security authority of the user without presenting the user with a separate login user interface from the home security authority. 14. The computer-readable storage device of claim 7 wherein transmitting the user credentials further comprises transmitting the user credentials of the user to the identified home security authority without presenting the user with a separate login user interface from the home security authority.
Assignees
Inventors
Classifications
where a single sign-on provides access to a plurality of computers · CPC title
Indexing; Web crawling techniques · CPC title
by securing the transmission between two devices or processes · CPC title
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
- H04L9/3234Primary
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9735964B2 cover?
- A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that…
- Who is the assignee on this patent?
- Guo Wei-Qiang, Ayres Lynn, Chen Rui, and 3 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3234. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 15 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).