Protecting user identity at a cloud using a distributed user identity system
US-9628471-B1 · Apr 18, 2017 · US
Anonymous single sign-on to third-party systems
US9769122B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9769122-B2 |
| Application number | US-201414471313-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 28, 2014 |
| Priority date | Aug 28, 2014 |
| Publication date | Sep 19, 2017 |
| Grant date | Sep 19, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An online system receives from a third-party application on a client device, an anonymous login request to anonymously log a user of the online system into a third-party system associated with the third-party application. Responsive to receiving the anonymous login request, the online system generates a permissions user interface (UI) that provides an interface component including an option for the user to anonymously log into the third-party system using the user's login information for the online system. The online system provides the permissions UI to the client device, and receives permissions information from the client device. The online system generates an anonymous identifier that allows the user to login to the third-party system. The online system provides the anonymous identifier to the third-party application to allow anonymous login of the user into the third-party system in accordance with the permissions information.
First claim
Opening claim text (preview).
What is claimed is: 1. A non-transitory computer-readable storage medium storing executable computer program instructions, the computer program instructions comprising instructions that when executed cause a computer processor to perform steps comprising: receiving, by an online system from a third-party application on a client device of a user, an indication that a user who is logging into the third party system associated with the third party application: (1) has selected an anonymous login option at a login page of the third party application that has a validated login option and the anonymous login option, and (2) has been redirected to the online system to implement the user's anonymous login request to anonymously log the user into the third party system, the third party system being external to and separate from the online system; responsive to receiving the anonymous login request, generating by the online system a permissions user interface (“UI”) that provides an interface component including an option for the user to anonymously log into the third party system using the user's login information for the online system; providing the permissions UI to the client device, wherein responsive to input from the user, the permissions UI generates permissions information confirming that the user has requested to anonymously log into the third party system without the online system sharing any personally identifiable information (“PII”) of the user with the third-party application and the third party system; responsive to receiving the permission information, generating an access token for the user to anonymously log into the third party system; providing the access token to the third-party application; receiving a request for an anonymous identifier from the third-party application, the request including the access token; generating, by the online system, an anonymous identifier that allows the user to login to the third party system, wherein the anonymous identifier is unique to the client device and to the third party system associated with the third party application such that the anonymous identifier can be re-used by the user to anonymously login to the third party application in the future; and providing the anonymous identifier to the third-party application to allow anonymous single sign-on of the user into the third party system in accordance with the permissions information. 2. The non-transitory computer-readable storage medium of claim 1 , wherein generating the permissions UI further comprises: generating a second interface component that provides the user with an option to log into the third party system via a validated login option that shares the user's PII with the third-party application; and generating a third interface component that provides the user with an option to log into the third party system via an anonymous login option that shares some, but not all, of user's PII, with the third-party application. 3. The non-transitory computer-readable storage medium of claim 1 , wherein the instructions, when executed, further cause a computer processor to perform steps comprising: identifying a plurality of third-party systems the user is logged into, the plurality of third-party systems including the third party system; generating a graphical user interface that lists the identified third-party systems; and providing the graphical user interface to the client device. 4. The non-transitory computer-readable storage medium of claim 3 , wherein the identified plurality of third-party systems the user is logged into includes at least one third-party system that the user is logged into via a validated login option that shares the user's PII with the third-party application. 5. The non-transitory computer-readable storage medium of claim 1 , wherein the instructions, when executed, further cause a computer processor to perform steps comprising: receiving another anonymous login request from the third-party application on the client device; determining that a number of times the online system has received anonymous login requests associated with the user and the third-party application is greater than a threshold value; generating a second permissions UI that provides the user with an option to log into the third party system using the user's login information for the online system in a manner that shares some of the user's PII with the third-party application; and providing the second permissions UI to the client device. 6. The non-transitory computer-readable storage medium of claim 1 , wherein the instructions, when executed, further cause a computer processor to perform steps comprising: receiving another anonymous login request from the third-party application on the client device; determining that a number of times the online system has received anonymous login requests associated with the user and the third-party application is greater than a threshold value; generating a second permissions UI that provides the user with an option to log into the third party system using the user's login information for the online system in a manner that shares some, but not all, of the user's PII with the third-party application; and providing the second permissions UI to the client device. 7. A method comprising: receiving, by an online system from a third-party application on a client device of a user, an indication that a user who is logging into the third party system associated with the third party application: (1) has selected an anonymous login option at a login page of the third party application that has a validated login option and the anonymous login option, and (2) has been redirected to the online system to implement the user's anonymous login request to anonymously log the user into the third party system, the third party system being external to and separate from the online system; responsive to receiving the anonymous login request, generating by the online system a permissions user interface (“UI”) that provides an interface component including an option for the user to anonymously log into the third party system using the user's login information for the online system; providing the permissions UI to the client device, wherein responsive to input from the user, the permissions UI generates permissions information confirming that the user has requested to anonymously log into the third party system without the online system sharing any personally identifiable information (“PII”) of the user with the third-party application and the third party system; responsive to receiving the permission information, generating an access token for the user to anonymously log into the third party system; providing the access token to the third-party application; receiving a request for an anonymous identifier from the third-party application, the request including the access token; generating, by the online system, an anonymous identifier that allows the user to login to the third party system, wherein the anonymous identifier is unique to the client device and to the third party system associated with the third party application such that the anonymous identifier can be re-used by the user to anonymously login to the third party application in the future; and providing the anonymous identifier to the third-party application to allow anonymous single sign-on of the user into the third party system in accordance with the permissions information. 8. The method of claim 7 , wherein generating the permissions UI further comprises: generating a second interface component that provides the user with an option to log into the third party system via a validated login option that shares the user's PII with the third-party a
Assignees
Inventors
Classifications
providing single-sign-on or federations · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
- H04L63/0421Primary
Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9769122B2 cover?
- An online system receives from a third-party application on a client device, an anonymous login request to anonymously log a user of the online system into a third-party system associated with the third-party application. Responsive to receiving the anonymous login request, the online system generates a permissions user interface (UI) that provides an interface component including an option for…
- Who is the assignee on this patent?
- Facebook Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0421. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).