Who is the assignee on this patent?

Microsoft Corp, Microsoft Technology Licensing Llc

What technology area does this patent fall under?

Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Cookie optimization

US9769159B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9769159-B2
Application number	US-201213716072-A
Country	US
Kind code	B2
Filing date	Dec 14, 2012
Priority date	Dec 14, 2012
Publication date	Sep 19, 2017
Grant date	Sep 19, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed herein is a system and method for optimizing a cookie or token in a web service or other claims based domain system. A user presents an identity token to the domain system which verifies the identity claim as authentic and then determines what accounts the user has access to on the domain. The user is issued an intermediate token by the system which includes the locations of the accounts the user has access to. The user then selects the account they wish to interact with and receives an account token back to the user for the specific account, including any of the privileges the user has on the account. The account token also includes information that the user has multiple accounts on the domain. The user is able to switch accounts on the domain system without having to revalidate their credentials to the domain system.

First claim

Opening claim text (preview).

The invention claimed is: 1. A computing device comprising: at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and execute instructions including instructions for causing the computing device to perform operations, the operations including: receiving an identity token that is associated with a user; determining a list of candidate computing accounts for the user on a given computing domain based on information contained within the identity token; determining computing accounts, from the list of candidate computing accounts, that the user has access to and the user's permission level on each of the computing accounts from the list of candidate computing accounts that the user has access to; in response to determining the computing accounts, generating an intermediate token for the user, the intermediate token including an identity claim for the user and a list of computing accounts that the user was determined to have access to; generating an account token for an account selected from the list of computing accounts that the user was determined to have access to; providing the account token to another computing device; and in response to a request, authorizing a holder of the account token to access the account selected from the list of computing accounts that the user was determined to have access to. 2. The computing device of claim 1 , wherein the operations further include: parsing the received identity claim for an identity of a computing domain. 3. The computing device of claim 2 , wherein the to operations further include: parsing the received identity claim for a personally unique identifier for the user on the computing domain. 4. The computing device of claim 1 , wherein the operations further include: determining a location of a service having information regarding a particular computing account to which the user may have access. 5. The computing device of claim 4 , wherein the operations further include: querying the determined service with a personally unique identifier for the user; and receiving an indication of whether the user has access to a particular computing account. 6. The computing device of claim 1 , wherein the operations further include: converting the account token for the user into the intermediate token for the user. 7. The computing device of claim 1 , wherein the operations further include: receiving the intermediate token from the user; and converting the intermediate token into the account token. 8. The computing device of claim 1 , wherein the account token includes a management claim 1 , the management claim comprising identifying information uniquely identifying the user and an indication that the user has multiple accounts on the computing domain. 9. The computing device of claim 1 , wherein the operations further include: receiving a user name and password from a user; and providing the identity token to a user in response to receiving the user name and the password. 10. A method comprising: receiving, by a computing device, an identity token for a user; extracting a domain identifier for at least one computing domain from the identity token, wherein the domain identifier is contained within a portion of the identity token; determining a list of locations of computing accounts that the user has permission to access based at least in part on the extracted domain identifier; generating an intermediate token for the user, the intermediate token indicating the determined list of locations of computing accounts; generating an account token for an account selected from the computing accounts that the user has permission to access; transmitting, by the computing device, the generated account token to another computing device, the generated account token including an indication that the user has multiple accounts; and authorizing a holder of the account token to access the account selected from the computing accounts that the user has permission to access. 11. The method of claim 10 , further comprising: validating the received identity token; and extracting, by the computing device, a personally unique identifier for the user from the identity token. 12. The method of claim 10 , wherein determining the list of computing accounts comprises: obtaining a list of candidate accounts for the user on the at least one computing domain; querying if the user is authorized to access a computing account from the list of candidate accounts; and if the user is authorized to access the computing account from the list of candidate accounts adding a location of that computing account to the determined list of locations of accounts. 13. The method of claim 12 , wherein the querying comprises: comparing a personally unique identifier for the user against a list of authorized users on the computing account; and returning an indication that the user is authorized to access the computing account if the user is authorized. 14. The method of claim 13 , wherein returning the indication further includes returning an indication of a level of access the user has to the computing account if the user is authorized to access the computing account. 15. The method of claim 10 , further comprising: receiving an indication of a selection of a computing account from the computing accounts that the user has permission to access. 16. The method of claim 10 , further comprising: receiving an indication a request to change to a different one of the computing accounts from the computing accounts that the user has permission to access; converting the account token into the intermediate token; receiving an indication of a new computing account from the computing accounts that the user has permission to access; and generating a new account token for the user, the new account token for accessing the new computing account. 17. The method of claim 10 , wherein the computing account token includes a management claim for the selected computing account and an indication that the user has access to multiple computing accounts on the at least one computing domain. 18. A method, comprising: receiving, by a computing device, an identity token that is associated with a user; determining a list of candidate computing accounts for the user on a given computing domain based on information contained within the identity token; determining computing accounts, from the list of candidate computing accounts, that the user has access to and the user's permission level on each of the computing accounts from the list of candidate computing accounts that the user has access to; in response to determining the computing accounts, generating an intermediate token for the user, the intermediate token including an identity claim for the user and a list of computing accounts that the user was determined to have access to; generating an account token for an account selected from the list of computing accounts that the user was determined to have access to; providing the account token to another computing device; and in response to a request, authorizing a holder of the account token to access the account selected from the list of computing accounts that the user was determined to have access to. 19. The method of claim 18 , wherein further comprising: determining a location of a service having information regarding a particular computing account to which the user may have access; querying the determined servi

Assignees

Inventors

Classifications

H04L63/0815
providing single-sign-on or federations · CPC title
H04L67/02
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title

Patent family

Related publications grouped by family.

View patent family 50932607

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9769159B2 cover?: Disclosed herein is a system and method for optimizing a cookie or token in a web service or other claims based domain system. A user presents an identity token to the domain system which verifies the identity claim as authentic and then determines what accounts the user has access to on the domain. The user is issued an intermediate token by the system which includes the locations of the accou…
Who is the assignee on this patent?: Microsoft Corp, Microsoft Technology Licensing Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).