Systems and methods for single sign-in for multiple accounts

Abstract

Systems and methods which facilitate single user sign-in for multiple accounts are shown. Embodiments create a single user base which maps users to multiple accounts. The use of a single set of credentials by the user is provided for according to embodiments irrespective of the applications associated with the various accounts having very different security protocols. A system hosting the shared user base preferably provides a single authentication point for multiple services. Embodiments an authenticator string, as may be passed between a client and bridge server and / or client and application, in order to enable user access, detect attacks with respect to a client conversation, etcetera. In addition to providing a shared user base for single sign-in, embodiments provide additional shared functionality and / or functionality not available from the applications themselves.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]The present application is a continuation of co-pending, commonly assigned, patent application Ser. No. 11 / 542,658 entitled “SYSTEMS AND METHODS FOR SINGLE SIGN-IN FOR MULTIPLE ACCOUNTS,” filed Oct. 3, 2006. The present application is related to U.S. patent application Ser. No. 11 / 542,654 entitled “Secure Application Bridge Server,” filed Oct. 3, 2006 and U.S. patent application Ser. No. 09 / 692,747 entitled “Machine Dependent Login for On-Line Value-Bearing Item System,” filed Oct. 18, 2000, the disclosures of which are hereby incorporated herein by reference.TECHNICAL FIELD[0002]The present invention is related generally to providing user access to a plurality of accounts and, more particularly, to providing user access to a plurality of accounts using a single user sign-in.BACKGROUND OF THE INVENTION[0003]Various applications provide restrictions on user access and user access protocols for a number of reasons. User access is restricted...

AI Technical Summary

Benefits of technology

[0016]Having single sign-in implemented in a shared host, such as the aforementioned bridge server, facilitates the centralization of user credential management and validation. For example, a user may readily manage password changes effective across all accounts. Moreover, the various applications need not duplicate the resources for validating user credentials. Customer support can be more readily provided as many problems can be addressed in one place.

[0017]Additionally, single sign-in implemented according to embodiments of the invention facilitates acquisition and management of user profile information. For example, a particular application associated with the users' accounts, such as the online postal supply store, may store robust user profile information, such as user name, address, phone number, etcetera. Although traditionally requiring separate input into the various applications a user may have accounts for, embodiments of the present invention facilitate sharing this information among such applications. For example, a shared host such as the aforementioned bridge server may use this information as stored by one application as a repository or source for the user profile information and make it available to any of the other applications, such as a postage printing application, as needed. Such an embodiment provides a single point where the user may input, manage, and update the user profile information. For example, after a user inputs user profile information, or updates user profile information, a bridge server of the present invention may propagate that information, as appropriate, to various applications for which the user has accounts for.

[0023]User authentication by a bridge server of embodiments of the invention preferably utilizes substantially standard (i.e., widely accepted) credentials, such as user name and password. Accordingly, a thin client, simple browser interface, or other easily implemented client configurations may be supported by embodiments of the invention. Moreover, integration with third party applications and / or systems may be relatively easily accommodated. Additional credentials as may be needed by the particular application being accessed are preferably stored in a database of the bridge server, and may be referenced by the credentials provided to the bridge server (e.g., by user name). Once the bridge server has validated the user (e.g., validated the password as properly associated with the user name), the bridge server can access the appropriate application credentials and implement a bridge between the client and application or pass the credentials to the application to facilitate interaction between the client and application.

[0025]In addition to providing a shared user base for single sign-in, embodiments of the present invention provide additional shared functionality. For example, payment processing may be shared by the applications for which single sign-in is provided, thereby eliminating the need for each such application to operate separate payment processing engines. Moreover, using a bridge server or other shared host to provide such payment processing may provide additional security with respect to user's payment information (e.g., credit card accounts, bank accounts, etcetera), as this information need only be provided to a single point rather than to each system for which payments are to be made.

Problems solved by technology

Even where different applications adopt similar credentials requirements, a user may not be able to use the same credentials for each account.

For example, although a user has a particular user name with respect to a account associated with a first application, this user name may have already been in use with respect to another application and thus not be available for the user for a account associated with that application.

Moreover, even where the applications associated with a particular user's accounts are provided or supported by a same vendor, supporting that user is complicated by the fact that the user has multiple sets of credentials for accessing the accounts.

It can be readily appreciated that the foregoing will require additional time and will result in a diminished user experience.

Not only do the foregoing separate accounts for applications provided by a same vendor result in customer support issues, but the vendor itself may not be able to correlate the various activities or behavior of the user.

Accordingly, marketing opportunities and the ability to collect robust information with respect to user behavior system wide may be missed.

The foregoing problems are exasperated as new services or applications are added.

Images