US 9,813,400 B2
Computer-implemented systems and methods of device based, internet-centric, authentication
Brian G. Ross, Haddon Heights, NJ (US); Benjamin P. Hollin, Philadelphia, PA (US); Charles J. Durkin, West Chester, PA (US); Harry D. Anuszewski, Philadelphia, PA (US); and Joseph A. Fischetti, Aldan, PA (US)
Assigned to Probaris Technologies, Inc., Philadelphia, PA (US)
Filed by Brian G. Ross, Haddon Heights, NJ (US); Benjamin P. Hollin, Philadelphia, PA (US); Charles J. Durkin, West Chester, PA (US); Harry D. Anuszewski, Philadelphia, PA (US); and Joseph A. Fischetti, Aldan, PA (US)
Filed on Sep. 18, 2015, as Appl. No. 14/858,087.
Claims priority of provisional application 62/076,637, filed on Nov. 7, 2014.
Prior Publication US 2016/0134599 A1, May 12, 2016
Int. Cl. H04L 29/06 (2006.01); G06F 21/41 (2013.01); G06F 21/31 (2013.01); H04W 12/06 (2009.01); H04L 29/08 (2006.01)
CPC H04L 63/08 (2013.01) [G06F 21/31 (2013.01); G06F 21/41 (2013.01); H04L 63/0442 (2013.01); H04L 63/0815 (2013.01); H04L 63/0823 (2013.01); H04W 12/06 (2013.01); H04L 67/02 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for authorizing respective access by each of a plurality of Internet users to a respective one or more Internet services provided by each of a plurality of Internet service providers, comprising:
a processor at a single identity provider;
a first non-transitory computer readable storage device of the single identity provider, wherein the first non-transitory computer readable storage device is configured to store data, and wherein the stored data comprises:
for each of a plurality of Internet users, a respective public key portion of a respective authentication token, wherein the respective authentication token is specific to:
an electronic mail address, or anonymous identifier, of the Internet user;
a user credential of the Internet user;
a device identifier for each of one or more devices of the Internet user;
an identity provider application of the single identity provider residing on a computing device of the one or more devices and that is configured to be used by the Internet user to access a respective one or more Internet services provided by each of a plurality of Internet service providers;
for each of the plurality of Internet service providers, a respective identifier that is visually perceptible when displayed on a page of the single identity provider application and when displayed on a web page belonging to the single identity provider; and
for each of a respective one or more Internet services provided by each of the plurality of Internet service providers, a respective identifier, and a respective one or more call-back Internet addresses belonging to the respective Internet service provider;
a second non-transitory computer-readable storage device of the single identity provider, wherein the second non-transitory computer readable storage device is encoded with program code executable by the processor for:
requiring the respective single identity provider application residing on each of the respective computing devices of the plurality of Internet users to create the respective authentication token and to store a respective private key portion of the respective authentication token on the respective computing device;
receiving, via a respective application programming interface (API) call from a respective computer server of each of the plurality of Internet service providers, a respective identifier for a respective selected one of the respective one or more Internet services provided by the respective Internet service provider, wherein each respective identifier is received in response to a respective Internet user selection of a respective link on the respective web page belonging to the respective Internet service provider and displayed on a respective web browser to request access to the respective selected one Internet service;
automatically generating, and transmitting to the respective web browser, a respective web page belonging to the single identity provider that displays:
the respective visually perceptible identifier of the respective Internet service provider; and
a respective Internet address of the respective web page belonging to the respective Internet service provider;
requiring the respective single identity provider application residing on each of the respective computing devices of the selecting Internet users to display a respective page to input the respective user credential of the respective selecting Internet user, wherein each input user credential is configured to be used to decrypt the respective stored private key portion of the respective authentication token of the respective selecting Internet user;
receiving, via a respective API call from the respective single identity provider application residing on each of the respective computing devices of the selecting Internet users, a respective approved authentication challenge message;
validating each of a plurality of the received respective approved authentication challenge messages using the respective stored public key portions of the respective authentication tokens of the respective selecting Internet users;
in response to validating the plurality of received approved authentication challenge messages, authorizing access by the respective selecting Internet users to the respective selected one Internet services by re-directing the respective web browsers to a respective one of the respective one or more call-back Internet addresses for the respective selected one Internet services.