How to Verify Anonymous Users Using Third-Party Identity Services

A method for a system to identify and authorize a user it doesn't know by asking a different, trusted service that already has the user's information.

What it covers

This patent describes a way for a computer system (the profile enabler) to handle a request from a user it does not recognize. Instead of rejecting the user, the system contacts a directory enabler to find a third-party service that actually knows who the user is. The directory enabler selects an appropriate service based on the user's request, and the profile enabler then asks that service to authenticate the user. Once authenticated, the third-party service provides an identity result, such as a security token or an attribute, allowing the original system to grant or deny access to a resource.

What it doesn't cover

• —Does not cover systems where the profile enabler already has the user's credentials.
• —Does not cover direct authentication where the user logs in directly to the primary system.
• —Does not cover scenarios where no third-party service can be identified to verify the user.
• —Does not cover the specific encryption algorithms used to secure the identity tokens.

The clever bit

The system treats the 'anonymous' user as a routing problem: by using a directory enabler to match an unknown user to a known provider, it creates a bridge between isolated identity silos.

Why it matters

This technology is foundational for modern federated identity management, such as 'Log in with Google' or 'Sign in with Apple.' It allows different organizations to share trust, enabling users to access resources across the internet without creating a new account for every single service they encounter.

Real-world examples

• 1.OAuth 2.0 and OpenID Connect workflows
• 2.Single Sign-On (SSO) portals
• 3.Cross-domain identity federation