Third-party authorization of user credentials

US 10,027,680 B1
Filed: 09/14/2015
Issued: 07/17/2018
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable storage media including instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:

receiving, by a client device associated with a first user, a request to output a first credential representation that represents a particular user credential issued to the first user by a credential grantor;

in response to receiving the request to output the first credential representation that represents the particular user credential issued to the first user, obtaining, by the client device, data identifying one or more third parties having authority to grant access to the particular user credential issued to the first user;

receiving user input at the client device that indicates a selection of a validation mode from among multiple different validation modes for validating a second credential representation that represents a credential issued to one of the one or more third parties;

obtaining, by the client device and according to the selected validation mode, the second credential representation that represents a credential issued to one of the one or more third parties by the credential grantor that issued the particular user credential to the first user, the one or more third parties having authority to grant access to the particular user credential issued to the first user;

validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties; and

in response to validating the second credential representation that represents the credential issued to the one of the one or more third parties, outputting, by the client device, the first credential representation that represents the particular user credential issued to the first user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, a client device receives a request from a user to output a representation for a credential of the user. In response to receiving the request from the user to output the representation for the credential of the user, the client device obtains data identifying a third-party having authority to grant the user access to the credential of the user. The client device then obtains a representation of a credential associated with the third-party and validates the representation of the credential associated with the third-party. In response to validating the representation of the credential associated with the third-party, the client device outputs the representation for the credential of the user.

102 Citations

View as Search Results

20 Claims

1. One or more non-transitory computer-readable storage media including instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- receiving, by a client device associated with a first user, a request to output a first credential representation that represents a particular user credential issued to the first user by a credential grantor;
  
  in response to receiving the request to output the first credential representation that represents the particular user credential issued to the first user, obtaining, by the client device, data identifying one or more third parties having authority to grant access to the particular user credential issued to the first user;
  
  receiving user input at the client device that indicates a selection of a validation mode from among multiple different validation modes for validating a second credential representation that represents a credential issued to one of the one or more third parties;
  
  obtaining, by the client device and according to the selected validation mode, the second credential representation that represents a credential issued to one of the one or more third parties by the credential grantor that issued the particular user credential to the first user, the one or more third parties having authority to grant access to the particular user credential issued to the first user;
  
  validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties; and
  
  in response to validating the second credential representation that represents the credential issued to the one of the one or more third parties, outputting, by the client device, the first credential representation that represents the particular user credential issued to the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The one or more non-transitory computer-readable storage media of claim 1, wherein receiving, by the client device associated with the first user, the request to output the first credential representation that represents the particular user credential issued to the first user comprises:
    - receiving, from the first user, a selection of the particular user credential issued to the first user from among the plurality of user credentials, two or more of the plurality of user credentials being associated with different credential grantors.
  - 3. The one or more non-transitory computer-readable storage media of claim 1, wherein the operations further comprise:
    - receiving a selection of the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user, the one or more third parties including users other than the first user and not including the credential grantor, the second credential representation representing a credential issued to one of the users other than the first user; and
      
      receiving a request for location information indicative of a location of the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user.
  - 4. The one or more non-transitory computer-readable storage media of claim 1, wherein the operations further comprise:
    - providing, by the client device, a user interface indicating the different validation modes used to validate different types of credential representations; and
      
      wherein validating the second credential comprises determining that the selected validation mode of the client device matches a validation mode of a device associated with the one of the one or more third parties.
  - 5. The one or more non-transitory computer-readable storage media of claim 1, wherein the validation mode is selected from the group consisting of an alphanumeric validation mode, a quick response (QR) code validation mode, a sound wave validation mode, and a near field communication (NFC) validation mode.
  - 6. The one or more non-transitory computer-readable storage media of claim 1, wherein validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties comprises:
    - decoding data from the obtained second credential representation that represents the credential issued to one of the one or more third parties to obtain a credential identifier;
      
      determining that the obtained credential identifier matches a stored credential identifier corresponding to the second credential issued to one of the one or more third parties; and
      
      displaying, on the client device, an indication that the second credential representation that represents the credential issued to the one of the one or more third parties is validated.
  - 7. The one or more non-transitory computer-readable storage media of claim 6, wherein:
    - the second credential representation that represents the credential issued to one of the one or more third parties is a time-varying credential representation;
      
      decoding data from the obtained second credential representation that represents the credential issued to one of the one or more third parties comprises obtaining a time stamp from the decoded second credential representation that represents the credential issued to one of the one or more third parties; and
      
      validating the second credential representation that represents the credential issued to the one of the one or more third parties further comprises determining that a time at which the second credential representation that represents the credential issued to the one of the one or more third parties is being validated is within a time period indicated by the time stamp.
  - 8. The one or more non-transitory computer-readable storage media of claim 1, wherein obtaining, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user comprises obtaining, by the client device associated with the first user from the third party, an alphanumeric code representing the credential issued to the one of the one or more third parties according to the selected validation mode;
    - andwherein validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties comprises;
      
      transmitting, from the client device associated with the first user, a validation request to a server, wherein the validation request includes the alphanumeric code; and
      
      receiving a validation response from the server, the validation response indicating that the credential issued to the one of the one or more third parties is validated.
  - 9. The one or more non-transitory computer-readable storage media of claim 8, wherein the operations further comprise:
    - obtaining, by the client device, a time period during which third party authorization is required to access the credential; and
      
      wherein, in response to receiving the request to output the first credential representation that represents the particular user credential issued to the first user, obtaining, by the client device, the data identifying the one or more third parties having authority to grant access to the particular user credential issued to the first user comprises;
      
      determining that a current time is within the time period; and
      
      in response to receiving the request to output the first credential representation that represents the particular user credential issued to the first user and having determined that the current time is within the time period, obtaining, by the client device, the data identifying the one or more third parties having authority to grant access to the particular user credential issued to the first user.
  - 10. The one or more non-transitory computer-readable storage media of claim 9, wherein the data identifying the one or more third parties having authority to grant access to the particular user credential issued to the first user comprises data identifying one or more specific individuals having authority to grant access to the particular user credential issued to the first user.
  - 11. The one or more non-transitory computer-readable storage media of claim 1, wherein the operations further comprise, in response to validating the second credential representation that represents the credential issued to the one of the one or more third parties, receiving, by the client device from a server, data encoding the particular user credential issued to the first user;
    - wherein the request to output the first credential representation corresponds to a user selection of a particular type of credential representation from among a plurality of different types of credential representations for the particular user credential issued to the first user.
  - 12. The one or more non-transitory computer-readable storage media of claim 1, wherein obtaining the data identifying one or more third parties having authority to grant access to the particular user credential issued to the first user comprises:
    - obtaining data identifying (i) respective locations of the one or more third parties, and (ii) types of credentials respectively issued to the one or more third parties.

13. A system comprising:
- one or more processors and one or more non-transitory computer-readable storage media storing instructions that are operable and when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, by a client device associated with a first user, a request to output a first credential representation that represents a particular user credential issued to the first user by a credential grantor;
  
  in response to receiving the request to output the first credential representation that represents the particular user credential issued to the first user, obtaining, by the client device, data identifying one or more third parties having authority to grant access to the particular user credential issued to the first user;
  
  receiving user input at the client device that indicates a selection of a validation mode from among multiple different validation modes for validating a second credential representation that represents a credential issued to one of the one or more third parties;
  
  obtaining, by the client device and according to the selected validation mode, the second credential representation that represents a credential issued to one of the one or more third parties by the credential grantor that issued the particular user credential to the first user, the one or more third parties having authority to grant access to the particular user credential issued to the first user;
  
  validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties; and
  
  in response to validating the second credential representation that represents the credential first credential representation that represents the particular user credential issued to the first user.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the operations further comprise:
    - receiving a selection of the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user, the one or more third parties including users other than the first user and not including the credential grantor, the second credential representation representing a credential issued to one of the users other than the first user; and
      
      receiving a request for location information indicative of a location of the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user.
  - 15. The system of claim 13,wherein:
    - the validation mode is selected from the group consisting of a alphanumeric validation mode, a quick response (QR) code validation mode, a sound wave validation mode, and a near field communication (NFC) validation mode; and
      
      wherein validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties comprises;
      
      determining that the selected validation mode of the client device matches a validation mode of a device associated with the one of the one or more third parties.
  - 16. The system of claim 13, wherein validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties comprises:
    - decoding data from the obtained second credential representation that represents the credential issued to one of the one or more third parties to obtain a credential identifier;
      
      determining that the obtained credential identifier matches a stored credential identifier corresponding to the credential issued to one of the one or more third parties; and
      
      displaying, on the client device, an indication that the second credential representation that represents the credential issued to the one of the one or more third parties is validated.

17. A computer-implemented method comprising:
- receiving, by a client device associated with a first user, a request to output a first credential representation that represents a particular user credential issued to the first user by a credential grantor;
  
  in response to receiving the request to output the first credential representation that represents the particular user credential issued to the first user, obtaining, by the client device, data identifying one or more third parties having authority to grant access to the particular user credential issued to the first user;
  
  receiving user input at the client device that indicates a selection of a validation mode from among multiple different validation modes for validating a second credential representation that represents a credential issued to one of the one or more third parties;
  
  obtaining, by the client device and according to the selected validation mode, the second credential representation that represents a credential issued to one of the one or more third parties by the credential grantor that issued the particular user credential to the first user, the one or more third parties having authority to grant access to the particular user credential issued to the first user;
  
  validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties; and
  
  in response to validating the second credential representation that represents the credential issued to the one of the one or more third parties, outputting, by the client device, the first credential representation that represents the particular user credential issued to the first user.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented method of claim 17, wherein the operations further comprise:
    - receiving a selection of the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user, the one or more third parties including users other than the first user and not including the credential grantor, the second credential representation representing a credential issued to one of the users other than the first user; and
      
      receiving a request for location information indicative of a location of the one of the one or more third parties having authority to grant access to the particular user credential issued to the first user.
  - 19. The computer-implemented method of claim 17, wherein:
    - the validation mode is selected from the group consisting of a alphanumeric validation mode, a quick response (QR) code validation mode, a sound wave validation mode, and a near field communication (NFC) validation mode; and
      
      wherein validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties comprises;
      
      determining that the selected validation mode of the client device matches a validation mode of a device associated with the one of the one or more third parties.
  - 20. The computer-implemented method of claim 17, wherein validating, by the client device, the second credential representation that represents the credential issued to the one of the one or more third parties comprises:
    - decoding data from the obtained second credential representation that represents the credential issued to one of the one or more third parties to obtain a credential identifier;
      
      determining that the obtained credential identifier matches a stored credential identifier corresponding to the credential issued to one of the one or more third parties; and
      
      displaying, on the client device, an indication that the second credential representation that represents the credential issued to the one of the one or more third parties is validated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Saylor, Michael J.
Primary Examiner(s)
ABEDIN, SHANTO

Application Number

US14/853,623
Time in Patent Office

1,037 Days
Field of Search

726 2- 7, 713155, 713168-171, 713182
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

H04L 9/321   involving a third party or ...

H04L 9/3228   One-time or temporary data,...

Third-party authorization of user credentials

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Third-party authorization of user credentials

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links