Rights based system

US 10,073,984 B2
Filed: 10/19/2016
Issued: 09/11/2018
Est. Priority Date: 08/02/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, with a first server, a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;

transmitting, with the first server, a second request to a second server for a voucher template specified by the issue voucher;

receiving, with the first server, the voucher template from the second server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;

transmitting, with the first server, a third request for a first access token to a third server, the third request including the issue voucher;

receiving, with the first server, the first access token from the third server as a result of validation of the issue voucher by the third server, the first access token being configured to allow access to a first endpoint associated with the second server, the first endpoint being configured to generate the class of vouchers;

transmitting, with the first server, a fourth request for issuance of the new voucher to the first endpoint associated with the second server, the fourth request including the first access token and the voucher template; and

receiving, with the first server, the new voucher from the second server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the second server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

237 Citations

27 Claims

1. A computer-implemented method, comprising:
- receiving, with a first server, a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;
  
  transmitting, with the first server, a second request to a second server for a voucher template specified by the issue voucher;
  
  receiving, with the first server, the voucher template from the second server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;
  
  transmitting, with the first server, a third request for a first access token to a third server, the third request including the issue voucher;
  
  receiving, with the first server, the first access token from the third server as a result of validation of the issue voucher by the third server, the first access token being configured to allow access to a first endpoint associated with the second server, the first endpoint being configured to generate the class of vouchers;
  
  transmitting, with the first server, a fourth request for issuance of the new voucher to the first endpoint associated with the second server, the fourth request including the first access token and the voucher template; and
  
  receiving, with the first server, the new voucher from the second server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the second server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - transmitting, with the first server, a representation of the voucher template to a client device from which the first request was received; and
      
      receiving, with the first server, input from the client device corresponding to the voucher template.
  - 3. The method of claim 2, wherein the input from the client device includes one or more parameter values for one or more variables represented in the voucher template.
  - 4. The method of claim 2, wherein the voucher template includes no variables, and wherein the input from the client device represents approval of the voucher template.
  - 5. The method of claim 1, wherein the second request for the voucher template is directed to a second endpoint associated with the second server, the first and second endpoints corresponding to different uniform resource locators (URLs).
  - 6. The method of claim 1, wherein the second request for the voucher template is directed to the first endpoint associated with the second server, and wherein the second request employs a first type of HTTP method, and the fourth request employs a second type of HTTP method.
  - 7. The method of claim 1, further comprising facilitating, by the first server, redemption of the right to access the protected resource using the new voucher, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the third server.
  - 8. The method of claim 7, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher.
  - 9. The method of claim 1, further comprising:
    - receiving, with the first server, a fifth request for access to the protected resource, the fifth request corresponding to the new voucher;
      
      transmitting, with the first server, a sixth request for a second access token to the third server, the sixth request including the new voucher;
      
      receiving, with the first server, the second access token from the third server as a result of validation of the new voucher by the third server, the second access token being configured to allow access to the protected resource; and
      
      transmitting, with the first server, a seventh request for access to the protected resource to a fourth server that controls access to the protected resource, the seventh request including the second access token.
  - 10. The method of claim 9, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the third server.
  - 11. The method of claim 10, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher.
  - 12. The method of claim 1, wherein redemption of the right to issue the new voucher results in replacement of the refresh value of the issue voucher with a new refresh value generated by the third server.
  - 13. The method of claim 12, wherein the issue voucher also includes a sequence number, and wherein redemption of the right to issue the new voucher results in incrementing of the sequence number of the issue voucher.

14. A system, comprising one or more hardware computing devices configured to:
- receive a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;
  
  transmit a second request to a first server for a voucher template specified by the issue voucher;
  
  receive the voucher template from the first server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;
  
  transmit a third request for a first access token to a second server, the third request including the issue voucher;
  
  receive the first access token from the second server as a result of validation of the issue voucher by the second server, the first access token being configured to allow access to a first endpoint associated with the first server, the first endpoint being configured to generate the class of vouchers;
  
  transmit a fourth request for issuance of the new voucher to the first endpoint associated with the first server, the fourth request including the first access token and the voucher template; and
  
  receive the new voucher from the first server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the first server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14, wherein the one or more computing devices are further configured to:
    - transmit a representation of the voucher template to a client device from which the first request was received; and
      
      receive input from the client device corresponding to the voucher template.
  - 16. The system of claim 15, wherein the input from the client device includes one or more parameter values for one or more variables represented in the voucher template.
  - 17. The system of claim 15, wherein the voucher template includes no variables, and wherein the input from the client device represents approval of the voucher template.
  - 18. The system of claim 14, wherein the second request for the voucher template is directed to a second endpoint associated with the first server, the first and second endpoints corresponding to different uniform resource locators (URLs).
  - 19. The system of claim 14, wherein the second request for the voucher template is directed to the first endpoint associated with the first server, and wherein the second request employs a first type of HTTP method, and the fourth request employs a second type of HTTP method.
  - 20. The system of claim 14, wherein the one or more computing devices are further configured to facilitate redemption of the right to access the protected resource using the new voucher, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the second server.
  - 21. The system of claim 20, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher.
  - 22. The system of claim 14, wherein the one or more computing devices are further configured to:
    - receive a fifth request for access to the protected resource, the fifth request corresponding to the new voucher;
      
      transmit a sixth request for a second access token to the second server, the sixth request including the new voucher;
      
      receive the second access token from the second server as a result of validation of the new voucher by the second server, the second access token being configured to allow access to the protected resource; and
      
      transmit a seventh request for access to the protected resource to a third server that controls access to the protected resource, the seventh request including the second access token.
  - 23. The system of claim 22, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the second server.
  - 24. The system of claim 23, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher.
  - 25. The system of claim 14, wherein redemption of the right to issue the new voucher results in replacement of the refresh value of the issue voucher with a new refresh value generated by the second server.
  - 26. The system of claim 25, wherein the issue voucher also includes a sequence number, and wherein redemption of the right to issue the new voucher results in incrementing of the sequence number of the issue voucher.

27. A computer program product, comprising one or more non-transitory computer-readable media having computer program instructions stored therein, the computer program instructions being configured such that, when executed by one or more computing devices, the computer program instructions cause the one or more computing devices to:
- receive a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;
  
  transmit a second request to a first server for a voucher template specified by the issue voucher;
  
  receive the voucher template from the first server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;
  
  transmit a third request for a first access token to a second server, the third request including the issue voucher;
  
  receive the first access token from the second server as a result of validation of the issue voucher by the second server, the first access token being configured to allow access to a first endpoint associated with the first server, the first endpoint being configured to generate the class of vouchers;
  
  transmit a fourth request for issuance of the new voucher to the first endpoint associated with the first server, the fourth request including the first access token and the voucher template; and
  
  receive the new voucher from the first server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the first server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
API Market, Inc.
Original Assignee
API Market, Inc.
Inventors
Roever, Stefan, Watson, David
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US15/298,103
Publication Number

US 20170083720A1
Time in Patent Office

692 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

Rights based system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

237 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Rights based system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

237 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links