Delegated resource authorization for replicated applications

US 10,122,728 B2
Filed: 02/18/2016
Issued: 11/06/2018
Est. Priority Date: 02/18/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

assigning a single application identifier (ID) and a single application secret value (SV) to a customer application, wherein multiple replicated instances of the customer application include a first instance of the customer application assigned the single application ID and the single application SV and installed in a first machine of a machine cluster of customer premises equipment (CPE), and a second instance of the customer application assigned the single application ID and the single application SV and installed in a second machine of the machine cluster of the CPE;

receiving, at an authenticating device, a first resource authorization request from the first instance of the customer application via a wireless network connection to the first machine;

receiving, at the authenticating device, a second resource authorization request from the second instance of the customer application via a wireline network connection to the second machine;

generating, responsive to the first resource authorization request, a first token using a first network address associated with the first machine, the single application ID and the single application SV;

returning, from the authenticating device to the first instance of the customer application, the generated first token for use in requesting access to a resource server;

generating, responsive to the second resource authorization request, a second token using a second network address associated with the second machine, the single application ID and the single application SV; and

returning, from the authenticating device to the second instance of the customer application, the generated second token for use in requesting access to the resource server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticating device assigns an application identifier and an application secret value to a customer application, receives a first resource authorization request from a first instance of multiple replicated instances of a customer application, where the first instance is installed in a first machine, and receives a second resource authorization request from a second instance of the multiple replicated instances of the customer application, where the second instance is installed in a second machine. The authenticating device generates, responsive to the first resource authorization request, a first token using a first network address associated with the first machine, the application identifier and the application secret value, and returns, to the first instance of the customer application, the generated first token for use in requesting access to a resource server.

Citations

20 Claims

1. A method, comprising:
- assigning a single application identifier (ID) and a single application secret value (SV) to a customer application, wherein multiple replicated instances of the customer application include a first instance of the customer application assigned the single application ID and the single application SV and installed in a first machine of a machine cluster of customer premises equipment (CPE), and a second instance of the customer application assigned the single application ID and the single application SV and installed in a second machine of the machine cluster of the CPE;
  
  receiving, at an authenticating device, a first resource authorization request from the first instance of the customer application via a wireless network connection to the first machine;
  
  receiving, at the authenticating device, a second resource authorization request from the second instance of the customer application via a wireline network connection to the second machine;
  
  generating, responsive to the first resource authorization request, a first token using a first network address associated with the first machine, the single application ID and the single application SV;
  
  returning, from the authenticating device to the first instance of the customer application, the generated first token for use in requesting access to a resource server;
  
  generating, responsive to the second resource authorization request, a second token using a second network address associated with the second machine, the single application ID and the single application SV; and
  
  returning, from the authenticating device to the second instance of the customer application, the generated second token for use in requesting access to the resource server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - granting access, to the resource server, to the first instance or the second instance of the customer application based on receipt of the first token or the second token.
  - 3. The method of claim 1, wherein generating the first token using the first network address associated with the first machine, the single application ID and the single application SV comprises:
    - applying a function to the first network address, the single application ID and the single application SV to generate the first token.
  - 4. The method of claim 3, wherein generating the second token using the second network address associated with the second machine, the single application ID and the single application SV comprises:
    - applying the function to the second network address, the single application ID and the single application SV to generate the second token.
  - 5. The method of claim 4, wherein the function comprises a hash function and wherein the first token comprises a first hash value and the second token comprises a second hash value.
  - 6. The method of claim 1, further comprising:
    - storing, by the authenticating device, the first token in a database;
      
      receiving a first resource access request, by the authenticating device, from the first instance of the customer application installed in the first machine, wherein the first resource access request includes a first resource access token; and
      
      validating the first resource access token by comparing the first resource access token to the first token previously stored in the database.
  - 7. The method of claim 6, further comprising:
    - granting access, to the resource server, to the first instance of the customer application based on the comparison of the first resource access token to the first token previously stored in the database.
  - 8. The method of claim 6, further comprising:
    - storing, by the authenticating device, the second token in the database;
      
      receiving a second resource access request, by the authenticating device, from the second instance of the customer application installed in the second machine, wherein the second resource access request includes a second resource access token; and
      
      validating the second resource access token by comparing the second resource access token to the second token stored in the database.
  - 9. The method of claim 8, further comprising:
    - granting access, to the resource server, to the second instance of the customer application based on the validating of the second resource access token.

10. A network device, comprising:
- a processing unit configured to;
  
  assign a single application identifier (ID) and a single application secret value (SV) to a customer application, wherein multiple replicated instances of the customer application include a first instance of the customer application assigned the single application ID and the single application SV and installed in a first machine of a machine cluster of customer premises equipment (CPE), and a second instance of the customer application assigned the single application ID and the single application SV and installed in a second machine of the machine cluster of the CPE; and
  
  a communication interface connected to a network and configured to;
  
  receive a first resource authorization request from the first instance of the customer application via a wireline network connection to the first machine, andreceive a second resource authorization request from the second instance of the customer application via a wireless network connection to the second machine;
  
  wherein the processing unit is further configured to;
  
  generate, responsive to the first resource authorization request, a first token using a first network address associated with the first machine, the single application ID and the single application SV,return, via the communication interface to the first instance of the customer application, the generated first token for use in requesting access to a resource server,generate, responsive to the second resource authorization request, a second token using a second network address associated with the second machine, the single application ID and the single application SV, andreturn, via the communication interface to the second instance of the customer application, the generated second token for use in requesting access to the resource server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The network device of claim 10, wherein the processing unit is further configured to:
    - grant access, to the resource server, to the first instance or the second instance of the customer application based on receipt of the first token or the second token.
  - 12. The network device of claim 10, wherein, when generating the first token using the first network address associated with the first machine, the single application ID and the single application SV, the processing unit is further configured to:
    - apply a function to the first network address, the single application ID and the application SV to generate the first token.
  - 13. The network device of claim 12, wherein, when generating the second token using the second network address associated with the second machine, the single application ID and the single application SV the processing unit is further configured to:
    - apply the function to the second network address, the single application ID and the single application SV to generate the second token.
  - 14. The network device of claim 13, wherein the function comprises a hash function and wherein the first token comprises a first hash value and the second token comprises a second hash value.
  - 15. The network device of claim 10, wherein the processing unit is further configured to:
    - store the first token in a database,receive, via the communication interface, a first resource access request, from the first instance of the customer application installed in the first machine, wherein the first resource access request includes a first resource access token, andvalidate the first resource access token by comparing the first resource access token to the first token stored in the database.
  - 16. The network device of claim 15, wherein the processing unit is further configured to:
    - grant access, to the resource server, to the first instance of the customer application based on the validating of the first resource access token.
  - 17. The network device of claim 15, wherein the processing unit is further configured to:
    - store the second token in the database;
      
      receive a second resource access request from the second instance of the customer application installed in the second machine, wherein the second resource access request includes a second resource access token, andvalidate the second resource access token by comparing the second resource access token to the second token stored in the database.
  - 18. The network device of claim 17, wherein the processing unit is further configured to:
    - grant access, to the resource server, to the second instance of the customer application based on the validating of the second resource access token.

19. A non-transitory storage medium storing instructions executable by a computational device, wherein the instructions comprise instructions to cause the computational device to:
- assign a single application identifier (ID) and a single application secret value (SV) to a customer application, wherein multiple replicated instances of the customer application include a first instance of the customer application assigned the single application ID and the single application SV and installed in a first machine of a machine cluster of customer premises equipment (CPE), and a second instance of the customer application assigned the single application ID and the single application SV and installed in a second machine of the machine cluster of the CPE;
  
  receive a first resource authorization request from the first instance of the customer application via a wireless or a wireline network connection to the first machine;
  
  receive a second resource authorization request from the second instance of the customer application via a wireless or a wireline network connection to the second machine;
  
  generate, responsive to the first resource authorization request, a first token using a first network address associated with the first machine, the single application ID and the single application SV;
  
  return, to the first instance of the customer application, the generated first token for use in requesting access to a resource server;
  
  generate, responsive to the second resource authorization request, a second token using a second network address associated with the second machine, the single application ID and the single application SV; and
  
  return, to the second instance of the customer application, the generated second token for use in requesting access to the resource server.
- View Dependent Claims (20)
- - 20. The non-transitory storage medium of claim 19, wherein the instructions comprise instructions to cause the computational device to:
    - store the first token in a database;
      
      receive a first resource access request from the first instance of the customer application installed in the first machine, wherein the first resource access request includes a first resource access token;
      
      validate the first resource access token by comparing the first resource access token to the first token stored in the database; and
      
      grant access, to the resource server, to the first instance of the customer application based on the validating of the first resource access token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Ren, Dahai, Saint-Hilaire, Hector, Kadiga, Anil, Wu, Shuai
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/046,547
Publication Number

US 20170244706A1
Time in Patent Office

992 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/123   received data contents, e.g...

Delegated resource authorization for replicated applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Delegated resource authorization for replicated applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links