Authorization delegation system, control method, authorization server, and storage medium

US 10,154,036 B2
Filed: 07/19/2016
Issued: 12/11/2018
Est. Priority Date: 07/24/2015
Status: Active Grant

First Claim

Patent Images

1. An authorization delegation system that comprises a resource server that provides a service and an authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server has based on authorization information,wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising:

performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus;

issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus;

receiving, by a receiving unit, another authorization request from the client apparatus;

retrieving, by a retrieving unit, whether or not the updating authorization information has already been issued when the authorization request received by the receiving unit is acquired;

wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorization delegation system includes a resource server that provides a service and an authorization server that performs authorization delegation for authorizing a cooperation server, which is a client apparatus, access to user data that the resource server has based on authorization information. The authorization server receives an authorization delegation request for requesting the authorization delegation, and retrieves a refresh token based on the received authorization delegation request. Additionally, the authorization server determines whether or not the retrieved refresh token is valid, and if it is determined that the refresh token is valid, invalidates the refresh token.

7 Citations

11 Claims

1. An authorization delegation system that comprises a resource server that provides a service and an authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server has based on authorization information,wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising:
- performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus;
  
  issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus;
  
  receiving, by a receiving unit, another authorization request from the client apparatus;
  
  retrieving, by a retrieving unit, whether or not the updating authorization information has already been issued when the authorization request received by the receiving unit is acquired;
  
  wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The authorization delegation system according to claim 1, wherein the authorization request at least includes a user ID, a UUID, and a scope.
  - 3. The authorization delegation system according to claim 1, wherein the instructions, when executed by at least the processor, cause the authorization server to perform operations comprising:
    - replying, by a screen replying unit, to an authorization confirmation screen about whether or not the authorization delegation is permitted, if the receiving unit received the authorization request;
      
      acquiring, by a result acquiring unit, a result performed on the authorization confirmation screen,wherein the authorization unit invalidates the updating authorization information whatever the result acquired by the result acquiring unit is.
  - 4. The authorization delegation system according to claim 3, wherein the instructions, when executed by at least the processor, cause the authorization server to perform operations comprising:
    - verifying, by a verifying unit, whether the authorization delegation a performed in the past based on the authorization request.
  - 5. The authorization delegation system according to claim 4, wherein, if the verifying unit determines that the authorization delegation was performed in the past, the replying unit does not reply to the authorization confirmation screen.
  - 6. The authorization delegation system according to claim 3, wherein the instructions, when executed by at least the processor, cause the authorization server to perform operations comprising:
    - cancelling, by a cancelling unit, the authorization delegation,wherein the receiving unit further receives a cancel request for requesting a cancellation of an authorization delegation,wherein, if the cancel request is received, the screen replying unit further replies with a cancelation screen,wherein the result acquiring unit further acquires a result performed on the cancelation screen, andwherein the canceling unit cancels the authorization delegation based on the cancel request, if the result acquired by the result acquiring unit is a cancellation.
  - 7. The authorization delegation system according to claim 6,wherein the cancel request at least includes a client ID and authorization information corresponding to UUID, andwherein the cancelling unit cancels the authorization delegation by deleting or invalidating data that matches the client ID and the UUID.
  - 8. The authorization delegation system according to claim 3, wherein the instructions, when executed by at least the processor, cause the authorization server to perform operations comprising:
    - determining, by a refusal determining unit, whether or not a client is a refused client, which is a client for whom the user has refused the authorization request or a client for whom the user has canceled the authorization delegation, based on the authorization request,wherein, if the refusal determining unit has determined that the client is the refused client, the screen replying unit replies to the authorization confirmation screen with a caution.

9. An authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server, which provides a service, has based on authorization information,wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising:
- performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus;
  
  issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus;
  
  receiving, by a receiving unit, another authorization request from the client apparatus;
  
  retrieving, by a retrieving unit, whether or not the configured to retrieve updating authorization information has already been issued when the authorization request received by the receiving unit is acquired;
  
  wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates an invalidating unit configured to invalidate the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.

10. A control method for an authorization delegation system that includes a resource server which provides a service and an authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server has based on authorization information, the control method comprising:
- performing an authentication of a user based on received user authentication information from the client apparatus;
  
  issuing two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus;
  
  receiving another authorization request from the client apparatus;
  
  retrieving whether or not the updating authorization information has already been issued when the authorization request is acquired;
  
  wherein, when confirmed that the updating authorization information has already been issued in the retrieving, in the issuing, invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.

11. A non-transitory storage medium on which is stored a computer program for making a computer function as respective units of an authorization server wherein the authorization server performs authorization delegation for authorizing a client apparatus access to user data, which a resource server that provides a service has, based on authorization information,wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising:
- performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus;
  
  issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus;
  
  receiving, by a receiving unit, another authorization request from the client apparatus;
  
  retrieving, by a retrieving unit, whether or not the updating authorization information has already been issued when the authorization request received by the receiving unit is acquired;
  
  wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Matsugashita, Hayato
Primary Examiner(s)
Cribbs, Malcolm
Assistant Examiner(s)
Steinle, Andrew J

Application Number

US15/213,601
Publication Number

US 20170026376A1
Time in Patent Office

875 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04L 63/16   Implementing security featu...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/53   using third party service p...

Authorization delegation system, control method, authorization server, and storage medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization delegation system, control method, authorization server, and storage medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links