Proxy authentication

US 10,182,052 B2
Filed: 04/18/2017
Issued: 01/15/2019
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

by an operating system of a client computing device, receiving, from an authorized user using a software application executing on the client computing device, an indication as to whether the software application is authorized to access user data stored on a remote host;

by the operating system, sending to the remote host a request to store access permissions indicating whether the software application is authorized to access the user data from the remote host based on the indication received from the authorized user;

by the operating system, upon receiving a request to access the user data, authenticating a source of the request and (1) if the source is the software application, then transmitting a request for the user data to the remote host, (2) else if the source is another software application, then denying access to the user data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device. The set of data is managed by a second computing device. The method further includes sending, by the operating system and to the second computing device, a second request for accessing the set of data. The method still further includes receiving, by the operating system and from the second computing device, a response to the second request. The method additionally includes, if the response to the second request grants the client application access to the set of data, then forwarding, by the operating system and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device.

Citations

18 Claims

1. A method comprising:
- by an operating system of a client computing device, receiving, from an authorized user using a software application executing on the client computing device, an indication as to whether the software application is authorized to access user data stored on a remote host;
  
  by the operating system, sending to the remote host a request to store access permissions indicating whether the software application is authorized to access the user data from the remote host based on the indication received from the authorized user;
  
  by the operating system, upon receiving a request to access the user data, authenticating a source of the request and (1) if the source is the software application, then transmitting a request for the user data to the remote host, (2) else if the source is another software application, then denying access to the user data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein:
    - the remote host is associated with a social-networking system;
      
      the authorized user is a member of the social-networking system; and
      
      the user data is data of the user stored in the social-networking system.
  - 3. The method of claim 1, wherein the access permissions comprise an application identifier of the software application and an access type for accessing the set of data.
  - 4. The method of claim 3, further comprising determining, by the operating system, a developer identifier of a developer of the software application based on the application identifier.
  - 5. The method of claim 1, further comprising:
    - if the software application is denied access to the user data, then notifying, by the operating system, the software application that the request of the software application for accessing the user data has been denied.
  - 6. The method of claim 1, wherein the request to store the access permissions comprises a user identifier identifying the authorized user.
  - 7. The method of claim 1, further comprising establishing a secure connection with the remote host, wherein the request to access the user data is sent over the secure connection.
  - 8. The method of claim 1, further comprising receiving a response to the request to store access permissions, wherein the response comprises an access token.
  - 9. The method of claim 8, further comprising storing the access token on the client computing device.

10. A client computing device comprising:
- a memory comprising instructions executable by one or more processors; and
  
  the one or more processors coupled to the memory and operable to execute the instructions, the one or more processors being operable when executing the instructions to;
  
  receive, from an authorized user using a software application executing on the client computing device, an indication as to whether the software application is authorized to access user data stored on a remote host;
  
  send to the remote host a request to store access permissions indicating whether the software application is authorized to access the user data from the remote host based on the indication received from the authorized user; and
  
  upon receiving a request to access the user data, authenticate a source of the request and (1) if the source is the software application, then transmitting a request for the user data to the remote host, (2) else if the source is another software application, then denying access to the user data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The client computing device of claim 10, wherein the access permissions comprise an application identifier of the software application and an access type for accessing the set of data.
  - 12. The client computing device of claim 11, further comprising determining, by the operating system, a developer identifier of a developer of the software application based on the application identifier.
  - 13. The client computing device of claim 10, wherein the one or more processors are further operable to:
    - if the software application is denied access to the user data, then notifying, by the operating system, the software application that the request of the software application for accessing the user data has been denied.
  - 14. The client computing device of claim 10, wherein the request to store the access permissions comprises a user identifier identifying the authorized user.
  - 15. The client computing device of claim 10, wherein the one or more processors are further operable to:
    - establish a secure connection with the remote host, wherein the request to access the user data is sent over the secure connection.
  - 16. The client computing device of claim 10, further comprising receiving a response to the request to store access permission, wherein the response comprises a access token.
  - 17. The client computing device of claim 16, wherein the one or more processors are further operable to:
    - store the access token on the client computing device.

18. One or more computer-readable non-transitory storage media embodying software operable when executed by a first computer system to:
- receive, from an authorized user using a software application executing on the client computing device, an indication as to whether the software application is authorized to access user data stored on a remote host;
  
  send to the remote host a request to store access permissions indicating whether the software application is authorized to access the user data from the remote host based on the indication received from the authorized user; and
  
  upon receiving a request to access the user data, authenticate a source of the request and (1) if the source is the software application, then transmitting a request for the user data to the remote host, (2) else if the source is another software application, then denying access to the user data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Shepard, Luke Jonathan, Tung, Julie Christina, Sadan, Yariv, Goldman, Brent Justin, Vijayvergiya, Arun, Shah, Naitik Hemant
Primary Examiner(s)
Joo, Joshua

Application Number

US15/489,868
Publication Number

US 20170223020A1
Time in Patent Office

637 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/44   Program or device authentic...

G06F 21/6281   at program execution time, ...

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

Proxy authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links