Background authentication refresh

US 10,270,753 B2
Filed: 08/14/2015
Issued: 04/23/2019
Est. Priority Date: 08/14/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

granting access, with one or more computing devices, to a secure computing environment in response to receiving authentication information from a requesting computing device, wherein access is granted for a session having an associated period of validity and wherein one or more client applications allow secure delegated access to server resources on behalf of a resource owner by utilizing an access token provided by a remote authorization server, wherein the delegated access based on the access token has an associated period of validity that is shorter than the period of validity for the session;

refreshing the access token, with the one or more computing devices via a browser application extension, without explicit user interaction utilizing the authentication information for the session during the period of validity for the session while the session is valid by sending at least a portion of the authentication information for the session to the remote authorization server to cause the access token for the delegated access to be refreshed;

granting access, with the one or more computing devices, to the secure computing environment in response to the refreshed access token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for refreshing an authentication token. Access is granted to a secure computing environment in response to receiving authentication information from a requesting computing device. The access is granted for a session and one or more client applications allow secure delegated access to server resources on behalf of a resource owner by utilizing an access token. The access token is refreshed without explicit user interaction utilizing the authentication information for the session while the session is valid. Access is granted to the secure computing environment in response to the refreshed access token.

Citations

21 Claims

1. A method comprising:
- granting access, with one or more computing devices, to a secure computing environment in response to receiving authentication information from a requesting computing device, wherein access is granted for a session having an associated period of validity and wherein one or more client applications allow secure delegated access to server resources on behalf of a resource owner by utilizing an access token provided by a remote authorization server, wherein the delegated access based on the access token has an associated period of validity that is shorter than the period of validity for the session;
  
  refreshing the access token, with the one or more computing devices via a browser application extension, without explicit user interaction utilizing the authentication information for the session during the period of validity for the session while the session is valid by sending at least a portion of the authentication information for the session to the remote authorization server to cause the access token for the delegated access to be refreshed;
  
  granting access, with the one or more computing devices, to the secure computing environment in response to the refreshed access token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the authentication information comprises a user name and password.
  - 3. The method of claim 1 wherein the authentication information comprises multi-factor authentication.
  - 4. The method of claim 1 wherein the session is valid for a longer time period than the access token.
  - 5. The method of claim 1 wherein the access token is acquired utilizing OAuth 2 compliant protocols.
  - 6. The method of claim 1 wherein the secure computing environment comprises an on-demand services environment.
  - 7. The method of claim 6 wherein the on-demand services environment comprises a multitenant database environment.

8. A non-transitory computer readable storage medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to:
- grant access, with one or more computing devices, to a secure computing environment in response to receiving authentication information from a requesting computing device, wherein access is granted for a session having an associated period of validity and wherein one or more client applications allow secure delegated access to server resources on behalf of a resource owner by utilizing an access token provided by a remote authorization server, wherein the delegated access based on the access token has an associated period of validity that is shorter than the period of validity for the session;
  
  refresh the access token, with the one or more computing devices via a browser application extension, without explicit user interaction utilizing the authentication information for the session during the period of validity for the session while the session is valid by sending at least a portion of the authentication information for the session to the remote authorization server to cause the access token for the delegated access to be refreshed;
  
  grant access, with the one or more computing devices, to the secure computing environment in response to the refreshed access token.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable storage medium of claim 8 wherein the authentication information comprises a user name and password.
  - 10. The non-transitory computer readable storage medium of claim 8 wherein the authentication information comprises multi-factor authentication.
  - 11. The non-transitory computer readable storage medium of claim 8 wherein the session is valid for a longer time period than the access token.
  - 12. The non-transitory computer readable storage medium of claim 8 wherein the access token is acquired utilizing OAuth 2 compliant protocols.
  - 13. The non-transitory computer readable storage medium of claim 8 wherein the secure computing environment comprises an on-demand services environment.
  - 14. The non-transitory computer readable storage medium of claim 13 wherein the on-demand services environment comprises a multitenant database environment.

15. A system comprising:
- a memory device;
  
  one or more processors coupled with the memory device, the one or more processors to grant access, with one or more computing devices, to a secure computing environment in response to receiving authentication information from a requesting computing device, wherein access is granted for a session having an associated period of validity and wherein one or more client applications allow secure delegated access to server resources on behalf of a resource owner by utilizing an access token provided by a remote authorization server, wherein the delegated access based on the access token has an associated period of validity that is shorter than the period of validity for the session, to refresh the access token, with the one or more computing devices via a browser application extension, without explicit user interaction utilizing the authentication information for the session during the period of validity for the session while the session is valid by sending at least a portion of the authentication information for the session to the remote authorization server to cause the access token for the delegated access to be refreshed, and to grant access, with the one or more computing devices, to the secure computing environment in response to the refreshed access token.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15 wherein the authentication information comprises a user name and password.
  - 17. The system of claim 15 wherein the authentication information comprises multi-factor authentication.
  - 18. The system of claim 15 wherein the session is valid for a longer time period than the access token.
  - 19. The system of claim 15 wherein the access token is acquired utilizing OAuth 2 compliant protocols.
  - 20. The system of claim 15 wherein the secure computing environment comprises an on-demand services environment.
  - 21. The system of claim 20 wherein the on-demand services environment comprises a multitenant database environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Khylkouskaya, Olga, Kolesnik, Aleksey
Primary Examiner(s)
Ho, Dao Q

Application Number

US14/826,944
Publication Number

US 20170048233A1
Time in Patent Office

1,348 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 9/0891   Revocation or update of sec...

H04L 9/3228   One-time or temporary data,...

Background authentication refresh

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Background authentication refresh

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links