Securing partner-enabled web service

US 10,320,796 B2
Filed: 05/28/2015
Issued: 06/11/2019
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securing a partner service, comprising:

receiving a request, wherein the request comprises a unique value, to access the partner service, wherein the request is received from a browser client for a partner application;

authenticating a user, the partner application generating a token that associates the user with the partner application;

generating a signature for the token, the signature to enable the partner service to independently regenerate the signature, the token comprising an identifier for the partner application enabling the partner service to detect which partner application generates the token; and

sending the token with the signature to the browser client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The claimed subject matter provides a method for securing a partner service. The method can include receiving a request, wherein the request comprises a unique value, to access the partner service, wherein the request is received from a browser client for a partner application and determining that a user is authorized to access the partner application, the partner application generating a token that associates the user with the partner application. The method can also include generating a signature for the token, the signature to enable the partner service to independently regenerate the signature, the token comprising an identifier for the partner application enabling the partner service to detect which partner application generates the token and sending the token with the signature to the browser client.

50 Citations

View as Search Results

20 Claims

1. A method for securing a partner service, comprising:
- receiving a request, wherein the request comprises a unique value, to access the partner service, wherein the request is received from a browser client for a partner application;
  
  authenticating a user, the partner application generating a token that associates the user with the partner application;
  
  generating a signature for the token, the signature to enable the partner service to independently regenerate the signature, the token comprising an identifier for the partner application enabling the partner service to detect which partner application generates the token; and
  
  sending the token with the signature to the browser client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method recited in claim 1, wherein the token comprises:
    - a shared secret of the partner application and the partner service;
      
      a user id; and
      
      an issue time that the token is generated.
  - 3. The method recited in claim 1, comprising encoding the token using a one-way hashing algorithm.
  - 4. The method recited in claim 1, comprising:
    - storing the token in a memory associated with the browser client;
      
      generating a representational state transfer (REST) request comprising a header comprising the token; and
      
      sending the REST request to the partner service.
  - 5. The method recited in claim 4, comprising determining an expiration time of the token based on the issue time.
  - 6. The method recited in claim 5, comprising:
    - determining that a current time is after the expiration time; and
      
      rejecting the REST request.
  - 7. The method recited in claim 5, comprising:
    - determining that a current time is before the expiration time;
      
      generating a second token based on the user, the application id, and the issue time;
      
      comparing the second token to the token; and
      
      processing the request based on the comparison.
  - 8. The method recited in claim 7, wherein generating the second token comprises:
    - retrieving a user id for the user from the session;
      
      retrieving the identifier of the partner application from the REST request;
      
      retrieving the time from the REST request; and
      
      encoding the second token using the one-way hashing algorithm, wherein the second token comprises;
      
      a shared secret of the partner application and the partner service;
      
      the user id;
      
      the identifier of the partner application; and
      
      an issue time that the token is generated.

9. A system for securing a partner service, comprising:
- a processing unit; and
  
  a system memory, wherein the system memory comprises code configured to direct the processing unit to;
  
  receive a request, wherein the request comprises a unique value to access the partner service, wherein the request is received from a browser client for a partner application, wherein the browser client is associated with a user;
  
  authenticate the user;
  
  generate a token, using the partner application, the token associating the user with the partner application, and the token comprising an identifier for the partner application enabling the partner service to identify the partner application as generating the token;
  
  generate a signature for the token, the signature to enable the partner service to independently regenerate the signature; and
  
  send the token with the signature to the browser client.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system recited in claim 9, wherein the token comprises:
    - a shared secret of the partner application and the partner service;
      
      a user id for the user; and
      
      an issue time that the token is generated.
  - 11. The system recited in claim 9, comprising code configured to direct the processing unit to encode the token using a one-way hashing algorithm.
  - 12. The system recited in claim 9, comprising code configured to direct the processing unit to:
    - store the token in a memory associated with the browser client;
      
      generate a representational state transfer (REST) request comprising a header comprising the token; and
      
      send the REST request to the partner service.
  - 13. The system recited in claim 12, comprising code configured to direct the processing unit to determine a pre-determined expiration time of the token.
  - 14. The system recited in claim 13, comprising code configured to direct the processing unit to:
    - determine that a current time is before the expiration time;
      
      generate a second token based on the user, the application id, and the issue time;
      
      compare the second token to the token; and
      
      process the request based on the comparison.
  - 15. The system recited in claim 14, wherein the code configured to direct the processing unit to generate the second token comprises code configured to direct the processing unit to:
    - retrieve a user id for the user from the session;
      
      retrieve the identifier of the partner application from the REST request;
      
      retrieve the time from the REST request; and
      
      encode the second token using the one-way hashing algorithm, wherein the second token comprises;
      
      the user id;
      
      the identifier of the partner application;
      
      a shared secret of the partner application and the partner service; and
      
      an issue time that the token is generated.

16. One or more computer-readable storage devices, comprising code configured to direct a processing unit to:
- receive a request to access a partner service, wherein the request comprises a unique value and the request is received from a browser client for a partner application, wherein the browser client is associated with a user;
  
  authenticate the user;
  
  generate a token that associates the user with the partner application, wherein the token comprises an identifier of the partner application enabling the partner service to identify the partner application as generating the token;
  
  generate a signature for the token, the signature to enable the partner service to independently regenerate the signature;
  
  send the token with the signature to the browser client; and
  
  encode the token using a one-way hashing algorithm.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The one or more computer-readable storage devices recited in claim 16, comprising code configured to direct the processing unit to:
    - store the token in a memory associated with the browser client;
      
      generate a representational state transfer (REST) request comprising a header comprising the token; and
      
      send the REST request to the partner service.
  - 18. The one or more computer-readable storage devices recited in claim 17, comprising code configured to direct the processing unit to:
    - determine that a current time is before an expiration time;
      
      generate a second token based on the user, the application id, and the issue time;
      
      compare the second token to the token; and
      
      process the request based on the comparison.
  - 19. The one or more computer-readable storage devices recited in claim 18, wherein the code configured to direct the processing unit to generate the second token comprises code configured to direct the processing unit to:
    - retrieve the user id for the user from the session;
      
      retrieve the identifier of the partner application from the REST request;
      
      retrieve the time from the REST request; and
      
      encode the second token using the one-way hashing algorithm, wherein the second token comprises;
      
      the user id;
      
      the identifier of the partner application;
      
      the shared secret of the partner application and the partner service; and
      
      an issue time that the token is generated.
  - 20. The one or more computer-readable storage devices recited in claim 19, wherein the session is represented by a cookie.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Lau, Eric Wai Ho, Jiang, Zhaowei Charlie, Jones, Jr., Ronald H., Isaacson, Derrick, Lemke, Ralph E., Wu, Peter
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Johnson, Carlton

Application Number

US14/724,219
Publication Number

US 20150365419A1
Time in Patent Office

1,475 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

H04L 63/06   for supporting key manageme...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 67/02   based on web technology, e....

H04L 67/568   Storing data temporarily at...

Securing partner-enabled web service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing partner-enabled web service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links