Authentication for online content using an access token
First Claim
Patent Images
1. A system comprising:
- one or more processors; and
one or more computer-readable storage device storing computer-executable instructions that, responsive to execution by the one or more processors, cause the system to perform operations including;
authenticating, at an online content resource, a client device for access to online content based on user credentials received from the client device as part of a request for access to the online content;
generating a message that includes the user credentials and a common access key held by multiple content resources that serve the online content;
creating an access token by hashing the message with the common access key to generate a first hashed message and by storing the first hashed message and an unhashed version of the message together as part of the access token;
communicating the access token and an instance of the online content to the client device;
removing, subsequent to the communicating, the access token and the message from the online content resource so that the access token is not stored by the online content resource;
receiving, subsequent to the removing, the access token as part of a subsequent request from the client device for access to the online content; and
authenticating the client device as permitted to access the online content as part of the subsequent request using the common access key and the access token and independent of any information about the client device stored by the online content resource by;
retrieving the first hashed message and the unhashed version of the message from the access token;
hashing the unhashed version of the message with the common access key to generate a second hashed message; and
ascertaining that the second hashed message matches the first hashed message retrieved from the access token.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for authentication for online content using an access token are described. According to various embodiments, online content (e.g., webpages and other types of web content) can be served across a variety of different online resources. According to one or more embodiments, an access token is leveraged to enable a user to authenticate with multiple different distributed content resources for access to online content, and without requiring the user to input authentication credentials for each of the content resources.
132 Citations
20 Claims
-
1. A system comprising:
-
one or more processors; and one or more computer-readable storage device storing computer-executable instructions that, responsive to execution by the one or more processors, cause the system to perform operations including; authenticating, at an online content resource, a client device for access to online content based on user credentials received from the client device as part of a request for access to the online content; generating a message that includes the user credentials and a common access key held by multiple content resources that serve the online content; creating an access token by hashing the message with the common access key to generate a first hashed message and by storing the first hashed message and an unhashed version of the message together as part of the access token; communicating the access token and an instance of the online content to the client device; removing, subsequent to the communicating, the access token and the message from the online content resource so that the access token is not stored by the online content resource; receiving, subsequent to the removing, the access token as part of a subsequent request from the client device for access to the online content; and authenticating the client device as permitted to access the online content as part of the subsequent request using the common access key and the access token and independent of any information about the client device stored by the online content resource by; retrieving the first hashed message and the unhashed version of the message from the access token; hashing the unhashed version of the message with the common access key to generate a second hashed message; and ascertaining that the second hashed message matches the first hashed message retrieved from the access token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method, comprising:
-
authenticating, at an online content resource and at a first time, a client device for access to online content based on user credentials received from the client device as part of a request for access to the online content; generating a message that includes the user credentials and a common access key held by multiple content resources; creating an access token by hashing the message with the common access key to generate a first hashed message and by storing the first hashed message and an unhashed version of the message together as part of the access token; communicating the access token and an instance of the online content to the client device; removing, subsequent to the communicating, the access token and the message from the online content resource so that the access token is not stored by the online content provider; receiving, subsequent to the removing, the access token as part of a subsequent request from the client device for access to the online content; retrieving the first hashed message and the unhashed version of the message from the access token; hashing the unhashed version of the message with the common access key to generate a second hashed message; ascertaining that the second hashed message matches the first hashed message retrieved from the access token; and authenticating the client device at a second time as permitted to access the online content as part of the subsequent request and using credentials from the access token. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. One or more computer-readable storage device storing instructions that are executed to perform operations comprising:
-
authenticating, at an online content resource, a client device for access to online content based on user credentials received from the client device as part of a request for access to the online content; generating a message that includes the user credentials and a common access key held by multiple content resources that serve the online content; creating an access token by hashing the message with the common access key to generate a first hashed message and by storing the first hashed message and an unhashed version of the message together as part of the access token; communicating the access token and an instance of the online content to the client device; removing, subsequent to the communicating, the access token and the message from the online content resource; receiving, subsequent to the removing, the access token as part of a subsequent request from the client device for access to the online content; and authenticating the client device as permitted to access the online content as part of the subsequent request using the common access key and the access token and independent of any information maintained about the client device by the multiple content resources by; retrieving the first hashed message and the unhashed version of the message from the access token; hashing the unhashed version of the message with the common access key to generate a second hashed message; and ascertaining that the second hashed message matches the first hashed message retrieved from the access token. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification