Authorization token including fine grain entitlements

US 10,587,409 B2
Filed: 11/30/2017
Issued: 03/10/2020
Est. Priority Date: 11/30/2017
Status: Active Grant

First Claim

Patent Images

1. A method of interpreting an authorization token, comprising:

receiving, by a service from a client device, an authorization token;

validating, by the service, a signature of the authorization token;

identifying, by the service, an allowed function value associated with at least part of an entitlement representation contained in a body of the authorization token;

converting, by the service, the allowed function value to an allowed function bitmask that comprises bits at a plurality of bit positions that are set to values indicating whether a subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list; and

determining, by the service, whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user to access the service through the client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of interpreting an authorization token is described herein. The service can receive an authorization token from a client device, and validate a signature of the authorization token. The service can identify an allowed function value associated at least part of an entitlement representation contained in a body of the authorization token. The service can convert the allowed function value to an allowed function bitmask that includes bits at a plurality of bit positions that are set to values indicating whether the subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list. The service can determine whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user of the client device to access the service.

Citations

13 Claims

1. A method of interpreting an authorization token, comprising:
- receiving, by a service from a client device, an authorization token;
  
  validating, by the service, a signature of the authorization token;
  
  identifying, by the service, an allowed function value associated with at least part of an entitlement representation contained in a body of the authorization token;
  
  converting, by the service, the allowed function value to an allowed function bitmask that comprises bits at a plurality of bit positions that are set to values indicating whether a subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list; and
  
  determining, by the service, whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user to access the service through the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the subscriber element is a user account, billing account, or subscription associated with a telecommunications provider.
  - 3. The method of claim 1, further comprising receiving, by the service from the client device, a service request that identifies the subscriber element, thereby distinguishing the allowed function value from one or more other allowed function values in the entitlement representation that are associated with other subscriber elements.
  - 4. The method of claim 1, wherein determining whether the allowed function bitmask indicates that the subscriber element has the one or more qualifying attributes comprises checking the values of bits of the allowed function bitmask at bit positions associated with the one or more qualifying attributes on the predefined attribute list.
  - 5. The method of claim 1, wherein determining whether the allowed function bitmask indicates that the subscriber element has the one or more qualifying attributes comprises:
    - adding individual attributes to a list of subscriber entity attributes when bits of the allowed function bitmask at bit positions corresponding to those attributes on the predefined attribute list are set to a value indicating that the subscriber entity has those individual attributes; and
      
      determining if the one or more qualifying attributes appear in the list of subscriber entity attributes.
  - 6. The method of claim 1, wherein validating the signature comprises using a public key of an issuing entity to verify that the issuing entity generated the authorization token and that the contents of the body and a header of the authorization token have not been altered.
  - 7. The method of claim 1, further comprising decompressing the entitlement representation prior to identifying the allowed function value.

8. A server of a service, comprising:
- one or more processors;
  
  a communication connection; and
  
  memory storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving an authorization token from a client device;
  
  validating a signature of the authorization token;
  
  identifying an allowed function value associated with at least part of an entitlement representation contained in a body of the authorization token;
  
  converting the allowed function value to an allowed function bitmask that comprises bits at a plurality of bit positions that are set to values indicating whether a subscriber element has attributes associated each of the plurality of bit positions on a predefined attribute list; and
  
  determining whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user to access the service through the client device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The server of claim 8, wherein the subscriber element is a user account, billing account, or subscription associated with a telecommunications provider.
  - 10. The server of claim 8, wherein determining whether the allowed function bitmask indicates that the subscriber element has the one or more qualifying attributes comprises checking the values of bits of the allowed function bitmask at bit positions associated with the one or more qualifying attributes on the predefined attribute list.
  - 11. The server of claim 8, wherein determining whether the allowed function bitmask indicates that the subscriber element has the one or more qualifying attributes comprises:
    - adding individual attributes to a list of subscriber entity attributes when bits of the allowed function bitmask at bit positions corresponding to those attributes on the predefined attribute list are set to a value indicating that the subscriber entity has those individual attributes; and
      
      determining if the one or more qualifying attributes appear in the list of subscriber entity attributes.
  - 12. The server of claim 8, wherein validating the signature comprises using a public key of an issuing entity to verify that the issuing entity generated the authorization token and that the contents of the body and a header of the authorization token have not been altered.
  - 13. The server of claim 8, wherein the operations further comprise decompressing the entitlement representation prior to identifying the allowed function value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Subramaniam, Komethagan, Engan, Michael, Sadasivam, Ramkishan, McDorman, Douglas
Primary Examiner(s)
Dinh, Minh

Application Number

US15/828,266
Publication Number

US 20190165942A1
Time in Patent Office

831 Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/30018   Bit or string instructions

G06F 9/30038   using a mask

G06Q 30/04   Billing or invoicing

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04M 15/00   Arrangements for metering, ...

H04M 15/41   Billing record details, i.e...

H04M 17/00   Prepayment of wireline comm...

H04M 17/02   Coin-freed or check-freed s...

H04M 17/10   Account details or usage

H04M 17/103   using SIMs (USIMs) or calli...

H04W 8/18   Processing of user or subsc...

Authorization token including fine grain entitlements

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization token including fine grain entitlements

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links