Server device, service method, program, and non-transitory computer-readable information recording medium

US 10,650,129 B2
Filed: 05/30/2016
Issued: 05/12/2020
Est. Priority Date: 05/30/2016
Status: Active Grant

First Claim

Patent Images

1. A device configured to receive access from multiple applications running on a terminal device, comprising:

at least one memory configured to store computer program code; and

at least one processor configured to access the computer program code and operate as instructed by the computer program code, the computer program code configured to;

when a first access token that is an access token to one of the multiple applications is stored in a nonvolatile storage region of the terminal device, receive, from the one of the multiple applications, an access request specifying the first access token and when the first access token is not stored in the nonvolatile storage region, receive, from the one of the multiple applications, a sign-in request specifying a user name and a password;

perform authentication with the user name and password specified in the sign-in request when the sign-in request transmitted by the one of the multiple applications running on the terminal device is received;

based on the determining that the authentication is successful, issue the first access token to a transmission source application having transmitted the sign-in request, transmit the issued first access token to the transmission source application, and approve access from the transmission source application;

store the issued first access token in association with a terminal identification code identifying the terminal device on which the transmission source application having transmitted the sign-in request runs, with an addition of an expiration date, and postpone an expiration date to a second access token stored in association with the terminal identification code, the second access token being an access token different from the first access token; and

approve access from a transmission source application having transmitted the access request and postpone expiration dates to the first access token specified in the access request and the second access token stored in association with the terminal identification code of the terminal device on which the transmission source application runs when the access request transmitted by the one of the multiple applications running on the terminal device is received and the first access token specified in the access request is stored in association with the terminal identification code and as being unexpired.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server device (100) receives access from an application (31) running on a terminal device (200). The server device (100) authenticates the application (31) of the terminal device (200) with a user name and a password and if successful, transmits an access token to the application (31) and approves access. Issuing an access token, the server device (100) postpones the expiration date given to other access tokens associated with the terminal device (200). When an access token received from the application (31) of the terminal device (200) is associated with the terminal device (200) and stored as being unexpired, the server device (100) approves access from the application (31) and postpones the expiration dates given to all access tokens associated with the terminal device (200).

7 Citations

8 Claims

1. A device configured to receive access from multiple applications running on a terminal device, comprising:
- at least one memory configured to store computer program code; and
  
  at least one processor configured to access the computer program code and operate as instructed by the computer program code, the computer program code configured to;
  
  when a first access token that is an access token to one of the multiple applications is stored in a nonvolatile storage region of the terminal device, receive, from the one of the multiple applications, an access request specifying the first access token and when the first access token is not stored in the nonvolatile storage region, receive, from the one of the multiple applications, a sign-in request specifying a user name and a password;
  
  perform authentication with the user name and password specified in the sign-in request when the sign-in request transmitted by the one of the multiple applications running on the terminal device is received;
  
  based on the determining that the authentication is successful, issue the first access token to a transmission source application having transmitted the sign-in request, transmit the issued first access token to the transmission source application, and approve access from the transmission source application;
  
  store the issued first access token in association with a terminal identification code identifying the terminal device on which the transmission source application having transmitted the sign-in request runs, with an addition of an expiration date, and postpone an expiration date to a second access token stored in association with the terminal identification code, the second access token being an access token different from the first access token; and
  
  approve access from a transmission source application having transmitted the access request and postpone expiration dates to the first access token specified in the access request and the second access token stored in association with the terminal identification code of the terminal device on which the transmission source application runs when the access request transmitted by the one of the multiple applications running on the terminal device is received and the first access token specified in the access request is stored in association with the terminal identification code and as being unexpired.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The server device according to claim 1, wherein the computer program code is further configured to orderthe transmission source application to transmit the sign-in request when the first access token specified in the received access request is not stored or is past the stored expiration date.
  - 3. The server device according to claim 2, wherein the computer program code is further configured to:
    - store the issued first access token in association with a combination of the terminal identification code and the user name specified in the sign-in request and with an addition of the expiration date, andtransmit the user name included in the combination including the terminal identification code to the transmission source application and order the transmission source application to transmit the sign-in request when the first access token specified in the received access request is stored in association with the terminal identification code of the terminal device on which the transmission source application having transmitted the access request runs and as being expired.
  - 4. The server device according to claim 1, wherein the computer program code is further configured to:
    - when the first access token specified in the received access request is stored in association with the terminal identification code of the terminal device on which the transmission source application having transmitted the access request runs and as being unexpired and the expiration date to the first access token to the transmission source application is postponed to a first expiration date, postponed the expiration date to the second access token stored in association with the terminal identification code to the first expiration date.
  - 5. The server device according to claim 1, whereinthe computer program code is further configured to:
    - when the first access token specified in the received access request is stored in association with the terminal identification code of the terminal device on which the transmission source application having transmitted the access request runs and as being unexpired and the expiration date to the first access token to the transmission source application is postponed by a first period, postponed the expiration date to the second access token stored in association with the terminal identification code, by the first period.
  - 6. The server device according to claim 1, whereinthe computer program code is further configured to:
    - when the first access token specified in the received access request is stored in association with the terminal identification code of the terminal device on which the transmission source application having transmitted the access request runs and as being unexpired and a term of validity of the first access token to the transmission source application is extended so that a remaining term of validity of the first access token is extended by a first multiplying factor, extend a term of validity of the second access token stored in association with the terminal identification code so that a remaining term of validity of the second access token is extended, by the first multiplying factor.

7. A method of receiving access from multiple applications running on a terminal device, the method performed by a server device comprising,when a first access token that is an access token to one of the multiple applications is stored in a nonvolatile storage region of the terminal device receiving, from the one of the multiple applications, an access request specifying the first access token and when the first access token is not stored in the nonvolatile storage region, receiving, from the one of the multiple applications, a sign-in request specifying a user name a password;
- performing authentication with the user name and password specified in the sign-in request when the sign-in request transmitted by the one of the multiple applications running on the terminal device is received;
  
  based on determining that the authentication is successful, issuing the first access token to a transmission source application having transmitted the sign-in request, transmitting the issued first access token to the transmission source application, and approving access from the transmission source application;
  
  storing the issued first access token in association with a terminal identification code identifying the terminal device on which the transmission source application having transmitted the sign-in request runs with an addition of an expiration date, and postponing an expiration date to a second access token stored in association with the terminal identification code, the second access token being an access token different from the first access token; and
  
  approving access from a transmission source application having transmitted the access request and postponing the expiration dates to the first access token specified in the access request and the second access token stored in association with the terminal identification code of the terminal device on which the transmission source application runs when the access request transmitted by the one of the multiple applications running on the terminal device is received and the access token specified in the access request is stored in association with the terminal identification code and as being unexpired.

8. A non-transitory computer-readable information recording medium on which a program executed by a computer configured to receive access from multiple applications running on a terminal device is recorded, the program causing the computer to:
- when a first access token that is an access token to one of the multiple applications is stored in a nonvolatile storage region of the terminal device, receive, from the one of the multiple applications, an access request specifying the first access token and when the first access token is not stored in the nonvolatile storage region, receive, from the one of the multiple applications, a sign-in request specifying a user name and a password,perform authentication with the user name and password specified in the sign-in request when the sign-in request transmitted by the one of the multiple applications running on the terminal device is received;
  
  based on determining that the authentication is successful, issue the first access token to a transmission source application having transmitted the sign-in request, transmit the issued first access token to the transmission source application, and approve access from the transmission source application;
  
  store the issued first access token in association with a terminal identification code identifying the terminal device on which the transmission source application having transmitted the sign-in request runs, with an addition of an expiration date, and postpone an expiration date to a second access token stored in association with the terminal identification code, the second access token being an access token differrent from the first access token; and
  
  approve access from a transmission source application having transmitted the access request and postpone expiration dates to the first access token specified in the access request and the second access token stored in association with the terminal identification code of the terminal device on which the transmission source application runs when the access request transmitted by the one of the multiple applications running on the terminal device is received and the first access token specified in the access request is stored in association with the terminal identification code and as being unexpired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rakuten Group, Inc.
Original Assignee
Rakuten, Inc. (Rakuten Group, Inc.)
Inventors
Kawai, Kohei, Kurniawan, Sonny
Primary Examiner(s)
Mehedi, Morshed

Application Number

US15/769,240
Publication Number

US 20190080074A1
Time in Patent Office

1,443 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 21/44   Program or device authentic...

G06F 21/604   Tools and structures for ma...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 9/32   including means for verifyi...

H04W 12/068   using credential vaults, e....

Server device, service method, program, and non-transitory computer-readable information recording medium

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Server device, service method, program, and non-transitory computer-readable information recording medium

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links