Invocation of a third party's service

US 20070033148A1
Filed: 02/06/2006
Published: 02/08/2007
Est. Priority Date: 08/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method for invoking a computer implemented service, the method comprising:

receiving a request from a first user to access a service associated with a second user, the request being associated with a security token for the first user and an identity token for the second user;

determining the acceptability of the security token to authenticate the first user;

determining the acceptability of the identity token to securely identify the second user; and

enabling the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Invoking a computer implemented service includes receiving a request from a first user to access a service associated with a second user. The request is associated with a security token for the first user and an identity token for the second user. The acceptability of the security token is determined to authenticate the first user, and the acceptability of the identity token is determined to securely identify the second user. The first user is able to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.

Citations

34 Claims

1. A method for invoking a computer implemented service, the method comprising:
- receiving a request from a first user to access a service associated with a second user, the request being associated with a security token for the first user and an identity token for the second user;
  
  determining the acceptability of the security token to authenticate the first user;
  
  determining the acceptability of the identity token to securely identify the second user; and
  
  enabling the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method of claim 1, wherein receiving a request from a first user to invoke a service associated with a second user comprises receiving a request from a first user to invoke a service for which the second user is a registered user.
  - 3. The method of claim 2, wherein receiving a request from a first user to invoke a service associated with the second user comprises receiving a request from the first user to invoke a service for which the second user is a registered user and the first user is not a registered user.
  - 4. The method of claim 1, wherein receiving a request from a first user comprises receiving a message from the first user that includes a header portion having the identity token.
  - 5. The method of claim 4, wherein the header portion additionally includes the security token or a pointer to the security token.
  - 6. The method of claim 5, wherein the security token or the pointer to the security token is contained in a security context in the header portion.
  - 7. The method of claim 6, wherein the security context comprises a Web Services Security (WS-Security) context.
  - 8. The method of claim 6, wherein the security context additionally includes one or more rules or conditions for permissible use of the security token.
  - 9. The method of claim 6, wherein the header portion includes a container configured to contain the identity token, the container being distinct from the security context.
  - 10. The method of claim 1, wherein the security token comprises a Security Assertions Mark-up Language (SAML) assertion or a SAML authentication assertion.
  - 11. The method of claim 1, wherein the identity token comprises a SAML assertion.
  - 12. The method of claim 1, wherein determining the acceptability of the security token to authenticate the first user comprises determining that the security token is valid.
  - 13. The method of claim 12, wherein determining that the security token is valid comprises determining that the security token is signed by a trusted issuing authority.
  - 14. The method of claim 1, wherein determining the acceptability of the security token to authenticate the first user comprises determining that the security token is used by the first user in accordance with one or more permissible use requirements.
  - 15. The method of claim 14, wherein the permissible use requirements include one or more of:
    - a requirement that the security token be received during a predetermined time period, a requirement that the security token be sent to an authorized recipient, and a requirement that the security token be received from an authorized sender.
  - 16. The method of claim 1, wherein determining the acceptability of the identity token to securely identify the second user comprises determining that the identity token is valid.
  - 17. The method of claim 16, wherein determining that the identity token is valid comprises determining that the identity token is signed by a trusted issuing authority.
  - 18. The method of claim 1, wherein determining the acceptability of the identity token to securely identify the second user comprises determining that the identity token is used by the first user in accordance with one or more permissible use requirements.
  - 19. The method of claim 18, wherein the permissible use requirements include one or more of:
    - a requirement that the identity token be received during a predetermined time period, a requirement that the identity token be sent to an authorized recipient, and a requirement that the identity token be received from an authorized sender.
  - 20. The method of claim 1, further comprising determining whether the first user is authorized to access the service associated with the second user.
  - 21. The method of claim 20, wherein enabling the first user to access the service associated with the second user is further conditioned on the first user being authorized to access the service associated with the second user.
  - 22. The method of claim 20, wherein determining whether the first user is authorized to access the service associated with the second user comprises accessing a set of preferences associated with the second user to determine whether to authorize the first user to access the service.
  - 23. The method of claim 22, wherein:
    - the service comprises a group of service features, and enabling the first user to access the service comprises enabling the first user to access only a subset of the group of service features conditioned on the set of preferences including a preference to limit the access of the first user to the subset of service features.
  - 24. The method of claim 23, wherein the subset of service features comprises a subset of service features specified by the second user.
  - 25. The method of claim 23, wherein the service comprises an image storage service and the subset of service features includes service features related to viewing images stored by the second user.
  - 26. The method of claim 25, wherein the subset excludes service features related to one or more of:
    - deleting images, adding images, and changing the organization of image storage.
  - 27. The method of claim 23, wherein the service comprises an address book or calendar service and the subset of service features includes service features related to viewing all or selected calendar entries or address book entries.
  - 28. The method of claim 27, wherein the subset excludes service features related to one or more of:
    - adding calendar or address book entries, deleting calendar or address book entries, and editing calendar or address book entries.
  - 29. The method of claim 22, wherein the set of preferences include a time limit or window of time during which the first user is authorized to access the service.
  - 30. The method of claim 22, wherein the set of preferences deny authorization to the first user if more than a predetermined number of requests by the first user to invoke the second user'"'"'s service were received from the first user in the past.
  - 31. The method of claim 30, wherein the service comprises a pay-per-view service and the set of preferences deny authorization to the first user if more than a predetermined number of requests to watch a video were received from the first user in the past.
  - 32. The method of claim 31, wherein the predetermined number of requests is specified by the second user.

33. A computer system for invoking a computer implemented service, the computer system comprising:
- a receiver module configured to receive a request from a first user to access a service associated with a second user, the request being associated with a security token for the first user and an identity token for the second user;
  
  a processing module configured to;
  
  determine the acceptability of the security token to authenticate the first user, and determine the acceptability of the identity token to securely identify the second user; and
  
  an access module configured to enable the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.

34. An apparatus for invoking a computer implemented service, the apparatus comprising:
- means for receiving a request from a first user to access a service associated with a second user, the request being associated with a security token for the first user and an identity token for the second user;
  
  means for determining the acceptability of the security token to authenticate the first user;
  
  means for determining the acceptability of the identity token to securely identify the second user; and
  
  means for enabling the first user to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL Inc. (Apollo Global Management, Inc.)
Inventors
Cahill, Conor

Granted Patent

US 8,028,325 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/65
CPC Class Codes

G06Q 10/10 Office automation; Time man...

G06Q 20/367 involving electronic purses...

Invocation of a third party's service

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Invocation of a third party's service

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links