DYNAMIC CONTROL OF AUTHORIZATION TO ACCESS INTERNET SERVICES

US 20080184342A1
Filed: 03/31/2008
Published: 07/31/2008
Est. Priority Date: 09/05/2001
Status: Active Grant

First Claim

Patent Images

1. Programmable storage media containing programmable software for managing authorization to access a service by a remote user who has established a session with a server, said programmable software comprising the steps of:

retrieving, by the server, a profile of the user from a directory service that is directly connected to the server;

after said retrieving the profile of the user, creating a session object that identifies N services selected by the user in the past, wherein said creating is performed by the server using information included in the retrieved profile of the user, wherein the session object is configured to identify the user, characteristics of the user, and privileges of the user to the server and to an application program, wherein N is a positive integer, and wherein the server comprises the session object;

receiving, by the server from the user via a communication network after said creating the session object, a request for the service to be provided to the user by execution of the application program by the server, wherein the server comprises the application program;

after said receiving the request, ascertaining by the server that the session object does not include a condition of authorization for the user to have access to the requested service;

responsive to said ascertaining that the session object does not include the condition of authorization, determining by the server from consultation with the directory service that the user has authorization for accessing the requested service;

responsive to said ascertaining that the user has authorization for accessing the requested service, receiving the condition of authorization from the directory service followed by incorporating the received condition of authorization into the session object;

after said incorporating the condition of authorization into the session object, determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions;

responsive to said determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions, creating a listener object within the session object;

after said creating the listener object, registering the listener object with a broadcast object, wherein the server comprises the broadcast object, and wherein said registering is performed by the listener object;

receiving, by the listener object after said registering the listener object, information sent by the broadcast object;

determining, by the listener object from the information received from the broadcast object, that the condition of authorization is satisfied, followed by initiating execution of the application program by the server to provide the service to the user;

after said initiating execution of the application program, receiving, by the listener object from the broadcast object, condition information relating to the condition of authorization;

analyzing, by the listener object, the received condition information to determine whether the condition of authorization is satisfied; and

if said analyzing determines that the condition of authorization is satisfied then continuing said execution of the application program, otherwise ending said execution of the application program.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Programmable storage media including programmable software for managing authorization to access Internet services. A session object is created when a user logs onto a web site. The session object includes authorization-privilege information for N services. The user selects the service desired from the web site, at which point the server checks the session object. If the session object does not include authorization to access the selected service, the server consults a directory service. If the user is authorized according to the directory service, authorization-to-access information is incorporated into the session object. When authorization is conditional, a listener object is created within the session object. The listener object registers with a broadcast object and receives information germane to conditions of authorization. The listener object analyzes the information according to conditions of authorization, and terminates access to the selected service when conditions of authorization are not satisfied.

33 Citations

View as Search Results

3 Claims

1. Programmable storage media containing programmable software for managing authorization to access a service by a remote user who has established a session with a server, said programmable software comprising the steps of:
- retrieving, by the server, a profile of the user from a directory service that is directly connected to the server;
  
  after said retrieving the profile of the user, creating a session object that identifies N services selected by the user in the past, wherein said creating is performed by the server using information included in the retrieved profile of the user, wherein the session object is configured to identify the user, characteristics of the user, and privileges of the user to the server and to an application program, wherein N is a positive integer, and wherein the server comprises the session object;
  
  receiving, by the server from the user via a communication network after said creating the session object, a request for the service to be provided to the user by execution of the application program by the server, wherein the server comprises the application program;
  
  after said receiving the request, ascertaining by the server that the session object does not include a condition of authorization for the user to have access to the requested service;
  
  responsive to said ascertaining that the session object does not include the condition of authorization, determining by the server from consultation with the directory service that the user has authorization for accessing the requested service;
  
  responsive to said ascertaining that the user has authorization for accessing the requested service, receiving the condition of authorization from the directory service followed by incorporating the received condition of authorization into the session object;
  
  after said incorporating the condition of authorization into the session object, determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions;
  
  responsive to said determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions, creating a listener object within the session object;
  
  after said creating the listener object, registering the listener object with a broadcast object, wherein the server comprises the broadcast object, and wherein said registering is performed by the listener object;
  
  receiving, by the listener object after said registering the listener object, information sent by the broadcast object;
  
  determining, by the listener object from the information received from the broadcast object, that the condition of authorization is satisfied, followed by initiating execution of the application program by the server to provide the service to the user;
  
  after said initiating execution of the application program, receiving, by the listener object from the broadcast object, condition information relating to the condition of authorization;
  
  analyzing, by the listener object, the received condition information to determine whether the condition of authorization is satisfied; and
  
  if said analyzing determines that the condition of authorization is satisfied then continuing said execution of the application program, otherwise ending said execution of the application program.
- View Dependent Claims (2, 3)
- - 2. The programmable storage media claim 1, wherein the N services are the N services most recently selected by the user.
  - 3. The programmable storage media claim 1, wherein the N services are the N services selected most frequently by the user in a predetermined historical period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Angela J.O. Yochem, Daniel Joseph Yochem, Judd Adam Schorr, Matthew Bunkley Trevathan, Patrick Colum Carroll
Inventors
Trevathan, Matthew Bunkley, Schorr, Judd Adam, Yochem, Daniel Joseph, Yochem, Angela Jo, Carroll, Patrick Colum

Granted Patent

US 7,739,747 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/102 Entity profiles

DYNAMIC CONTROL OF AUTHORIZATION TO ACCESS INTERNET SERVICES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC CONTROL OF AUTHORIZATION TO ACCESS INTERNET SERVICES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links