METHOD AND APPARATUS FOR PROVIDING ENHANCED SERVICE AUTHORIZATION

US 20100212004A1
Filed: 02/18/2009
Published: 08/19/2010
Est. Priority Date: 02/18/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to at least perform the following steps:

determining that a request is received from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider;

based on the secondary token identifier, identifying a secondary token; and

initiating sending of the secondary token to the first service provider, wherein the first service provider and the second service provider belong to different trust domains.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token identifier, a secondary token is identified; and then the secondary token is sent to the first service provider, wherein the first service provider and the second service provider belong to different trust domains and the first service provider can use the secondary token to access resources of the second service provider.

93 Citations

View as Search Results

20 Claims

1. A computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to at least perform the following steps:
- determining that a request is received from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider;
  
  based on the secondary token identifier, identifying a secondary token; and
  
  initiating sending of the secondary token to the first service provider, wherein the first service provider and the second service provider belong to different trust domains.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A computer readable storage medium of claim 1, wherein identifying the secondary token includes:
    - creating the secondary token based on the secondary token identifier, in response to receiving the request.
  - 3. A computer readable storage medium of claim 1, wherein identifying the secondary token includes:
    - retrieving the secondary token from a memory store based on the secondary token identifier.
  - 4. A computer readable storage medium of claim 1, wherein identifying the secondary token includes:
    - creating an account on an authorization server associated with the primary token.
  - 5. A computer readable storage medium of claim 4, wherein identifying the secondary token includes:
    - creating a plurality of secondary token identifiers and respective secondary tokens, associated with the account; and
      
      storing the plurality of secondary token identifiers in a memory store of the authorization server.

6. An apparatus comprising a processor and a memory storing executable instructions that if executed cause the apparatus to at least perform the following:
- determining that a request is received from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider;
  
  based on the secondary token identifier, identifying a secondary token; and
  
  initiating sending of the secondary token to the first service provider, wherein the first service provider and the second service provider belong to different trust domains.
- View Dependent Claims (7, 8, 9, 10)
- - 7. An apparatus of claim 6, wherein identifying the secondary token includes:
    - creating the secondary token based on the secondary token identifier, in response to receiving the request.
  - 8. An apparatus of claim 6, wherein identifying the secondary token includes:
    - retrieving the secondary token from a memory store based on the secondary token identifier.
  - 9. An apparatus of claim 6, wherein identifying the secondary token includes:
    - creating an account on an authorization server associated with the primary token.
  - 10. An apparatus of claim 9, wherein identifying the secondary token includes:
    - creating a plurality of secondary token identifiers and respective secondary tokens, associated with the account; and
      
      storing the plurality of secondary token identifiers in a memory store of the authorization server.

11. A computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to at least perform the following steps:
- receiving at a first service provider a request relating to accessing resources of a second service provider, the request associated with a primary token;
  
  requesting from an authorization system a secondary token, the secondary token based at least in part on the second service provider and the primary token;
  
  receiving the secondary token from the authorization system; and
  
  requesting from the second service provider access to the resources of the second service provider using the secondary token, wherein the first service provider and the second service provider belong to different trust domains.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A computer readable storage medium of claim 11, wherein the first service provider allows access to resources of the first service provider based on the primary token.
  - 13. A computer readable storage medium of claim 11, wherein the request includes the primary token.
  - 14. A computer readable storage medium of claim 11, wherein the secondary token, at least in part, identifies a scope of resources of the second service provider that the first provider is authorized to access.
  - 15. A computer readable storage medium of claim 11, wherein the request is received from a user device.
  - 16. A computer readable storage medium of claim 15, wherein the user device comprises a mobile handset.

17. An apparatus comprising a processor and a memory storing executable instructions that if executed cause the apparatus to at least perform the following:
- receiving at a first service provider a request relating to accessing resources of a second service provider, the request associated with a primary token;
  
  requesting from an authorization system a secondary token, the secondary token based at least in part on the second service provider and the primary token;
  
  receiving the secondary token from the authorization system; and
  
  requesting from the second service provider access to the resources of the second service provider using the secondary token, wherein the first service provider and the second service provider belong to different trust domains.
- View Dependent Claims (18, 19, 20)
- - 18. An apparatus of claim 17, wherein the first service provider allows access to resources of the first service provider based on the primary token.
  - 19. An apparatus of claim 17, wherein the request includes the primary token.
  - 20. An apparatus of claim 17, wherein the secondary token, at least in part, identifies a scope of resources of the second service provider that the first provider is authorized to access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
FU, Yan

Granted Patent

US 8,364,970 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

METHOD AND APPARATUS FOR PROVIDING ENHANCED SERVICE AUTHORIZATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PROVIDING ENHANCED SERVICE AUTHORIZATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links