MOBILE APPLICATION, IDENTITY INTERFACE

US 20130086639A1
Filed: 05/31/2012
Published: 04/04/2013
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory storing a plurality of instructions; and

one or more processors configured to access the memory, wherein the one or more processors are further configured to execute the plurality of instructions to;

receive, from a client application, a request to perform a function associated with a service provider, the request formatted as a representational state transfer (REST) call;

determine, based at least in part on the REST call, an access management service call corresponding to the service provider for which performance of the function is requested; and

perform the access management service call.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing identities are provided. In some examples, identity management, authentication, authorization, and token exchange frameworks may be provided for use with mobile devices, mobile applications, cloud applications, and/or other web-based applications. For example a mobile client may request to perform one or more identity management operations associated with an account of a service provider. Based at least in part on the requested operation and/or the particular service provider, an application programming interface (API) may be utilized to generate and/or perform one or more instructions and/or method calls for managing identity information of the service provider.

Citations

20 Claims

1. A system, comprising:
- a memory storing a plurality of instructions; and
  
  one or more processors configured to access the memory, wherein the one or more processors are further configured to execute the plurality of instructions to;
  
  receive, from a client application, a request to perform a function associated with a service provider, the request formatted as a representational state transfer (REST) call;
  
  determine, based at least in part on the REST call, an access management service call corresponding to the service provider for which performance of the function is requested; and
  
  perform the access management service call.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the client application comprises a mobile application of a mobile device, a software as a service (SaaS) application, or a Rich Internet Application (RIA).
  - 3. The system of claim 1, wherein the request to perform the function associated with the service provider comprises an authentication request, an authorization request, a user profile management request, a policy management request, or a password management request.
  - 4. The system of claim 3, wherein the authentication request includes a user identifier (ID) associated with a user of the client application, a password associated with the user of the client application, and a client token for indicating that the client application is authenticated, the user ID and the password for authenticating the user with the access management service.
  - 5. The system of claim 1, wherein the access management service call comprises a method call to implement a token exchange.
  - 6. The system of claim 1, wherein the request to perform the function associated with the service provider comprises an access request.
  - 7. The system of claim 6, wherein the access request includes a client token indicating that the client application is authenticated, a user token indicating that a user of the client application is authenticated, and an indication of the service provider for which access is requested.
  - 8. The system of claim 7, wherein the one or more processors are further configured to provide an access token to the client application at least in response to receiving an indication that the user and the client application are granted access to the service provider by the access management service.
  - 9. The system of claim 1, wherein a first access management service call corresponding to a first service provider is different from a second access management service call corresponding to a second service provider.
  - 10. The system of claim 1, wherein the access management service to be used is specified by the service provider and not indicated to the client application.

11. A computer-implemented method, comprising:
- receiving, by a computer system, a representational state transfer (REST) interface access request for accessing a third-party server, the REST interface access request received from a client application;
  
  determining, by the computer system, an access management service call corresponding to the third-party server for which access is requested, the determining based at least in part on the REST interface access request received from the client application;
  
  providing, by the computer system, the access management service call to an access management service associated with the third-party server for which access is requested, the access management service call including a token request for accessing the third-party server;
  
  receiving, by the computer system, a token for accessing the third-party server; and
  
  providing, by the computer system, the token to the client application.
- View Dependent Claims (12, 13, 14)
- - 12. The computer-implemented method of claim 11, wherein the client application comprises a mobile application, a rich Internet application, or a software as a service application.
  - 13. The computer-implemented method of claim 11, wherein the request to access the third-party server is received as a REST call independent of an application programming interface (API) of the third-party server for which access is requested.
  - 14. The computer-implemented method of claim 11, further comprising determining, based at least in part on an application programming interface (API) of the third-party server, a predefined manner for providing the token request.

15. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
- instructions that cause the one or more processors to receive, from a user agent, a representational state transfer (REST) interface call for requesting access to a service provider;
  
  instructions that cause the one or more processors to determine, based at least in part on the REST interface call from the user agent, a method call for utilizing an access management service associated with the service provider, a format of the method call corresponding to the access management service;
  
  instructions that cause the one or more processors to transmit, to the access management service associated with the service provider, the method call for utilizing the access management service;
  
  instructions that cause the one or more processors to receive, from the access management service, an access decision; and
  
  instructions that cause the one or more processors to provide, based at least in part on access decision, an access token to the client application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable memory of claim 15, wherein the REST interface call for requesting access to the service provider includes at least a request to authenticate a user of the user agent.
  - 17. The computer-readable memory of claim 15, further comprising instructions that cause the one or more processors to determine a predefined format for transmission of the method call based at least in part on an application programming interface (API) of the access management service.
  - 18. The computer-readable memory of claim 17, wherein a first format of a method call for a first access management service is different from a second format of a method call for a second access management service.
  - 19. The computer-readable memory of claim 15, wherein the access management service is configured to receive method calls other than REST interface calls.
  - 20. The computer-readable memory of claim 15, wherein the method call comprises a request to authenticate a user of the user agent, a request to authorize a user of the user agent, or a request to perform a token exchange for providing user access to the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sondhi, Ajay, Chu, Ching-Wen, Kim, Beomsuk, Brydon, Sean

Granted Patent

US 9,081,951 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 67/306   User profiles

H04W 12/068   using credential vaults, e....

MOBILE APPLICATION, IDENTITY INTERFACE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE APPLICATION, IDENTITY INTERFACE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links