Systems and Methods of Using a Temporary Private Key Between Two Devices
First Claim
1. A method, comprising:
- at a personal user device with one or more processors and memory storing programs for execution by the one or more processors;
receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server;
receiving access authentication information from the user;
in response to receiving the access authentication information from the user;
sending the access authentication information to an authentication server;
receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user;
sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information;
detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and
in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token.
2 Assignments
0 Petitions
Accused Products
Abstract
A method executes at a personal user device associated with a user. The method receives a request from a shared user device, the request seeking access to personal information associated with the user. The personal information is stored at a resource server. The method receives access authentication information from the user. The method then sends the access authentication information to an authentication server, and receives an access token. The access token grants access privileges to the personal information. The method sends the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information. The method detects a physical movement of the personal user device, then sends a message to the authentication server to revoke access privileges associated with the access token.
165 Citations
48 Claims
-
1. A method, comprising:
at a personal user device with one or more processors and memory storing programs for execution by the one or more processors; receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server; receiving access authentication information from the user; in response to receiving the access authentication information from the user; sending the access authentication information to an authentication server; receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user; sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information; detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A personal user device, comprising:
-
one or more processors; memory; and one or more programs stored in the memory for execution by the one or more processors, the one or more programs comprising executable instructions for; receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server; receiving access authentication information from the user; in response to receiving the access authentication information from the user; sending the access authentication information to an authentication server; receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user; sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information; detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable storage medium storing one or more programs configured for execution by a personal user device having one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs comprising executable instructions for:
-
receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server; receiving access authentication information from the user; in response to receiving the access authentication information from the user; sending the access authentication information to an authentication server; receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user; sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information; detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method, comprising:
at an authentication server with one or more processors and memory storing programs for execution by the one or more processors; receiving a request from a shared user device, the request seeking access to personal information that is associated with a user and stored at a resource server; receiving access authentication information from a personal user device; creating an access token that grants access privileges to the personal information associated with the user; providing the access token to the shared user device; receiving from the personal user device a command to revoke access privileges associated with the access token; receiving a validation request from the resource server, the validation request including the access token; determining that access privileges associated with the access token have been revoked; and notifying the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
33. An authentication server system, comprising:
-
one or more processors; memory; and one or more programs stored in the memory for execution by the one or more processors, the one or more programs comprising executable instructions for; receiving a request from a shared user device, the request seeking access to personal information that is associated with a user and stored at a resource server; receiving access authentication information from a personal user device; creating an access token that grants access privileges to the personal information associated with the user; providing the access token to the shared user device; receiving from the personal user device a command to revoke access privileges associated with the access token; receiving a validation request from the resource server, the validation request including the access token; determining that access privileges associated with the access token have been revoked; and notifying the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. A computer readable storage medium storing one or more programs configured for execution by an authentication server computer system having one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs comprising executable instructions for:
-
receiving a request from a shared user device, the request seeking access to personal information that is associated with a user and stored at a resource server; receiving access authentication information from a personal user device; creating an access token that grants access privileges to the personal information associated with the user; providing the access token to the shared user device; receiving from the personal user device a command to revoke access privileges associated with the access token; receiving a validation request from the resource server, the validation request including the access token; determining that access privileges associated with the access token have been revoked; and notifying the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
Specification