Systems and Methods of Using a Temporary Private Key Between Two Devices

US 20140026193A1
Filed: 07/20/2012
Published: 01/23/2014
Est. Priority Date: 07/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

at a personal user device with one or more processors and memory storing programs for execution by the one or more processors;

receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server;

receiving access authentication information from the user;

in response to receiving the access authentication information from the user;

sending the access authentication information to an authentication server;

receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user;

sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information;

detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and

in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method executes at a personal user device associated with a user. The method receives a request from a shared user device, the request seeking access to personal information associated with the user. The personal information is stored at a resource server. The method receives access authentication information from the user. The method then sends the access authentication information to an authentication server, and receives an access token. The access token grants access privileges to the personal information. The method sends the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information. The method detects a physical movement of the personal user device, then sends a message to the authentication server to revoke access privileges associated with the access token.

165 Citations

48 Claims

1. A method, comprising:
- at a personal user device with one or more processors and memory storing programs for execution by the one or more processors;
  
  receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server;
  
  receiving access authentication information from the user;
  
  in response to receiving the access authentication information from the user;
  
  sending the access authentication information to an authentication server;
  
  receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user;
  
  sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information;
  
  detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and
  
  in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the predefined motion criteria includes having the movement be greater than a predefined distance.
  - 3. The method of claim 1, wherein the predefined motion criteria includes having the personal device move more than a predefined distance relative to the shared user device.
  - 4. The method of claim 1, wherein the application executing on the shared user device is not permitted access to the personal information prior to the personal user device sending the access token to the shared user device.
  - 5. The method of claim 1, wherein the application executing on the shared user device is not permitted access to any additional portion of the personal information after the personal user device sends the message to the authentication server to revoke access privileges associated with the access token.
  - 6. The method of claim 1, wherein the access privileges associated with the access token permit access to the personal information for a limited period of time, the method further comprising extending the limited period of time based on predefined extension criteria.
  - 7. The method of claim 6, wherein the predefined extension criteria include determining that the personal user device is within a renewal radius of the shared user device.
  - 8. The method of claim 6, wherein the predefined extension criteria include determining that the personal user device has not moved more than a predefined renewal distance.

9. A personal user device, comprising:
- one or more processors;
  
  memory; and
  
  one or more programs stored in the memory for execution by the one or more processors, the one or more programs comprising executable instructions for;
  
  receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server;
  
  receiving access authentication information from the user;
  
  in response to receiving the access authentication information from the user;
  
  sending the access authentication information to an authentication server;
  
  receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user;
  
  sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information;
  
  detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and
  
  in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The personal user device of claim 9, wherein the predefined motion criteria includes having the movement be greater than a predefined distance.
  - 11. The personal user device of claim 9, wherein the predefined motion criteria includes having the personal device move more than a predefined distance relative to the shared user device.
  - 12. The personal user device of claim 9, wherein the application executing on the shared user device is not permitted access to the personal information prior to the personal user device sending the access token to the shared user device.
  - 13. The personal user device of claim 9, wherein the application executing on the shared user device is not permitted access to any additional portion of the personal information after the personal user device sends the message to the authentication server to revoke access privileges associated with the access token.
  - 14. The personal user device of claim 9, wherein the access privileges associated with the access token permit access to the personal information for a limited period of time, and wherein the one or more programs further comprise instructions for extending the limited period of time based on predefined extension criteria.
  - 15. The personal user device of claim 14, wherein the predefined extension criteria include determining that the personal user device is within a renewal radius of the shared user device.
  - 16. The personal user device of claim 14, wherein the predefined extension criteria include determining that the personal user device has not moved more than a predefined renewal distance.

17. A computer readable storage medium storing one or more programs configured for execution by a personal user device having one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs comprising executable instructions for:
- receiving a request from a shared user device distinct from the personal user device, wherein the personal user device is associated with a user, and the request seeks access to personal information that is associated with the user and stored at a resource server;
  
  receiving access authentication information from the user;
  
  in response to receiving the access authentication information from the user;
  
  sending the access authentication information to an authentication server;
  
  receiving an access token from the authentication server, the access token granting access privileges to the personal information associated with the user;
  
  sending the access token to the shared user device, thereby permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information;
  
  detecting a physical movement of the personal user device, the movement meeting predefined motion criteria; and
  
  in response to detecting the physical movement, sending a message to the authentication server to revoke access privileges associated with the access token.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer readable storage medium of claim 17, wherein the predefined motion criteria includes having the movement be greater than a predefined distance.
  - 19. The computer readable storage medium of claim 17, wherein the predefined motion criteria includes having the personal device move more than a predefined distance relative to the shared user device.
  - 20. The computer readable storage medium of claim 17, wherein the application executing on the shared user device is not permitted access to the personal information prior to the personal user device sending the access token to the shared user device.
  - 21. The computer readable storage medium of claim 17, wherein the application executing on the shared user device is not permitted access to any additional portion of the personal information after the personal user device sends the message to the authentication server to revoke access privileges associated with the access token.
  - 22. The computer readable storage medium of claim 17, wherein the access privileges associated with the access token permit access to the personal information for a limited period of time, and wherein the one or more programs further comprise instructions for extending the limited period of time based on predefined extension criteria.
  - 23. The computer readable storage medium of claim 22, wherein the predefined extension criteria include determining that the personal user device is within a renewal radius of the shared user device.
  - 24. The computer readable storage medium of claim 22, wherein the predefined extension criteria include determining that the personal user device has not moved more than a predefined renewal distance.

25. A method, comprising:
- at an authentication server with one or more processors and memory storing programs for execution by the one or more processors;
  
  receiving a request from a shared user device, the request seeking access to personal information that is associated with a user and stored at a resource server;
  
  receiving access authentication information from a personal user device;
  
  creating an access token that grants access privileges to the personal information associated with the user;
  
  providing the access token to the shared user device;
  
  receiving from the personal user device a command to revoke access privileges associated with the access token;
  
  receiving a validation request from the resource server, the validation request including the access token;
  
  determining that access privileges associated with the access token have been revoked; and
  
  notifying the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The method of claim 25, further comprising prior to receiving from the personal user device a command to revoke access privileges associated with the access token:
    - receiving a validation request from the resource server, the validation request including the access token;
      
      determining that access privileges associated with the access token have not been revoked; and
      
      notifying the resource server that the validation request passed, thereby permitting access to the personal information by the shared user device.
  - 27. The method of claim 25, wherein the access privileges associated with the access token permit access to the personal information for a limited period of time.
  - 28. The method of claim 27, wherein the authentication server receives a specification of the limited period of time from the personal user device.
  - 29. The method of claim 27, further comprising extending the limited period of time based on predefined extension criteria.
  - 30. The method of claim 29, wherein the predefined extension criteria include receiving renewed access authentication information from the personal user device.
  - 31. The method of claim 25, wherein the personal user device is a cellular phone.
  - 32. The method of claim 25, further comprising for each request from the shared user device to access personal information from the resource server:
    - receiving a validation request from the resource server, the validation request including the access token;
      
      determining whether access privileges associated with the access token are currently valid; and
      
      notifying the resource server of the determination, thereby permitting or preventing access to the personal information by the shared user device.

33. An authentication server system, comprising:
- one or more processors;
  
  memory; and
  
  one or more programs stored in the memory for execution by the one or more processors, the one or more programs comprising executable instructions for;
  
  receiving a request from a shared user device, the request seeking access to personal information that is associated with a user and stored at a resource server;
  
  receiving access authentication information from a personal user device;
  
  creating an access token that grants access privileges to the personal information associated with the user;
  
  providing the access token to the shared user device;
  
  receiving from the personal user device a command to revoke access privileges associated with the access token;
  
  receiving a validation request from the resource server, the validation request including the access token;
  
  determining that access privileges associated with the access token have been revoked; and
  
  notifying the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The authentication server system of claim 33, the one or more programs further comprising instructions configured to execute prior to receiving from the personal user device a command to revoke access privileges associated with the access token, the instructions for:
    - receiving a validation request from the resource server, the validation request including the access token;
      
      determining that access privileges associated with the access token have not been revoked; and
      
      notifying the resource server that the validation request passed, thereby permitting access to the personal information by the shared user device.
  - 35. The authentication server system of claim 33, wherein the access privileges associated with the access token permit access to the personal information for a limited period of time.
  - 36. The authentication server system of claim 35, the one or more programs further comprising instructions for receiving a specification of the limited period of time from the personal user device.
  - 37. The authentication server system of claim 35, the one or more programs further comprising instructions for extending the limited period of time based on predefined extension criteria.
  - 38. The authentication server system of claim 37, wherein the predefined extension criteria include receiving renewed access authentication information from the personal user device.
  - 39. The authentication server system of claim 33, wherein the personal user device is a cellular phone.
  - 40. The authentication server system of claim 33, the one or more programs further comprising instructions configured to execute for each request from the shared user device to access personal information from the resource server, the instructions for:
    - receiving a validation request from the resource server, the validation request including the access token;
      
      determining whether access privileges associated with the access token are currently valid; and
      
      notifying the resource server of the determination, thereby permitting or preventing access to the personal information by the shared user device.

41. A computer readable storage medium storing one or more programs configured for execution by an authentication server computer system having one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs comprising executable instructions for:
- receiving a request from a shared user device, the request seeking access to personal information that is associated with a user and stored at a resource server;
  
  receiving access authentication information from a personal user device;
  
  creating an access token that grants access privileges to the personal information associated with the user;
  
  providing the access token to the shared user device;
  
  receiving from the personal user device a command to revoke access privileges associated with the access token;
  
  receiving a validation request from the resource server, the validation request including the access token;
  
  determining that access privileges associated with the access token have been revoked; and
  
  notifying the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
- - 42. The computer readable storage medium of claim 41, the one or more programs further comprising instructions configured to execute prior to receiving from the personal user device a command to revoke access privileges associated with the access token, the instructions for:
    - receiving a validation request from the resource server, the validation request including the access token;
      
      determining that access privileges associated with the access token have not been revoked; and
      
      notifying the resource server that the validation request passed, thereby permitting access to the personal information by the shared user device.
  - 43. The computer readable storage medium of claim 41, wherein the access privileges associated with the access token permit access to the personal information for a limited period of time.
  - 44. The computer readable storage medium of claim 43, the one or more programs further comprising instructions for receiving a specification of the limited period of time from the personal user device.
  - 45. The computer readable storage medium of claim 43, the one or more programs further comprising instructions for extending the limited period of time based on predefined extension criteria.
  - 46. The computer readable storage medium of claim 45, wherein the predefined extension criteria include receiving renewed access authentication information from the personal user device.
  - 47. The computer readable storage medium of claim 41, wherein the personal user device is a cellular phone.
  - 48. The computer readable storage medium of claim 41, the one or more programs further comprising instructions configured to execute for each request from the shared user device to access personal information from the resource server, the instructions for:
    - receiving a validation request from the resource server, the validation request including the access token;
      
      determining whether access privileges associated with the access token are currently valid; and
      
      notifying the resource server of the determination, thereby permitting or preventing access to the personal information by the shared user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Saxman, Paul, Vogel, J. Leslie

Granted Patent

US 9,256,722 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/33   using certificates

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

Systems and Methods of Using a Temporary Private Key Between Two Devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

165 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods of Using a Temporary Private Key Between Two Devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links