ASYNCHRONOUS USER PERMISSION MODEL FOR APPLICATIONS

US 20140373099A1
Filed: 06/17/2013
Published: 12/18/2014
Est. Priority Date: 06/17/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing an access token to an application without requiring the application to interact with a user-agent through which a third party contemporaneously authorizes use of the access token, the method comprising:

retrieving an application authorization universal resource locator (appAuthURL);

retrieving an access token universal resource locator (accessTokenURL);

providing an application ID and a shared secret to the appAuthURL, the application ID identifying an application requiring access to a service, an authorization server at the appAuthURL generating an application token (appToken) and an event URL (eventURL) when the shared secret is verified, the appToken granting permission to the application to perform an event at the eventURL related to the service;

polling the accessTokenURL to obtain an access token (accessToken), the accessToken indicating third party approval for the application to perform the event on behalf of the third party, the authorization server at the accessTokenURL providing the accessToken to the application as a part of the polling if the appToken is verified and the third party contemporaneously engages a user-agent to authorize the application, the accessToken being provided to the application without the application performing a related interaction with the user-agent; and

providing the accessToken to the eventURL, thereby enabling the application to perform the event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Use of an application to engage services on behalf of a third party is contemplated. The services may be engaged one behalf of the third party with delivery of a third party permission to a Web service, optionally with the third party permission being recognized in the form of an access token (accessToken) provided from the application to the Web service without requiring the application to interact with an user-agent used to obtain the third party permission.

27 Citations

View as Search Results

20 Claims

1. A method for providing an access token to an application without requiring the application to interact with a user-agent through which a third party contemporaneously authorizes use of the access token, the method comprising:
- retrieving an application authorization universal resource locator (appAuthURL);
  
  retrieving an access token universal resource locator (accessTokenURL);
  
  providing an application ID and a shared secret to the appAuthURL, the application ID identifying an application requiring access to a service, an authorization server at the appAuthURL generating an application token (appToken) and an event URL (eventURL) when the shared secret is verified, the appToken granting permission to the application to perform an event at the eventURL related to the service;
  
  polling the accessTokenURL to obtain an access token (accessToken), the accessToken indicating third party approval for the application to perform the event on behalf of the third party, the authorization server at the accessTokenURL providing the accessToken to the application as a part of the polling if the appToken is verified and the third party contemporaneously engages a user-agent to authorize the application, the accessToken being provided to the application without the application performing a related interaction with the user-agent; and
  
  providing the accessToken to the eventURL, thereby enabling the application to perform the event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising retrieving the appAuthURL and the accessTokenURL with a Hypertext Transfer Protocol (HTTP) GET transmitted from the application to a centralized discovery server, the centralized discovery server providing the appAuthURL and the accessTokenURL when an application IP address transmitted with the HTTP GET is verified.
  - 3. The method of claim 2 wherein the centralized discovery server verifies the application IP address when the application IP address matches a verified IP address previously provided to the centralized discovery server from the authorization server.
  - 4. The method of claim 3 wherein the authorization server provides the appAuthURL and the accessTokenURL to the centralized discovery server for association with the verified IP address, the centralized discovery server identifying the appAuthURL and the accessTokenURL transmitted to the application from a plurality of URLs associated with other IP addresses.
  - 5. The method of claim 1 further comprising retrieving the appAuthURL and the accessTokenURL with a Universal Plug and Play (UPnP) GET transmitted from the application to a settop box (STB), the STB sharing a connection to a local area network (LAN).
  - 6. The method of claim 5 further comprising performing a UPnP discovery for the STB, the UPnP discovery identifying an STB address for the STB, the application transmitting the UPnP GET to the STB address.
  - 7. The method of claim 5 wherein the authorization server provides a permission message to the STB, the STB being at least part of the user-agent and configured to facilitate interactions with the third party associated with authorizing the access token, the permission message identifying the application and/or the event for authorization by the third party.
  - 8. The method of claim 1 wherein the authorization server provides a permission message to a second screen application, the second screen application being included on the user-agent to facilitate interactions with the third party, the permission message identifying the application and/or the event for authorization by the third party.
  - 9. The method of claim 1 further comprising unsuccessfully polling the accessTokenURL at least once prior to being provided the accessToken from the authorization server, the unsuccessful polling being performed prior to the third party authorizing use of the accessToken.

10. A method of enabling an application to direct a Web service to perform an event on behalf of a third party, the Web service requiring receipt of an access token (accessToken) issued from an authorization server in order to perform the event, the authorization server generating the accessToken following receipt of a third party permission from an user-agent, the user-agent providing a user interface for receiving the third party permission from the third party, the method comprising:
- providing an application ID and a shared secret to the authorization server, the application ID identifying the application requesting to perform the event, the authorization server generating an application token (appToken) and an event URL (eventURL) if the shared secret is verified, the appToken granting permission to the application to perform the event;
  
  providing the appToken to the authorization server, and if verified by the authorization server, responsively obtaining the accessToken from the authorization server, whereby the application obtains the accessToken without interacting with the user-agent; and
  
  providing the accessToken to the eventURL to enable the application to perform the event.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10 further comprising providing the application ID and the shared secret to application authorization universal resource locator (appAuthURL) and the appToken to an access token universal resource locator (accessTokenURL).
  - 12. The method of claim 11 further comprising transmitting a Hypertext Transfer Protocol (HTTP) GET to a centralized discovery server to obtain the appAuthURL and the accessTokenURL, the centralized discovery server providing the appAuthURL and the accessTokenURL if an application IP address transmitted with the HTTP GET is verified, the application ID being associated with the application.
  - 13. The method of claim 12 wherein the centralized discovery server verifies the application IP address when the application IP address matches a verified IP address previously provided to the centralized discovery server from the authorization server.
  - 14. The method of claim 13 wherein the authorization server provides the appAuthURL and the accessTokenURL to the centralized discovery server for association with the verified IP address, the centralized discovery server identifying the appAuthURL and the accessTokenURL transmitted to the application from a plurality of URLs associated with other IP addresses.
  - 15. The method of claim 11 further comprising retrieving the appAuthURL and the accessTokenURL with a Universal Plug and Play (UPnP) GET transmitted from the application to a settop box (STB), the STB sharing a connection to a local area network (LAN).
  - 16. The method of claim 15 further comprising performing a UPnP discovery for the STB, the UPnP discovery identifying an STB address for the STB, the application transmitting the UPnP GET to the STB address.
  - 17. The method of claim 16 wherein the authorization server provides a permission message to the STB, the STB being at least part of the user-agent and configured to facilitate interactions with the third party associated with the authorization server obtaining the third party permission.
  - 18. The method of claim 17 wherein the authorization server provides a permission message to a second screen application, the second screen application being configured to supplement content showing through the STB, the screen application being included on the user-agent to facilitate interactions with the third party associated with the authorization server obtaining the third party permission.

19. A system for engaging a Web service to perform an event on behalf of a third party, the system comprising:
- an application operable to issue a request to the Web service to perform the event on behalf of the third party, the application operable to include an access token (accessToken) with the request, the Web service verifying the accessToken prior to performing the event;
  
  an authorization server operable to provide the accessToken to the application, the authorization server verifying an application token (appToken) provided from the application prior to providing the accessToken; and
  
  a user-agent operable to receive a third party permission from the third party, the third party permission indicating approval of the third party for the application to perform the event behalf of the third party, the user-agent identifying the application requesting to perform the event as a function of an application ID provided from the authorization server and without corresponding interaction with the application.
- View Dependent Claims (20)
- - 20. The system of claim 19 wherein the user-agent is a settop box (STB) operable to interface television signaling with a television, the STB receiving the third party permission as function of inputs received from a second screen application, the second screen application executing on a tablet to augment the television signaling.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Durbha, Seetharama

Granted Patent

US 9,413,762 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/10 for controlling access to d...

ASYNCHRONOUS USER PERMISSION MODEL FOR APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ASYNCHRONOUS USER PERMISSION MODEL FOR APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links