MOBILE OAUTH SERVICE

US 20150089622A1
Filed: 04/30/2014
Published: 03/26/2015
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at an OAuth authorization server, from a first application executing on a first mobile device, a first registration request that includes a first device token that the first application previously received from a service and that the service uses to identify the first application;

in response to receiving the first registration request, the OAuth authorization server generating a first client registration token for the first application; and

sending, from the OAuth authorization server, to the service, at least a part of the first client registration token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Citations

18 Claims

1. A computer-implemented method comprising:
- receiving, at an OAuth authorization server, from a first application executing on a first mobile device, a first registration request that includes a first device token that the first application previously received from a service and that the service uses to identify the first application;
  
  in response to receiving the first registration request, the OAuth authorization server generating a first client registration token for the first application; and
  
  sending, from the OAuth authorization server, to the service, at least a part of the first client registration token.
- View Dependent Claims (2, 3, 4, 5, 6, 17)
- - 2. The computer-implemented method of claim 1, wherein the service is Apple Push Notification Service (APNS);
    - wherein the first application received the first device token from APNS as part of a registration process in which the first application engaged with APNS; and
      
      wherein APNS uses the first device token to push notifications to the first application.
  - 3. The computer-implemented method of claim 1, wherein the service is Google Cloud Messaging (GCM), and wherein the first application received the first device token from GCM as part of a registration process in which the first application engaged with GCM;
    - and wherein GCM uses the first device token to send messages to the first application.
  - 4. The computer-implemented method of claim 1, further comprising:
    - splitting the first client registration token into a first part and a second part at the OAuth authorization server;
      
      sending the first part from the OAuth authorization server to the service; and
      
      sending the second part from the OAuth authorization server to the first mobile device through a communication channel that is unrelated to the service.
  - 5. The computer-implemented method of claim 4, wherein the communication channel is a Hypertext Transfer Protocol (HTTP) channel through which the OAuth authorization server received the first registration request from the first mobile device.
  - 6. The computer-implemented method of claim 1, further comprising:
    - receiving, at the OAuth authorization server, from a second application executing on a second mobile device, a second registration request that includes a second device token that the second application previously received from the service and that the service uses to identify the second application;
      
      in response to receiving the second registration request, the OAuth authorization server generating a second client registration token for the second application; and
      
      sending, from the OAuth authorization server, to the service, at least a part of the second client registration token;
      
      wherein the second device token differs from the first device token.
  - 17. The system of claim 4, wherein the communication channel is a Hypertext Transfer Protocol (HTTP) channel through which the OAuth authorization server received the first registration request from the first mobile device.

7. A computer-readable memory comprising instructions which, when executed by one or more processors, cause the one or more processors to perform:
- receiving, at an OAuth authorization server, from a first application executing on a first mobile device, a first registration request that includes a first device token that the first application previously received from a service and that the service uses to identify the first application;
  
  in response to receiving the first registration request, the OAuth authorization server generating a first client registration token for the first application; and
  
  sending, from the OAuth authorization server, to the service, at least a part of the first client registration token.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable memory of claim 7, wherein the service is Apple Push Notification Service (APNS);
    - wherein the first application received the first device token from APNS as part of a registration process in which the first application engaged with APNS; and
      
      wherein APNS uses the first device token to push notifications to the first application.
  - 9. The computer-readable memory of claim 7, wherein the service is Google Cloud Messaging (GCM), and wherein the first application received the first device token from GCM as part of a registration process in which the first application engaged with GCM;
    - and wherein GCM uses the first device token to send messages to the first application.
  - 10. The computer-readable memory of claim 7, wherein the instructions, when executed by the one or more processors, cause the one or more processors to perform:
    - splitting the first client registration token into a first part and a second part at the OAuth authorization server;
      
      sending the first part from the OAuth authorization server to the service; and
      
      sending the second part from the OAuth authorization server to the first mobile device through a communication channel that is unrelated to the service.
  - 11. The computer-readable memory of claim 10, wherein the communication channel is a Hypertext Transfer Protocol (HTTP) channel through which the OAuth authorization server received the first registration request from the first mobile device.
  - 12. The computer-readable memory of claim 7, further comprising:
    - receiving, at the OAuth authorization server, from a second application executing on a second mobile device, a second registration request that includes a second device token that the second application previously received from the service and that the service uses to identify the second application;
      
      in response to receiving the second registration request, the OAuth authorization server generating a second client registration token for the second application; and
      
      sending, from the OAuth authorization server, to the service, at least a part of the second client registration token;
      
      wherein the second device token differs from the first device token.

13. A system comprising:
- a first mobile device that stores a first application; and
  
  a machine that is separate from the first mobile device and that stores an OAuth authorization server that is configured to;
  
  receive, from the first application, a first registration request that includes a first device token that the first application previously received from a service and that the service uses to identify the first application;
  
  generate a first client registration token for the first application in response to receiving the first registration request; and
  
  send at least a part of the first client registration token to the service.
- View Dependent Claims (14, 15, 16, 18)
- - 14. The system of claim 13, wherein the service is Apple Push Notification Service (APNS);
    - wherein the first application received the first device token from APNS as part of a registration process in which the first application engaged with APNS; and
      
      wherein APNS uses the first device token to push notifications to the first application.
  - 15. The system of claim 13, wherein the service is Google Cloud Messaging (GCM), and wherein the first application received the first device token from GCM as part of a registration process in which the first application engaged with GCM;
    - and wherein GCM uses the first device token to send messages to the first application.
  - 16. The system of claim 13, wherein the OAuth authorization server is configured to:
    - split the first client registration token into a first part and a second part;
      
      send the first part to the service; and
      
      send the second part to the first mobile device through a communication channel that is unrelated to the service.
  - 18. The system of claim 13, further comprising a second mobile device that stores a second application and that is separate from the first mobile device;
    - and wherein the OAuth authorization server is configured to;
      
      receive, from the second application, a second registration request that includes a second device token that the second application previously received from the service and that the service uses to identify the second application;
      
      generate a second client registration token for the second application in response to receiving the second registration request; and
      
      send at least a part of the second client registration token to the service;
      
      wherein the second device token differs from the first device token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sondhi, Ajay, Bhat, Shivaram, Hingarajiya, Ravi, Wong, Wai Leung William

Granted Patent

US 9,374,356 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 2221/2103   Challenge-response

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/06   Authentication

MOBILE OAUTH SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE OAUTH SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links