PROXY AUTHENTICATION

US 20170223020A1
Filed: 04/18/2017
Published: 08/03/2017
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

by a first computing device,receiving, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device, wherein the set of data is managed by a second computing device;

sending, by the operating system of the first computing device on behalf of the client application and to the second computing device, a second request for accessing the set of data, wherein the second request comprises an application identifier indentifying the client application, a developer identifier indentifying a developer of the client application, and an access type for accessing the set of data;

receiving, by the operating system of the first computing device and from the second computing device, a response to the second request; and

if the response to the second request grants the client application access to the set of data, then forwarding, by the operating system of the first computing device and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device, wherein the access token is received by the operating system of the first computing device and from the second computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, receiving, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device, wherein the set of data is managed by a second computing device; sending, by the operating system and to the second computing device, a second request for accessing the set of data; receiving, by the operating system and from the second computing device, a response to the second request; and if the response to the second request grants the client application access to the set of data, then forwarding, by the operating system and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device.

9 Citations

20 Claims

1. A method comprising:
- by a first computing device,receiving, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device, wherein the set of data is managed by a second computing device;
  
  sending, by the operating system of the first computing device on behalf of the client application and to the second computing device, a second request for accessing the set of data, wherein the second request comprises an application identifier indentifying the client application, a developer identifier indentifying a developer of the client application, and an access type for accessing the set of data;
  
  receiving, by the operating system of the first computing device and from the second computing device, a response to the second request; and
  
  if the response to the second request grants the client application access to the set of data, then forwarding, by the operating system of the first computing device and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device, wherein the access token is received by the operating system of the first computing device and from the second computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein:
    - the second computing device is associated with a social-networking system;
      
      a user of the first computing device is a member of the social-networking system; and
      
      the set of data is data of the user stored with the social-networking system.
  - 3. The method of claim 1, wherein the first request comprises the application identifier of the client application and the access type for accessing the set of data.
  - 4. The method of claim 3, further comprising determining, by the operating system of the first computing device, the developer identifier of the developer of the client application based on the application identifier of the client application.
  - 5. The method of claim 1, further comprising:
    - if the response to the second request denies the client application access to the set of data, then notifying, by the operating system of the first computing device, the client application that its request for accessing the set of data has been denied.
  - 6. The method of claim 1, wherein the second request further comprises a user identifier identifying the user of the first computing device.
  - 7. The method of claim 1, further comprising establishing a secure connection with the second computing device, wherein the second request is sent over the secure connection.
  - 8. The method of claim 1, wherein if the response to the second request grants the client application access to the set of data, then the response comprises the access token.
  - 9. The method of claim 8, further comprising storing the access token on the first computing device.

10. A first system comprising:
- a memory comprising instructions executable by one or more processors; and
  
  the one or more processors coupled to the memory and operable to execute the instructions, the one or more processors being operable when executing the instructions to;
  
  receive, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device, wherein the set of data is managed by a second computing device;
  
  send, by the operating system of the first computing device on behalf of the client application and to the second computing device, a second request for accessing the set of data, wherein the second request comprises an application identifier indentifying the client application, a developer identifier indentifying a developer of the client application, and an access type for accessing the set of data;
  
  receive, by the operating system of the first computing device and from the second computing device, a response to the second request; and
  
  if the response to the second request grants the client application access to the set of data, then forward, by the operating system of the first computing device and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device, wherein the access token is received by the operating system of the first computing device and from the second computing device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The first system of claim 10, wherein:
    - the second system is associated with a social-networking system;
      
      a user of the first system is a member of the social-networking system; and
      
      the set of data is data of the user stored with the social-networking system.
  - 12. The first system of claim 10, wherein the first request comprises the application identifier of the client application and the access type for accessing the set of data.
  - 13. The first system of claim 12, wherein the one or more processors are further operable when executing the instructions to determine, by the operating system of the first system, the developer identifier of the developer of the client application based on the application identifier of the client application.
  - 14. The first system of claim 10, wherein the one or more processors are further operable when executing the instructions to:
    - if the response to the second request denies the client application access to the set of data, then notify, by the operating system of the first computing device, the client application that its request for accessing the set of data has been denied.
  - 15. The first system of claim 10, wherein the second request further comprises a user identifier identifying the user of the first system.
  - 16. The first system of claim 10, wherein the one or more processors are further operable when executing the instructions to establish a secure connection with the second system, wherein the second request is sent over the secure connection.
  - 17. The first system of claim 10, wherein if the response to the second request grants the client application access to the set of data, then the response comprises the access token.
  - 18. The first system of claim 17, wherein the one or more processors are further operable when executing the instructions to store the access token on the first system.

19. One or more computer-readable non-transitory storage media embodying software operable when executed by a first computer system to:
- receive, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device, wherein the set of data is managed by a second computing device;
  
  send, by the operating system of the first computing device on behalf of the client application and to the second computing device, a second request for accessing the set of data, wherein the second request comprises an application identifier indentifying the client application, a developer identifier indentifying a developer of the client application, and an access type for accessing the set of data;
  
  receive, by the operating system of the first computing device and from the second computing device, a response to the second request; and
  
  if the response to the second request grants the client application access to the set of data, then forward, by the operating system of the first computing device and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device, wherein the access token is received by the operating system of the first computing device and from the second computing device.
- View Dependent Claims (20)
- - 20. The media of claim 19, wherein:
    - the second computer system is associated with a social-networking system;
      
      a user of the first computer system is a member of the social-networking system; and
      
      the set of data is data of the user stored with the social-networking system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Shepard, Luke Jonathan, Tung, Julie Christina, Sadan, Yariv, Goldman, Brent Justin, Shah, Naitik Hemant, Vijayvergiya, Arun

Granted Patent

US 10,182,052 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/44   Program or device authentic...

G06F 21/6281   at program execution time, ...

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

PROXY AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROXY AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links