Data access in a distributed environment
First Claim
Patent Images
1. A method for providing a first network resource operating on a first network device access to a second network resource operating on a second network device, comprising:
- from a third network device, locating a profile using profile data obtained from a client device, the profile containing data for identifying and for accessing the second network resource;
from the third network device, supplying the profile to the second network resource;
at the third network device, receiving temporary credentials for accessing the second network resource and generated according to the profile, the temporary credentials being provided from the second network resource; and
from the third network device, providing the first network resource with the temporary credentials so that the first network resource can provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing a first network resource limited access to a second network resource. A method embodying the invention includes receiving profile data. Using the profile data, temporary credentials are then generated for accessing the second network resource. The temporary credentials are then made available to the first network resource. In a preferred embodiment, the temporary credentials are invalidated following a termination event such as the lapse of a set time period or after the second resource has been accessed.
-
Citations
52 Claims
-
1. A method for providing a first network resource operating on a first network device access to a second network resource operating on a second network device, comprising:
-
from a third network device, locating a profile using profile data obtained from a client device, the profile containing data for identifying and for accessing the second network resource; from the third network device, supplying the profile to the second network resource; at the third network device, receiving temporary credentials for accessing the second network resource and generated according to the profile, the temporary credentials being provided from the second network resource; and from the third network device, providing the first network resource with the temporary credentials so that the first network resource can provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for enabling an application server to access a data service, the application server operating on a first network device and the data service operating on a second network device, the method comprising:
-
the application server instructing a client device to provide profile data to an identification service operating on a third network device, the identification service having access to one or more profiles used to access one or more data services including the data service operating on the second network device, the profile data identifying a particular profile; the identification service locating the particular profile using the profile data received from the client device, the profile containing data for identifying and for accessing the data service; the identification service providing the profile to the data service; the data service generating temporary credentials for accessing the data service identified by the particular profile end providing the temporary credentials to the identification service; and the application server obtaining the temporary credentials from the identification service and providing the data service with the temporary credentials to access and interact with the data service on behalf of the client device. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for enabling an application server to access a data service, the application server operating on a first network device and the data service operating on a second network device, the method comprising:
- the application server receiving, from a client device, a request to direct an application;
the application server instructing the client device to provide profile data to an identification service operating on a third network device, the identification service having access to one or more profiles for identifying and accessing one or more data services, the profile data identifying a particular profile; the identification service providing the data service with the particular profile identified by the profile data, the profile containing data for identifying and accessing the data service; the data service using the profile to generate temporary credentials for accessing the data service and providing the temporary credentials to the identification service; and the application server obtaining the temporary credentials from the identification service and providing the data service with the temporary credentials to access and interact with the data service on behalf of the client device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
- the application server receiving, from a client device, a request to direct an application;
-
21. A computer readable medium having instructions for:
-
from a third network device, locating a profile using profile data obtained from a client device, the profile containing data for identifying and for accessing a second network resource operating on a second network device; from the third network device, supplying the profile to the second network resource; at the third network device receiving temporary credentials for accessing the second network resource and generated according to the profile, the temporary credentials being provided from the second network resource; and from the third network device, providing a first network resource operating on a first network device with the temporary credentials so that the first network resource can provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A computer readable medium having instructions for:
-
from a first network device, instructing a client device to provide profile data to an identification service operating on a third network device, the identification service having access to one or more profiles used to access one or more data services, the profile data identifying a particular profile; from the third network device, locating the particular profile using the profile data obtained from the client device, the profile containing data for identifying and for accessing a data service operating on a second network device; from the second network device, generating temporary credentials for accessing the data service identified by the particular profile and providing the temporary credentials to the third network device; and at the first network device, obtaining the temporary credentials from the third network device and providing the data service with the temporary credentials to access and interact with the data service operating on a second network device on behalf of the client device. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A computer readable medium having instructions for generating, at a third network device, a profile interface having user accessible controls for creating a profile for locating and accessing a data service operating on a second network device;
-
from the third network device, creating a profile according to selections made through the profile interface, the profile containing data for identifying and accessing the data service; from the third network device, providing a client device with profile data identifying a created profile; receiving, at a first network device, a request to access an application; from the first network device, instructing a client device to send profile data; receiving the profile data at the third network device; from the third network device, retrieving a profile identified by the profile data; generating, at the second network device, temporary credentials for accessing a data service identified by the retrieved profile and providing the temporary credentials to the third network device; and at the first network device, obtaining the temporary credentials from the third network device and providing the data service with the temporary credentials to access and interact with the data service on behalf of the client device. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A system for providing a first network resource operating on a first network device with access to a second network resource operating on a second network device, comprising:
- an identification service operating on a third network device, the identification service in network communication with a credential module, the credential module operating on the second network device and operable to use a profile acquired by the identification service to generate temporary credentials for accessing the second network resource, the identification service being operable to receive profile data from a client device and to acquire a profile identified by the profile data, the credential module and the identification service, together being operable to provide the first network resource with the temporary credentials enabling the first network resource to provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device.
- View Dependent Claims (39, 40, 41, 42)
-
43. A system for accessing a data service operating on a second network device comprising:
-
an identification service, operating on a third network device, operable to receive profile data from a client device identifying a particular profile and to provide that profile, the profile to contain electronic data used to identify the data service; a credential module, operating on the second network device, operable to obtain the profile from the identification service, generate temporary credentials, and map those credentials to the data service identified by the profile and to provide the temporary credentials to the identification service; and an application server, operating on a first network device, operable to serve an interface containing instructions to send profile data to the identification service, to obtain the temporary credentials from the identification service, and to provide the data service with the temporary credentials to access and interact with the data service on behalf of the client device. - View Dependent Claims (44, 45, 46, 47)
-
-
48. A system for accessing a data service operating on a second network device, the system comprising:
-
an identification service operating on a third network device and operable to generate a profile interface having user accessible controls for creating a profile containing electronic data used to identify the data service, to create a profile using selections made through the profile interface, to issue instructions to store profile data used to access the created profile, to receive, from a client device, profile data identifying a particular profile, and to provide that profile; a credential module operable to obtain the profile from the identification service, generate temporary credentials, and map those credentials to the data service identified by the profile and to provide the temporary credentials to the identification service; and an application server operating on a first network device and operable to serve an application interface that includes instructions to send profile data to the identification service, to obtain the temporary credentials from the identification service, and to provide the data service with the temporary credentials to access and interact with the data service on behalf of the client device. - View Dependent Claims (49, 50, 51, 52)
-
Specification