Transferable restricted security tokens

US 8,332,922 B2
Filed: 08/31/2007
Issued: 12/11/2012
Est. Priority Date: 08/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method to be executed at least in part in a computing device for securely handling third party requests for access to user data in a web-based service environment, comprising:

receiving a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based service;

extracting a ticket and a claim from the request, wherein the ticket includes an expiration parameter, a restriction role and a key indicator, the restriction role defined to grant permissions specifying a local scope and a scope of a current business unit, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period;

verifying that the ticket has not expired;

loading at least one user role associated with the ticket;

authenticating the ticket by employing a Hash Message Authentication Code (HMAC);

adding a bit to the HMAC of the ticket;

in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associated with the web-based service to restrict the ticket to read-only actions;

determining an access restriction for the request based on intersecting the restriction role and the at least one user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit to prevent an elevation of the restriction role for the connecting user, the restriction role being added, changed and removed independently of tickets that have already been granted; and

enabling the third party provider to access the user data based on the determined access restriction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a web-based service environment, third party providers need to have varying degrees of access to user data for their complementary services. To prevent third party providers from having broader access than necessary or not adequate levels of access, transferable restricted security tickets are employed to determine an appropriate level of access for third parties. Tickets with expiration and restriction roles define a duration and level of access for a third party. The restrictions are determined through an intersection of the authorizing user'"'"'s security role and restriction roles defined in the system.

92 Citations

View as Search Results

15 Claims

1. A method to be executed at least in part in a computing device for securely handling third party requests for access to user data in a web-based service environment, comprising:
- receiving a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based service;
  
  extracting a ticket and a claim from the request, wherein the ticket includes an expiration parameter, a restriction role and a key indicator, the restriction role defined to grant permissions specifying a local scope and a scope of a current business unit, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period;
  
  verifying that the ticket has not expired;
  
  loading at least one user role associated with the ticket;
  
  authenticating the ticket by employing a Hash Message Authentication Code (HMAC);
  
  adding a bit to the HMAC of the ticket;
  
  in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associated with the web-based service to restrict the ticket to read-only actions;
  
  determining an access restriction for the request based on intersecting the restriction role and the at least one user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit to prevent an elevation of the restriction role for the connecting user, the restriction role being added, changed and removed independently of tickets that have already been granted; and
  
  enabling the third party provider to access the user data based on the determined access restriction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the ticket is associated with a domain name of the third party provider.
  - 3. The method of claim 1, wherein the ticket is authenticated employing a digital signature.
  - 4. The method of claim 3, wherein the claim is verified using the digital signature.
  - 5. The method of claim 1, wherein the ticket further includes an organization identifier, the organization identifier utilized to prevent at least one cross-organization attack in which a same user identification in the HMAC is reused.
  - 6. The method of claim 1, wherein the ticket further includes a repetition parameter that defines how many times the ticket may be used to access the user data.
  - 7. The method of claim 1, wherein intersecting the restriction role and the at least one user role includes selecting a stricter one of the restrictions defined in the roles.
  - 8. The method of claim 1, further comprising:
    - applying a predefined rule in addition to selecting the stricter one of the restrictions defined in the roles.

9. A system for securely handling third party requests for access to user data in a web-based CRM service environment, comprising:
- at least one CRM web server configured to;
  
  receive a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based CRM service;
  
  extract a ticket from the request, wherein the ticket is associated with a domain name of the third party provider and includes an expiration parameter, and a restriction parameter and a key indicator, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period;
  
  verify that the ticket has not expired;
  
  retrieve a list of restriction roles from the ticket, the restriction roles defined to grant permissions specifying a local scope and a scope of a current business unit;
  
  load a user role associated with the sub-process;
  
  authenticate the ticket by employing a Hash Message Authentication Code (HMAC);
  
  add a bit to the HMAC of the ticket;
  
  in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associated with the web-based service to restrict the ticket to read-only actions; and
  
  determine an access restriction for the request based on intersecting the restriction roles and the user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit, to prevent an elevation of the restriction roles for the connecting user, the restriction roles being added, changed and removed independently of tickets that have already been granted; and
  
  enable the third party provider to access the user data based on the determined access restriction.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein each restriction role and the user role are include a privilege depth defining an access permission level for the user data, and the access restriction is determined by selecting the stricter of the privilege depths of the intersected roles.
  - 11. The system of claim 9, wherein the CRM web server is further configured to provide a Graphical User Interface (GUI) for configuring the privilege depths of the restriction roles and the user role.
  - 12. The system of claim 9, wherein a restrictions assigned to a user role associated with the sub-process are defined based on a hierarchical structure of a client organization of the web-based CRM service.

13. A computer-readable storage device with instructions stored thereon which, when executed by a computing device, perform a method for securely handling third party requests for access to user data in a web-based service environment, the method comprising:
- receiving a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based service;
  
  extracting a ticket and a claim from the request, wherein the ticket is associated with a domain name of the third party provider and includes an expiration parameter, a restriction role, a Hash Message Authentication Code (HMAC), a repetition parameter, a key indicator and an organization identifier, the restriction role defined to grant permissions specifying a local scope and a scope of a current business unit, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period, the organization identifier utilized to prevent at least one cross-organization attack in which a same user identification in the HMAC is reused;
  
  authenticating the ticket employing the (HMAC);
  
  adding a bit to the HMAC of the ticket;
  
  in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associate with the web-based service to restrict the ticket to read-only actions;
  
  verifying that the ticket has not expired;
  
  loading at least one user role associated with the ticket;
  
  determining an access restriction for the request based on intersecting the restriction role and the at least one user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit to prevent an elevation of the restriction role for the connecting use, the restriction role being added, changed and removed independently of tickets that have already been granted; and
  
  enabling the third party provider to access the user data based on the determined access restriction.
- View Dependent Claims (14, 15)
- - 14. The computer-readable storage device of claim 13, wherein intersecting the restriction role and the at least one user role includes selecting a stricter one of the restrictions defined in the roles and applying a predefined rule.
  - 15. The computer-readable storage device of claim 13, wherein the access includes at least one from a set of:
    - creating a new record, deleting an existing record, modifying an existing record, updating an existing record, retrieving operational parameters associated with executing the sub-process, and modifying a schema associated with the user data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dickinson, Richard L., Martinez, Edward A., Pouzin, Dominic J., Grewal, Jasjit S., Ott, Michael J.
Primary Examiner(s)
Popham, Jeffrey D
Assistant Examiner(s)
SHAW, BRIAN F

Application Number

US11/848,464
Publication Number

US 20090064303A1
Time in Patent Office

1,929 Days
Field of Search

726/10, 709/228, 709/209, 709/206, 713/157, 713/171, 713/201, 345/744, 380/280
US Class Current

726/10
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 20/045   using payment protocols inv...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

Transferable restricted security tokens

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Transferable restricted security tokens

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links