Service provider invocation

US 8,429,726 B2
Filed: 08/29/2011
Issued: 04/23/2013
Est. Priority Date: 04/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first service request at a server of a service provider, the first service request including a security token;

determining, with the server, whether the security token is valid for all service requests;

if the security token is valid, generating a first service response including a session security token, wherein the session security token is substantially smaller than the security token;

receiving a second service request at the server of the service provider, the second service request including the session security token;

determining, with the server, whether the session security token is valid; and

if the session security token is valid, generating a second service response.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.

33 Citations

View as Search Results

21 Claims

1. A method comprising:
- receiving a first service request at a server of a service provider, the first service request including a security token;
  
  determining, with the server, whether the security token is valid for all service requests;
  
  if the security token is valid, generating a first service response including a session security token, wherein the session security token is substantially smaller than the security token;
  
  receiving a second service request at the server of the service provider, the second service request including the session security token;
  
  determining, with the server, whether the session security token is valid; and
  
  if the session security token is valid, generating a second service response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein generating the first service response comprises:
    - determining whether the session security token should be generated; and
      
      if the session security token should be generated, generating the session security token.
  - 3. The method of claim 1, wherein the second service response comprises a message with a header, the header specifying that future service requests should be sent to a different server.
  - 4. The method of claim 1, further comprising:
    - determining, after the first service response including the session security token has been generated, whether the security token has become invalid; and
      
      if the security token has become invalid, revoking the session security token.
  - 5. The method of claim 1, further comprising:
    - determining whether the session security token has become invalid; and
      
      if the session security token has become invalid, revoking the session security token.
  - 6. The method of claim 1, further comprising:
    - determining whether a request to update the session security token has been received; and
      
      if the request to update the session security token has been received, validating the request and modifying a validity period of the session security token if the request is valid.
  - 7. The method of claim 1, further comprising:
    - receiving a third service request at the service provider, the third service request including the session security token;
      
      determining whether the session security token is valid; and
      
      if the session security token is valid, generating a third service response including a second session security token;
      
      wherein the second session security token is used in providing the third service response to the third service request concurrently with the session security token being used to provide the second service response.
  - 8. The method of claim 1, wherein the requests and responses are expressed in a self-describing protocol.
  - 9. The method of claim 8, wherein the protocol comprises the Simple Object Access Protocol.
  - 10. The method of claim 8, wherein:
    - the security token is received in a first request header type; and
      
      the session security token is received in a second request header type.
  - 11. The method of claim 1, wherein:
    - the first service request comprises a data service request;
      
      the service provider comprises a data service provider; and
      
      the session security token comprises a data session security token.
  - 12. The method of claim 1, further comprising updating the session security token if the session security token has not expired.
  - 13. The method of claim 1, wherein the security token is generated by a service infrastructure for the service provider.
  - 14. The method of claim 13, wherein the service infrastructure is configured to:
    - determine the availability of one or more service providers; and
      
      determine security tokens for the available service providers.
  - 15. The method of claim 1, wherein the security token comprises an externally-generated security token and the session security token comprises a self-determined security token.
  - 16. The method of claim 15, further comprising:
    - substituting an externally-generated security token of the security token with the self-determined security token such that a third service request utilizes the self-determined token;
      
      receiving the third service request at the server of the service provider;
      
      determining if the third service request is valid; and
      
      upon determining that the third service request is valid, generating a third service response.
  - 17. The method of claim 16, further comprising updating the self-determined security token at the service provider.

18. A comprising:
- receiving a service discovery request at a first server of a service infrastructure for a plurality of service providers;
  
  determining, with the first server of the service infrastructure, the availability of one or more service providers;
  
  determining, with the first server of the service infrastructure, security tokens for available service providers;
  
  generating, with the first server, a response at the service infrastructure, the response including security tokens for available services;
  
  receiving a first service request at a second server of a service provider associated with the service infrastructure, the service provider configured to provide a data delivery service, and the first service request including the security token associated with the service provider;
  
  determining, with the second server of the service provider, whether the security token is valid for all service requests;
  
  if the security token is valid, generating a first service response including the session security token, wherein the session security token is substantially smaller than the security token;
  
  receiving a second service request at the second server of the service provider, the second service request including the session security token;
  
  determining, with the second server of the service provider, whether the session security token is valid; and
  
  if the session security token is valid, generating a second service response at the service provider.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, further comprising:
    - determining whether a request to update the session security token has been received; and
      
      if a request to update the session security token has been received, validating the request and modifying a validity period of the session security token if the request is valid.
  - 20. The method of claim 18, further comprising:
    - receiving a third service request at the service provider, the third service request including the session security token;
      
      determining whether the session security token is valid; and
      
      if the session security token is valid, generating a second session security token and generating a third service response including the second session security token;
      
      wherein the second session security token is used in providing the third service response concurrently with the session security token being used to provide the second service response.
  - 21. The method of claim 18, further comprising:
    - determining whether the security token has become invalid after the first service response including the session security token has been generated; and
      
      if the security token has become invalid, revoking the session security token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Cahill, Conor P
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Ho, Virginia T

Application Number

US13/219,938
Publication Number

US 20120060025A1
Time in Patent Office

603 Days
Field of Search

726/5, 726/7, 726/9, 726/10, 713/155, 713/156, 713/159
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 65/1066   Session management

H04L 65/1104   Session initiation protocol...

Service provider invocation

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Service provider invocation

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links