Usage based authorization

US 8,479,265 B2
Filed: 07/02/2008
Issued: 07/02/2013
Est. Priority Date: 07/02/2008
Status: Active Grant

First Claim

Patent Images

1. A method of authorizing a request for a resource based on a context of the request, the method comprising:

receiving at an authorization system the request from a requestor;

requesting by the authorization system context information describing the context of the request;

receiving at the authorization system the context information in response to the request, the context information including information identifying an intended use of the resource by the requestor if the request is authorized and wherein the intended use of the resource is not indicated by the request;

identifying by the authorization system the context of the request based on the received context information including the information identifying the intended use of the resource; and

determining by the authorization system whether to authorize the request based on the context of the request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide systems and methods for authorizing a request to access a resource based on a context of the request. According to one embodiment, a method of authorizing a request for a resource based on a context of the request can comprise receiving the request from a requester, identifying the context of the request, and determining whether to authorize the request based on the context of the request. In some cases, the request can include context information describing the context of the request. In such cases, identifying the context can be based at least in part on the context information from the request. Additionally or alternatively, context information describing the context can be requested and received in response to the request. In such a case, identifying the context can be based at least in part on the received context information.

Citations

27 Claims

1. A method of authorizing a request for a resource based on a context of the request, the method comprising:
- receiving at an authorization system the request from a requestor;
  
  requesting by the authorization system context information describing the context of the request;
  
  receiving at the authorization system the context information in response to the request, the context information including information identifying an intended use of the resource by the requestor if the request is authorized and wherein the intended use of the resource is not indicated by the request;
  
  identifying by the authorization system the context of the request based on the received context information including the information identifying the intended use of the resource; and
  
  determining by the authorization system whether to authorize the request based on the context of the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein requesting the context information comprises requesting the context information from the requestor.
  - 3. The method of claim 1, wherein requesting the context information comprises requesting the context information from an entity other than the requestor.
  - 4. The method of claim 1, wherein determining whether to authorize the request comprises applying one or more policies to the request and the context of the request.
  - 5. The method of claim 4, wherein determining whether to authorize the request further comprises delegating at least a part of the determination.
  - 6. The method of claim 1, further comprising, in response to determining to authorize the request, passing the request to the resource.
  - 7. The method of claim 1, further comprising, in response to determining to authorize the request, returning a response to the requestor indicating authorization.
  - 8. The method of claim 7, wherein authorization is conditioned on the context of the request.
  - 9. The method of claim 7, wherein the response includes information indicating authorization.
  - 10. The method of claim 9, wherein the information indicating authorization comprises a token for accessing the resource.
  - 11. The method of claim 1, further comprising, in response to determining to authorize the request, performing an action indicated by the request on behalf of the requestor.

12. An authorization system comprising:
- a processor; and
  
  a memory communicatively coupled with and readable by the processor and having stored therein a sequence of instructions which, when executed by the processor, cause the processor to receive a request from a requestor, request context information describing the context of the request, receive the context information in response to the request, the context information including information identifying an intended use of the resource by the requestor if the request is authorized and wherein the intended use of the resource is not indicated by the request, identify a context of the request based on the received context information including the information identifying the intended use of the resource, and determine whether to authorize the request based on the context of the request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein requesting the context information comprises requesting the context information from the requestor.
  - 14. The system of claim 12, wherein requesting the context information comprises requesting the context information from an entity other than the requestor.
  - 15. The system of claim 12, wherein the authorization system determines whether to authorize the request by applying one or more policies to the request and the context of the request.
  - 16. The system of claim 15, wherein the authorization system determines whether to authorize the request further by delegating at least a part of the determination.
  - 17. The system of claim 12, wherein the authorization system, in response to determining to authorize the request, passes the request to the resource.
  - 18. The system of claim 12, wherein the authorization system, in response to determining to authorize the request, returns a response to the requestor indicating authorization.
  - 19. The system of claim 18, wherein authorization is conditioned on the context of the request.
  - 20. The system of claim 18, wherein the response includes information indicating authorization.
  - 21. The system of claim 20, wherein the information indicating authorization comprises a token for accessing the resource.
  - 22. The system of claim 12, wherein the authorization system is further adapted to performing an action indicated by the request on behalf of the requestor in response to determining to authorize the request.

23. A machine-readable memory having stored thereon a series of instructions which, when executed by a processor, cause the processor to authorize a request for a resource based on a context of the request by:
- receiving the request from a requestor;
  
  requesting context information describing the context of the request;
  
  receiving the context information in response to the request, the context information including information identifying an intended use of the resource by the requestor if the request is authorized and wherein the intended use of the resource is not indicated by the request;
  
  identifying the context of the request based on the received context information including the information identifying the intended use of the resource; and
  
  determining whether to authorize the request based on the context of the request.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The machine-readable memory of claim 23, further comprising, in response to determining to authorize the request, passing the request to the resource.
  - 25. The machine-readable memory of claim 23, further comprising, in response to determining to authorize the request, returning a response to the requestor indicating authorization.
  - 26. The machine-readable memory of claim 25, wherein the response includes information indicating authorization.
  - 27. The machine-readable memory of claim 23, further comprising, in response to determining to authorize the request, performing an action indicated by the request on behalf of the requestor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maes, Stephane H.
Primary Examiner(s)
ZECHER, CORDELIA P K

Application Number

US12/166,535
Publication Number

US 20100005511A1
Time in Patent Office

1,826 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Usage based authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Usage based authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links