Flexible authentication and authorization mechanism
First Claim
1. In a computer system configured to authenticate services on a push notification framework (PNF), a method comprising:
- receiving, by a PNF server, a request from one or more servers implementing a service to connect with the PNF to authenticate the service;
providing, by the PNF server, to the service an authenticated mode on the PNF, the authenticated mode requiring registration of the service with the PNF;
providing, by the PNF server, to the service an unauthenticated mode on the PNF, the unauthenticated mode allowing unregistered use of the PNF;
receiving, by the PNF server, identifying information provided by the service, wherein the identifying information comprises a certificate for the service;
selecting, by the PNF server, between the authenticated mode and the unauthenticated mode for the service based on the identifying information provided by the service; and
based at least in part on the selected mode, providing, by the PNF server, subscription information to the service that permits the service to send push notifications to one or more client devices over a network,wherein;
an authenticated service communicates with the PNF server via a secure data transmission protocol and its authorization is controlled by the PNF server, andan unauthenticated service communicates with the PNF server via an un-secured data transmission protocol and is regulated by the PNF server by throttling notification flow from the service.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques and tools for flexible authentication and authorization of services on a push framework. For example, a push notification framework allows services (social networking web services, etc.) to use either an authenticated access mode or an unauthenticated access mode, in order to push information to client devices (e.g., mobile devices). In the authenticated mode, the push framework requires registration of the service with the push framework before allowing the service to push notifications to client devices. Different authenticated modes are provided for third-party and first-party services. In the unauthenticated mode, registration is not required, but notifications are throttled, thereby limiting risk of abuse by unauthenticated services. This allows flexibility for services that use the push framework.
48 Citations
19 Claims
-
1. In a computer system configured to authenticate services on a push notification framework (PNF), a method comprising:
-
receiving, by a PNF server, a request from one or more servers implementing a service to connect with the PNF to authenticate the service; providing, by the PNF server, to the service an authenticated mode on the PNF, the authenticated mode requiring registration of the service with the PNF; providing, by the PNF server, to the service an unauthenticated mode on the PNF, the unauthenticated mode allowing unregistered use of the PNF; receiving, by the PNF server, identifying information provided by the service, wherein the identifying information comprises a certificate for the service; selecting, by the PNF server, between the authenticated mode and the unauthenticated mode for the service based on the identifying information provided by the service; and based at least in part on the selected mode, providing, by the PNF server, subscription information to the service that permits the service to send push notifications to one or more client devices over a network, wherein; an authenticated service communicates with the PNF server via a secure data transmission protocol and its authorization is controlled by the PNF server, and an unauthenticated service communicates with the PNF server via an un-secured data transmission protocol and is regulated by the PNF server by throttling notification flow from the service. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a computer system configured to authenticate services on a push notification framework (PNF), a method comprising:
-
receiving, by a PNF server, subscription request information from a client device, the subscription request information identifying a service operable to send push notifications over a network to the client device, the service being implemented on one or more servers; based at least in part on the subscription request information, selecting, by the PNF server, between an unauthenticated communication mode and one or more authenticated communication modes for the service on the PNF, the authenticated mode requiring registration of the service with the PNF and the unauthenticated mode allowing unregistered use of the PNF; and providing, by the PNF server, a subscription token to the client device, the subscription token comprising endpoint information corresponding to the selected communication mode; wherein the endpoint information facilitates sending of push notifications from the service to the client device via the PNF; wherein the one or more authenticated communication modes for the service are authenticated on the PNF based on identifying information provided by the service, the identifying information comprising a certificate for the service; wherein an authenticated service communicates with the PNF server via a secure data transmission protocol and its authorization is controlled by the PNF server, and wherein an unauthenticated service communicates with the PNF server via an un-secured data transmission protocol and is regulated by the PNF server by throttling notification flow from the service. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. In a computer system configured to authenticate services on a push notification framework (PNF), a method comprising:
-
receiving, by a PNF server, a request from a service operable to send push notifications to one or more mobile client devices via the PNF server to connect with the PNF server to authenticate the service, the service being implemented on one or more servers; receiving, by the PNF server, a push notification message from the service; determining, by the PNF server, whether the service is an authenticated service or an unauthenticated service based on identifying information provided by the service, wherein the identifying information comprises a certificate for the service; for an authenticated service, determining, by the PNF server, whether the service is a first-party service or a third-party service; selecting, by the PNF server, between an unauthenticated communication mode, an authenticated third-party communication mode, and an authenticated first-party communication mode based on the determining, the authenticated modes requiring registration of the service with the PNF and the unauthenticated mode allowing unregistered use of the PNF; and based at least in part on the selected communication mode, determining, by the PNF server, whether to throttle push notifications from the service, wherein; an authenticated service communicates with the PNF server via a secure data transmission protocol and its authorization is controlled by the PNF server, and an unauthenticated service communicates with the PNF server via an un-secured data transmission protocol and is regulated by the PNF server by throttling notification flow from the service. - View Dependent Claims (17, 18, 19)
-
Specification