Web authorization with reduced user interaction

US 8,793,509 B1
Filed: 02/12/2008
Issued: 07/29/2014
Est. Priority Date: 02/12/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at a computer system, a request from a web browser for a token that authorizes a third party server to access a user'"'"'s data stored by a content provider server;

identifying, using the computing system and from a plurality of available scopes of authorization stored on the computing system, a first scope of authorization that is specified by the token and that indicates a portion of the user'"'"'s data that a third party server is permitted to access, wherein the first scope of authorization indicates part of the user'"'"'s data but less than all of the user'"'"'s data;

identifying a previously-issued token;

identifying a second scope of authorization from the plurality of scopes of authorization, the second scope of authorization specified by the previously-issued token;

comparing, using the computer system, the first scope of authorization to the second scope of authorization; and

transmitting the token in response to the received request based on a determination that the first scope of authorization is determined to be a subset of the second scope of authorization.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject matter of this specification can be embodied in, among other things, a method that includes receiving, from a web browser, a request for a token that authorizes a third party server to access a user'"'"'s data stored by a content provider server. The token specifies a first scope of authorization that indicates a portion of the user'"'"'s data that the third party server is permitted to access. The method also includes determining if the first scope is substantially the same as or a subset of a second scope of a previously issued token and transmitting the token in response to the received request if the first scope is determined to be substantially the same as or a subset of the second scope.

Citations

25 Claims

1. A computer-implemented method comprising:
- receiving, at a computer system, a request from a web browser for a token that authorizes a third party server to access a user'"'"'s data stored by a content provider server;
  
  identifying, using the computing system and from a plurality of available scopes of authorization stored on the computing system, a first scope of authorization that is specified by the token and that indicates a portion of the user'"'"'s data that a third party server is permitted to access, wherein the first scope of authorization indicates part of the user'"'"'s data but less than all of the user'"'"'s data;
  
  identifying a previously-issued token;
  
  identifying a second scope of authorization from the plurality of scopes of authorization, the second scope of authorization specified by the previously-issued token;
  
  comparing, using the computer system, the first scope of authorization to the second scope of authorization; and
  
  transmitting the token in response to the received request based on a determination that the first scope of authorization is determined to be a subset of the second scope of authorization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The computer-implemented method of claim 1, wherein determining if the first scope is the same as or a subset of the second scope comprises determining if the portion of the user'"'"'s data specified by the first scope is the same as or a subset of a second portion of the user'"'"'s data specified by the previously issued token.
  - 3. The computer-implemented method of claim 1, wherein the first scope further indicates activities that the third party server is permitted to perform in association with the indicated portion of the user'"'"'s data.
  - 4. The computer-implemented method of claim 3, wherein determining if the first scope is the same as or a subset of the second scope comprises determining whether the activities specified by the first scope are the same as or a subset of activities previously authorized by the second scope.
  - 5. The computer-implemented method of claim 1, wherein the web browser requesting the token is different from a second web browser that received the previously issued token.
  - 6. The computer-implemented method of claim 1, further prompting a user of the web browser to approve the first scope of the token if the first scope is not the same as or a subset of the second scope.
  - 7. The computer-implemented method of claim 6, wherein prompting the user to approve the first scope comprises presenting the user with information associated with the third party server, the portion of the user'"'"'s data to be accessed, activities to be performed on the portion of the user'"'"'s data, or a combination thereof.
  - 8. The computer-implemented method of claim 1, further comprising issuing a new token if the first scope is not the same as or a subset of the second scope and if a user authorizes the first scope.
  - 9. The computer-implemented method of claim 8, further comprising determining that the user has not exceeded a predetermined amount of allowed tokens before issuing the new token.
  - 10. The computer-implemented method of claim 1, wherein tokens comprise web browser cookies.
  - 11. The computer-implemented method of claim 1, wherein the token comprises the previously issued token.
  - 12. The computer-implemented method of claim 11, further comprising obfuscating the previously issued token.
  - 13. The computer-implemented method of claim 12, wherein obfuscating comprises hashing information associated with the previously issued token using a randomly generated number.
  - 14. The computer-implemented method of claim 11, further comprising receiving permission from a user to allow previously issued tokens to be reissued in response to requests for tokens.
  - 15. The computer-implemented method of claim 1, wherein an authorizing server receives the request for the token.
  - 16. The computer-implemented method of claim 15, wherein the content provider server comprises the authorizing server.
  - 17. The computer-implemented method of claim 1, wherein the third party server hosts mashup applications or hypertext markup language (HTML) and JavaScript mini-applications served in iFrames that access the user'"'"'s data.
  - 18. The computer-implemented method of claim 1, further comprising determining if the first scope is the same as or a subset of a combination of the second scope with one or more additional scopes of one or more additional previously issued tokens.
  - 19. The computer-implemented method of claim 18, wherein transmitting the token comprises transmitting the previously issued token or the one or more additional previously issued tokens in response to the request for the token.
  - 20. The computer-implemented method of claim 18, further comprising reformatting the previously issued token or the one or more additional previously issued tokens into a single cookie.
  - 21. The computer-implemented method of claim 1, wherein the third party server prompts the web browser to transmit the request for the token.
  - 22. The computer-implemented method of claim 1, further comprising determining if a user has previously authorized issuance of tokens to the third party server a predetermined number of times.
  - 23. The computer-implemented method of claim 22, further comprising transmitting the token in response to the received request if the user previously authorized the third party server the predetermined number of times regardless of the first scope associated with the token.
  - 24. The computer-implemented method of claim 1, further comprising receiving a request from a user to revoke or reauthorize a permission to transmit the token in response to the received request if the first scope is determined to be the same as or a subset of the second scope.

25. A system comprising:
- a computer interface to receive from a web browser a request for a token that authorizes a third party to access a user'"'"'s data, wherein the computer interface identifies a first scope of authorization from a plurality of scopes of authorization stored on the computing system, the first scope of authorization being specified by the token and indicating a portion of the user'"'"'s data that a third party server is permitted to access, wherein the first scope of authorization indicates part of the user'"'"'s data but less than all of the user'"'"'s data, and wherein the computer identifies a previously-issued token and a second scope of authorization from a plurality of authorization scopes, the second scope of authorization specified by the previously-issued token;
  
  means for comparing the first scope of authorization to the second scope of authorization; and
  
  a token issuer to transmit the token in response to the received request based on a determination that the first scope of authorization is determined to be equal to or less than the second scope of authorization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Nelson, Jeffrey, Sheth, Shyam, Yang, Jun, Sergent, Jonathan S., Stahl, Mark B.
Primary Examiner(s)
Reza, Mohammad W
Assistant Examiner(s)
RAHIM, MONJUR

Application Number

US12/030,095
Time in Patent Office

2,359 Days
Field of Search

713/170, 713/193
US Class Current

713/193
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

Web authorization with reduced user interaction

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Web authorization with reduced user interaction

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links