Application registration, authorization, and verification

US 8,898,759 B2
Filed: 08/24/2010
Issued: 11/25/2014
Est. Priority Date: 08/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method performed by a server device, the method comprising:

storing, in a memory associated with the server device, registration information associated with a device application hosted by a user device, the registration information including context information associated with the user device and a first integrity code generated at a prior point in time as a result of a registration operation associated with the device application;

receiving, by the server device and from the device application, a request to receive a service, where the request includes at least two of;

information associated with a user of the user device, information associated with the user device, and information associated with the device application;

generating, by the server device and using a data integrity algorithm, a second integrity code based on at least one of the information associated with the user of the user device, the information associated with the user device, and the information associated with the device application;

comparing, by the server device, the second integrity code with the first integrity code stored in the memory;

retrieving, from the memory, the context information associated with the user device when the second integrity code matches the first integrity code, where the context information includes location information, associated with the user device, at the prior point in time;

comparing, by the server device, the location information, at the prior point in time, to location information, associated with the user device, at a current point in time; and

sending, to the device application, a notification that services may be received when the location information, at the prior point in time, matches the location information at the current point in time, wherein storing the registration information includes;

receiving, from the user device, a registration request that includes the information associated with the user device, the information associated with the user, and the information associated with the device application, wherein the information associated with the device application includes an identifier associated with the device application,comparing the identifier associated with the device application with identifiers associated with a plurality of trusted applications stored in the memory, wherein, when the identifier, associated with the device application, matches at least one identifier of the identifiers associated with the plurality of trusted applications;

generating, based on at least one of the information associated with the device application, the information associated with the user device, and the information associated with the user, the first integrity code using the data integrity algorithm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that includes a memory to store registration information for a particular application hosted by a particular user device, where the registration information includes context information regarding the particular user device and an integrity code based on credentials associated with the particular application. The system also includes a first server to receive, from a second server, a request to receive a service on behalf of a user device that hosts an application, the request including other credentials associated with the application; generate, using a data integrity algorithm, another integrity code based on the other credentials; determine that the application is trusted when the integrity code matches the other integrity code; compare other context information associated with the user device with the context information when the application is trusted; and send an instruction to the user device to re-register the application when the context information does not match the other context information.

Citations

20 Claims

1. A method performed by a server device, the method comprising:
- storing, in a memory associated with the server device, registration information associated with a device application hosted by a user device, the registration information including context information associated with the user device and a first integrity code generated at a prior point in time as a result of a registration operation associated with the device application;
  
  receiving, by the server device and from the device application, a request to receive a service, where the request includes at least two of;
  
  information associated with a user of the user device, information associated with the user device, and information associated with the device application;
  
  generating, by the server device and using a data integrity algorithm, a second integrity code based on at least one of the information associated with the user of the user device, the information associated with the user device, and the information associated with the device application;
  
  comparing, by the server device, the second integrity code with the first integrity code stored in the memory;
  
  retrieving, from the memory, the context information associated with the user device when the second integrity code matches the first integrity code, where the context information includes location information, associated with the user device, at the prior point in time;
  
  comparing, by the server device, the location information, at the prior point in time, to location information, associated with the user device, at a current point in time; and
  
  sending, to the device application, a notification that services may be received when the location information, at the prior point in time, matches the location information at the current point in time, wherein storing the registration information includes;
  
  receiving, from the user device, a registration request that includes the information associated with the user device, the information associated with the user, and the information associated with the device application, wherein the information associated with the device application includes an identifier associated with the device application,comparing the identifier associated with the device application with identifiers associated with a plurality of trusted applications stored in the memory, wherein, when the identifier, associated with the device application, matches at least one identifier of the identifiers associated with the plurality of trusted applications;
  
  generating, based on at least one of the information associated with the device application, the information associated with the user device, and the information associated with the user, the first integrity code using the data integrity algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the data integrity algorithm is a hash algorithm or a cryptographic algorithm.
  - 3. The method of claim 1, where storing the registration information further includes:
    - sending, to a further server device, the identifier associated with the device application, where the further server device provides a service that verifies device applications;
      
      receiving, from the further server device, a notification that the device application has been verified; and
      
      wherein generating the first integrity code comprises;
      
      generating the first integrity code in response to the notification that the device application has been verified.
  - 4. The method of claim 1, where before sending the notification that services may be received, the method further comprises:
    - retrieving, from the memory, policy information, associated with the server device, that indicates a manner in which the services are to be provided to the device application; and
      
      authorizing the device application to receive the services based on a determination that the services are to be sent in the manner indicated by the policy information.
  - 5. The method of claim 1, where comparing the location information at the prior point in time with location information at a current point in time includes:
    - querying the user device to obtain other context information associated with the user device, where the other context information includes the location information at the current point in time.
  - 6. The method of claim 1, where the registration information includes a time-to-live (TTL) value that includes a time after which the device application is to be re-registered, the method further comprising:
    - determining that the device application is not to be re-registered when a time at which the request is received is prior to the time after which the device application is to be re-registered.
  - 7. The method of claim 1, further comprising:
    - receiving, from another device application hosted by another user device, a request to receive the service, the request including at least one of information associated with a user of the other user device, information associated with the other user device, and information associated with the other device application;
      
      generating, using the data integrity algorithm, a third integrity code based on the at least one of the information associated with the user of the other user device, the information associated with the other user device, and the information associated with the other device application; and
      
      sending a notification to the other device application that access to the service is denied based on a determination that the third integrity code does not match a fourth integrity code generated at a previous point in time as a result of a registration operation associated with the other device application.

8. A server device comprising:
- a memory to store instructions; and
  
  a processor to execute the instructions to;
  
  store, in the memory, registration information associated with a device application hosted by a user device, the registration information including context information associated with the user device and a first integrity code generated at a prior point in time as a result of a registration operation associated with the device application;
  
  receive, from the device application, a request to receive a service, wherein the request includes at least two of;
  
  information associated with a user of the user device, information associated with the user device, and information associated with the device application;
  
  generate, by the server device and using a data integrity algorithm, a second integrity code based on at least one of the information associated with the user of the user device, the information associated with the user device, and the information associated with the device application;
  
  compare the second integrity code with the first integrity code stored in the memory;
  
  retrieve, from the memory, the context information associated with the user device when the second integrity code matches the first integrity code, wherein the context information includes location information, associated with the user device, at the prior point in time;
  
  compare the location information, associated with the user device, at the prior point in time, to location information, associated with the user device, at a current point in time; and
  
  send, to the device application, a notification that services may be received when the location information, at the prior point in time, matches the location information at the current point in time, wherein, when storing the registration information, the processor to further execute the instructions to;
  
  receive from the user device, a registration request that includes the information associated with the user device, the information associated with the user, and the information associated with the device application, wherein the information associated with the device application includes an identifier associated with the device application,send, to another server device, the identifier associated with the device application, wherein the other server device provides a service that verifies device applications,receive, from the other server device, a notification that the device application has been verified, and in response to the notification that the device application has been verified;
  
  generate, based on at least one of the information associated with the device application, the information associated with the user device, and the information associated with the user, the first integrity code using the data integrity algorithm.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The server device of claim 8, wherein the data integrity algorithm is a hash algorithm or a cryptographic algorithm.
  - 10. The server device of claim 8, wherein, when storing the registration information, the processor to further execute the instructions to:
    - compare the identifier associated with the device application with identifiers associated with a plurality of trusted applications stored in the memory; and
      
      generate the first integrity code, using the data integrity algorithm, when the identifier, associated with the device application, matches at least one identifier of the identifiers associated with the plurality of trusted applications.
  - 11. The server device of claim 8, wherein, before sending the notification that services may be received, the processor to further execute the instructions to:
    - retrieve, from the memory, policy information that indicates a manner in which the services are to be provided to the device application; and
      
      authorize the device application to receive the services based on a determination that the services are to be sent in the manner indicated by the policy information.
  - 12. The server device of claim 8, wherein, when comparing the location information at the prior point in time with location information at a current point in time, the processor to further execute the instructions to:
    - query the user device to obtain other context information associated with the user device, wherein the other context information includes the location information at the current point in time.
  - 13. The server device of claim 8, wherein the registration information includes a time-to-live (TTL) value that includes a time after which the device application is to be re-registered, the processor to further execute the instructions to:
    - determine that the device application is not to be re-registered when a time at which the request is received is prior to the time after which the device application is to be re-registered.
  - 14. The server device of claim 8, the processor to further execute the instructions to:
    - receive, from another device application hosted by another user device, a request to receive the service, the request including at least one of information associated with a user of the other user device, information associated with the other user device, and information associated with the other device application;
      
      generate, using the data integrity algorithm, a third integrity code based on the at least one of the information associated with the user of the other user device, the information associated with the other user device, and the information associated with the other device application; and
      
      send a notification to the other device application that access to the service is denied based on a determination that the third integrity code does not match a fourth integrity code generated at a previous point in time as a result of a registration operation associated with the other device application.

15. A non-transitory computer-readable storage medium storing instructions executable by at least one processing system of a server device, the instructions comprising instructions to:
- store, in a memory associated with the server device, registration information associated with a device application hosted by a user device, the registration information including context information associated with the user device and a first integrity code generated at a prior point in time as a result of a registration operation associated with the device application;
  
  receive, from the device application, a request to receive a service, wherein the request includes at least two of;
  
  information associated with a user of the user device, information associated with the user device, and information associated with the device application;
  
  generate, using a data integrity algorithm, a second integrity code based on at least one of the information associated with the user of the user device, the information associated with the user device, and the information associated with the device application;
  
  compare the second integrity code with the first integrity code stored in the memory;
  
  retrieve, from the memory, the context information associated with the user device when the second integrity code matches the first integrity code, wherein the context information includes location information, associated with the user device, at the prior point in time;
  
  compare the location information, at the prior point in time, to location information, associated with the user device, at a current point in time;
  
  send, to the device application, a notification that services may be received when the location information, at the prior point in time, matches the location information at the current point in time;
  
  receive, from another device application hosted by another user device, a request to receive the service, the request including at least one of information associated with a user of the other user device, information associated with the other user device, and information associated with the other device application;
  
  generate, using the data integrity algorithm, a third integrity code based on the at least one of the information associated with the user of the other user device, the information associated with the other user device, and the information associated with the other device application; and
  
  send a notification to the other device application that access to the service is denied based on a determination that the third integrity code does not match a fourth integrity code generated at a previous point in time as a result of a registration operation associated with the other device application, wherein, when storing the registration information, the instructions further comprise instructions to;
  
  receive, from the user device, a registration request that includes the information associated with the user device, the information associated with the user, and the information associated with the device application, wherein the information associated with the device application includes an identifier associated with the device application;
  
  compare the identifier associated with the device application with identifiers associated with a plurality of trusted applications stored in the memory; and
  
  generate the first integrity code, using the data integrity algorithm, when the identifier, associated with the device application, matches at least one identifier of the identifiers associated with the plurality of trusted applications,wherein the first integrity code is based on at least one of the information associated with the device application, the information associated with the user device and the information associated with the user.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the data integrity algorithm is a hash algorithm or a cryptographic algorithm.
  - 17. The non-transitory computer-readable medium of claim 15, wherein, before sending the notification that services may be received, the instructions to execute further comprise instructions to:
    - retrieve, from the memory, policy information, associated with the server device, that indicates a manner in which the services are to be provided to the device application; and
      
      authorize the device application to receive the services based on a determination that the services are to be sent in the manner indicated by the policy information.
  - 18. The non-transitory computer-readable medium of claim 15, wherein, when comparing the location information at the prior point in time with location information at a current point in time, the instructions to execute further comprise instructions to:
    - query the user device to obtain other context information associated with the user device, wherein the other context information includes the location information at the current point in time.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the registration information includes a time-to-live (TTL) value that includes a time after which the device application is to be re-registered, the instructions to execute further comprise instructions to:
    - determine that the device application is not to be re-registered when a time at which the request is received is prior to the time after which the device application is to be re-registered.
  - 20. The non-transitory computer-readable medium of claim 15, wherein, when storing the registration information, the instructions to execute further comprise instructions to:
    - send, to a further server device, the identifier associated with the device application, wherein the further server device provides a service that verifies device applications;
      
      receive, from the further server device, a notification that the device application has been verified; and
      
      generate the first integrity code, in response to the notification that the device application has been verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Schultz, Paul T., Hahn, Mark J., Sartini, Robert A.
Primary Examiner(s)
Eskandarnia, Arvin

Application Number

US12/861,981
Publication Number

US 20120054841A1
Time in Patent Office

1,554 Days
Field of Search

726/6
US Class Current

726/6
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/51   at application loading time...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2115   Third party

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

Application registration, authorization, and verification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Application registration, authorization, and verification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links