Timestamp-based token revocation

US 8,955,084 B2
Filed: 11/10/2011
Issued: 02/10/2015
Est. Priority Date: 11/10/2011
Status: Active Grant

First Claim

Patent Images

1. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the method including:

receiving, at a processor, an indication of a token revocation command event, the token revocation command event resulting from interaction with an application executed on the target device;

responsive to the receiving the indication, storing, in a memory, a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;

receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and

in response to determining, at the processor, that the token issue timestamp temporally precedes the revocation timestamp, denying the communication request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token used when a first device authenticates itself to a third device may be associated with a token issue timestamp. Upon receipt of an indication that all previously issued tokens are to be revoked, a second device may store a revocation timestamp. Upon receiving, from the second device, a request for establishing conditions for a file transfer, from the first device, and an indication of a token issue timestamp associated with the request, the second device may compare the token issue timestamp to the revocation timestamp. Responsive to determining, based on the comparing, that the token issue timestamp precedes the revocation timestamp, the second device may deny the request.

47 Citations

View as Search Results

16 Claims

1. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the method including:
- receiving, at a processor, an indication of a token revocation command event, the token revocation command event resulting from interaction with an application executed on the target device;
  
  responsive to the receiving the indication, storing, in a memory, a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;
  
  receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and
  
  in response to determining, at the processor, that the token issue timestamp temporally precedes the revocation timestamp, denying the communication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the denying the communication request comprises transmitting, to the server device, an indication that the token issue timestamp precedes the revocation timestamp.
  - 3. The method of claim 1 wherein the communication request relates to a transfer of a file to the target device.
  - 4. The method of claim 1 wherein the communication request relates to streaming video to the target device.
  - 5. The method of claim 1 wherein the communication request relates to streaming audio to the target device.
  - 6. The method of claim 1 wherein the communication request relates to streaming text to the target device.
  - 7. The method of claim 1 wherein the communication request relates to video conferencing.
  - 8. The method of claim 1 wherein the communication request relates to instant messaging.
  - 9. The method of claim 1 wherein the communication request relates to receiving media from the target device.
  - 10. The method of claim 9 wherein the media comprises audio.
  - 11. The method of claim 9 wherein the media comprises video.
  - 12. The method of claim 9 wherein the media comprises text.

13. A target device comprising:
- a processor adapted to;
  
  execute an application;
  
  receive an indication of a token revocation command event, the token revocation command event resulting from interaction with the application;
  
  store a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;
  
  receive a communication request from a server device, the communication request representative of an invitation to allow, at the target device, interaction between an origin device and the target device, the communication request referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and
  
  in response to determining that the token issue timestamp temporally precedes the revocation timestamp, deny the communication request.

14. A non-transitory computer readable device containing computer-executable instructions that,when performed by a processor, cause the processor to:
- execute an application;
  
  receive an indication of a token revocation command event, the token revocation command event resulting from interaction with the application;
  
  store a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;
  
  receive a communication request from a server device, the communication request representative of an invitation to allow, at the target device, interaction between an origin device; and
  
  the target device, the communication request referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and
  
  in response to determining that the token issue timestamp temporally precedes the revocation timestamp, deny the communication request.

15. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the method including:
- receiving, at a processor, an indication of a token revocation command event, the token revocation command event resulting from interaction with an application executed on the target device;
  
  responsive to the receiving the indication, storing, in a memory, a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;
  
  receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and
  
  in response to determining, at the processor, that the revocation timestamp temporally precedes the token issue timestamp, allowing the communication request.

16. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated second token that has been generated by a server device in response to a token request from the origin device, the generated second token having been transmitted from the server device to the origin device, the method including:
- receiving, at a processor, an indication of a token revocation command event for a first token, the token revocation command event resulting from interaction with an application executed on the target device;
  
  responsive to the receiving the indication, storing, in a memory, a revocation timestamp for the first token, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;
  
  receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated second token, wherein the communication request originates from the origin device and is transmitted to the server device with a received second token, which has been verified, at the server device, as being the same as the generated second token; and
  
  in response to determining, at the processor, that a revocation timestamp for the generated second token has not been stored by the target device, allowing the communication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Gammon, Scott Peter, McGregor, John Andrew, Do, Tu Dien
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US13/293,634
Publication Number

US 20130125228A1
Time in Patent Office

1,188 Days
Field of Search

726/6, 726/9, 726/10, 713/158
US Class Current

726/9
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 67/06   specially adapted for file ...

H04L 9/0891   Revocation or update of sec...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3297   involving time stamps, e.g....

Timestamp-based token revocation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Timestamp-based token revocation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links