Timestamp-based token revocation
First Claim
1. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the method including:
- receiving, at a processor, an indication of a token revocation command event, the token revocation command event resulting from interaction with an application executed on the target device;
responsive to the receiving the indication, storing, in a memory, a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event;
receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and
in response to determining, at the processor, that the token issue timestamp temporally precedes the revocation timestamp, denying the communication request.
4 Assignments
0 Petitions
Accused Products
Abstract
A token used when a first device authenticates itself to a third device may be associated with a token issue timestamp. Upon receipt of an indication that all previously issued tokens are to be revoked, a second device may store a revocation timestamp. Upon receiving, from the second device, a request for establishing conditions for a file transfer, from the first device, and an indication of a token issue timestamp associated with the request, the second device may compare the token issue timestamp to the revocation timestamp. Responsive to determining, based on the comparing, that the token issue timestamp precedes the revocation timestamp, the second device may deny the request.
47 Citations
16 Claims
-
1. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the method including:
-
receiving, at a processor, an indication of a token revocation command event, the token revocation command event resulting from interaction with an application executed on the target device; responsive to the receiving the indication, storing, in a memory, a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event; receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and in response to determining, at the processor, that the token issue timestamp temporally precedes the revocation timestamp, denying the communication request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A target device comprising:
a processor adapted to; execute an application; receive an indication of a token revocation command event, the token revocation command event resulting from interaction with the application; store a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event; receive a communication request from a server device, the communication request representative of an invitation to allow, at the target device, interaction between an origin device and the target device, the communication request referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and in response to determining that the token issue timestamp temporally precedes the revocation timestamp, deny the communication request.
-
14. A non-transitory computer readable device containing computer-executable instructions that,
when performed by a processor, cause the processor to: -
execute an application; receive an indication of a token revocation command event, the token revocation command event resulting from interaction with the application; store a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event; receive a communication request from a server device, the communication request representative of an invitation to allow, at the target device, interaction between an origin device; and
the target device, the communication request referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; andin response to determining that the token issue timestamp temporally precedes the revocation timestamp, deny the communication request.
-
-
15. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated token that has been generated by a server device in response to a token request from the origin device, the generated token having been transmitted from the server device to the origin device, the method including:
-
receiving, at a processor, an indication of a token revocation command event, the token revocation command event resulting from interaction with an application executed on the target device; responsive to the receiving the indication, storing, in a memory, a revocation timestamp, the revocation timestamp being indicative of a time of occurrence for the token revocation command event; receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated token, wherein the communication request originates from the origin device and is transmitted to the server device with a received token, which has been verified, at the server device, as being the same as the generated token; and in response to determining, at the processor, that the revocation timestamp temporally precedes the token issue timestamp, allowing the communication request.
-
-
16. A method of handling a communication request representative of an invitation to allow, at a target device, interaction between an origin device and the target device, the method referencing a generated second token that has been generated by a server device in response to a token request from the origin device, the generated second token having been transmitted from the server device to the origin device, the method including:
-
receiving, at a processor, an indication of a token revocation command event for a first token, the token revocation command event resulting from interaction with an application executed on the target device; responsive to the receiving the indication, storing, in a memory, a revocation timestamp for the first token, the revocation timestamp being indicative of a time of occurrence for the token revocation command event; receiving, at a communication subsystem and from the server device, the communication request accompanied by an indication of a token issue timestamp for the generated second token, wherein the communication request originates from the origin device and is transmitted to the server device with a received second token, which has been verified, at the server device, as being the same as the generated second token; and in response to determining, at the processor, that a revocation timestamp for the generated second token has not been stored by the target device, allowing the communication request.
-
Specification