Providing application programs with access to secured resources

US 9,231,933 B1
Filed: 09/09/2013
Issued: 01/05/2016
Est. Priority Date: 03/16/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for receiving access to secured resources, the method comprising:

sending, from an application program of a computer system and for receipt by a token providing system, a first request to obtain a temporary authentication token that is able to be used to access portions of secured resources that are stored by a resource providing system, wherein the token providing system stores a primary authentication token that the token providing system uses to obtain the temporary authentication token, wherein the first request does not include the primary authentication token;

receiving, by the application program and as having been sent by the token providing system, the temporary authentication token;

sending, by the application program and for receipt by a resource providing system, a second request that (i) is to obtain a first portion of the secured resources, and (ii) includes the temporary authentication token to indicate to the resource providing system that the application program is authorized to receive the first portion of the secured resources; and

receiving, by the application program and as having been sent by the resource providing system responsive to the application program sending the second request, the first portion of the secured resources.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token. The token providing system provides the first temporary authentication token for use by the first application program.

149 Citations

20 Claims

1. A computer-implemented method for receiving access to secured resources, the method comprising:
- sending, from an application program of a computer system and for receipt by a token providing system, a first request to obtain a temporary authentication token that is able to be used to access portions of secured resources that are stored by a resource providing system, wherein the token providing system stores a primary authentication token that the token providing system uses to obtain the temporary authentication token, wherein the first request does not include the primary authentication token;
  
  receiving, by the application program and as having been sent by the token providing system, the temporary authentication token;
  
  sending, by the application program and for receipt by a resource providing system, a second request that (i) is to obtain a first portion of the secured resources, and (ii) includes the temporary authentication token to indicate to the resource providing system that the application program is authorized to receive the first portion of the secured resources; and
  
  receiving, by the application program and as having been sent by the resource providing system responsive to the application program sending the second request, the first portion of the secured resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 20)
- - 2. The computer-implemented method of claim 1, wherein the application program does not have access to the primary authentication token.
  - 3. The computer-implemented method of claim 1, wherein:
    - an authentication system provided the primary authentication token for receipt by the token providing system in response to the authentication system receiving authentication credentials.
  - 4. The computer-implemented method of claim 3, wherein the application program does not have access to authentication credentials.
  - 5. The computer-implemented method of claim 3, wherein the token providing system does not have access to the authentication credentials.
  - 6. The computer-implemented method of claim 3, wherein the token providing system used the primary authentication token to obtain the temporary authentication token from the authentication system.
  - 7. The computer-implemented method of claim 3, wherein the authentication credentials include a username and a shared secret for a user account.
  - 8. The computer-implemented method of claim 1, wherein the resource providing system is configured such that the token providing system is unable to access the first portion of the secured resources using the primary authentication token in place of the temporary authentication token.
  - 9. The computer-implemented method of claim 1, wherein the second request further includes (iii) a scope to identify the first portion of the secured resources in distinction to other portions of the secured resources.
  - 19. The computer-implemented method of claim 1, wherein the application program is unable to access the primary authentication token.
  - 20. The computer-implemented method of claim 1, wherein the application program does not use the primary authentication token in the second request to obtain the first portion of the secured resources.

10. A computer system for providing access to secured resources, the system comprising:
- one or more processors; and
  
  one or more computer-readable devices that store instructions that, when executed by the one or more processors, cause performance of operations that comprise;
  
  sending, from an application program of a computer system and for receipt by a token providing system, a first request to obtain a temporary authentication token that is able to be used to access portions of secured resources that are stored by a resource providing system, wherein the token providing system stores a primary authentication token that the token providing system uses to obtain the temporary authentication token, wherein the first request does not include the primary authentication token;
  
  receiving, by the application program and as having been sent by the token providing system, the temporary authentication token;
  
  sending, by the application program and for receipt by a resource providing system, a second request that (i) is to obtain a first portion of the secured resources, and (ii) includes the temporary authentication token to indicate to the resource providing system that the application program is authorized to receive the first portion of the secured resources; and
  
  receiving, by the application program and as having been sent by the resource providing system responsive to the application program sending the second request, the first portion of the secured resources.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer system of claim 10, wherein the application program does not have access to the primary authentication token.
  - 12. The computer system of claim 10, wherein:
    - an authentication system provided the primary authentication token for receipt by the token providing system in response to the authentication system receiving authentication credentials.
  - 13. The computer system of claim 12, wherein the application program does not have access to authentication credentials.
  - 14. The computer system of claim 12, wherein the token providing system does not have access to the authentication credentials.
  - 15. The computer system of claim 12, wherein the token providing system used the primary authentication token to obtain the temporary authentication token from the authentication system.
  - 16. The computer system of claim 12, wherein the authentication credentials include a username and a shared secret for a user account.
  - 17. The computer system of claim 10, wherein the resource providing system is configured such that the token providing system is unable to access the first portion of the secured resources using the primary authentication token in place of the temporary authentication token.
  - 18. The computer system of claim 10, wherein the second request further includes (iii) a scope to identify the first portion of the secured resources in distinction to other portions of the secured resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Shenoy, Vittaldas Sachin, Risbood, Pankaj, Sahasranaman, Vivek, Kern, Christoph, Anderson, Evan K.
Primary Examiner(s)
Moorthy, Aravind

Application Number

US14/021,261
Time in Patent Office

848 Days
Field of Search

726/9, 726/4, 726/5, 713/165, 713/168
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0846   using time-dependent-passwo...

H04L 9/3226   using a predetermined code,...

Providing application programs with access to secured resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing application programs with access to secured resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links