Funding access in a distributed electronic environment

US 9,466,051 B1
Filed: 02/06/2013
Issued: 10/11/2016
Est. Priority Date: 02/06/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method, comprising:

receiving, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a cryptographic token generated by a third party identity provider, the cryptographic token including identity information for the entity and a specified user independent from the entity to authenticate the entity;

generating, by one or more computer systems, an applicable delegation profile for the request based at least in part on the user credential and the identity information for the entity, the applicable delegation profile comprising permissions for accessing the one or more resources and identifiers for one of the specified user or principals permitted to access the one or more resources according to the permissions;

identifying one or more parties to provide an amount of funding based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources;

determining whether the amount of funding is provided for the access in response to the identification of the one or more parties;

authenticating, by the one or more computer systems, the entity based at least in part on the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and

providing, by the one or more computer systems, the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Delegation profiles are established that are associated with at least one secured account of at least one customer. Each delegation profile includes information such as a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once a delegation profile is created, the profile can be available for external principals or services that provide a user credential delegated access under the account, where that credential is provided by a trusted identity service. Access can be provided across accounts using the user credential.

Citations

28 Claims

1. A computer implemented method, comprising:
- receiving, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a cryptographic token generated by a third party identity provider, the cryptographic token including identity information for the entity and a specified user independent from the entity to authenticate the entity;
  
  generating, by one or more computer systems, an applicable delegation profile for the request based at least in part on the user credential and the identity information for the entity, the applicable delegation profile comprising permissions for accessing the one or more resources and identifiers for one of the specified user or principals permitted to access the one or more resources according to the permissions;
  
  identifying one or more parties to provide an amount of funding based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources;
  
  determining whether the amount of funding is provided for the access in response to the identification of the one or more parties;
  
  authenticating, by the one or more computer systems, the entity based at least in part on the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and
  
  providing, by the one or more computer systems, the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The computer implemented method of claim 1, further comprising:
    - determining an amount of digital currency associated with the request, wherein determining whether funding is provided for the access includes determining whether the amount of digital currency is sufficient for the access to the one or more resources.
  - 3. The computer implemented method of claim 1, wherein at least one of a type of funding, or the amount of funding for the access to the one or more resources is determined based at least in part on the request and the applicable delegation profile including identity information, the identity information comprising a type of access, an application identifier, a specified access identifier, or an account identifier.
  - 4. The computer implemented method of claim 1, further comprising:
    - causing advertising to be provided for display to the entity in order to obtain the funding for the access based at least in part on the determination whether funding is provided and the applicable delegation profile or the request.
  - 5. The computer implemented method of claim 4, further comprising:
    - determining an amount of advertising to be provided, the amount being based at least in part upon at least one aspect of the access or the applicable delegation profile.
  - 6. The computer implemented method of claim 5, further comprising:
    - verifying that the amount of advertising was displayed for the entity.
  - 7. The computer implemented method of claim 5, wherein the amount of advertising to be provided is reduced in response to at least one action being performed with respect to provided advertising, the at least one action including at least one of a completion of a purchase of an item associated with the provided advertising or a selection to view additional information associated with the provided advertising.
  - 8. The computer implemented method of claim 5, further comprising:
    - enabling the entity to provide funding for the access; and
      
      upon determining that the funding was provided, determining that advertising does not need to be provided for the access.
  - 9. The computer implemented method of claim 4, wherein the entity is a provider of an application executed by the user, and wherein the advertising is provided for display to the specified user via the application.
  - 10. The computer implemented method of claim 4, wherein the advertising is provided for display to the specified user via the third party identity provider.
  - 11. The computer implemented method of claim 4, wherein the entity is a first provider of a first application submitting the request on behalf of the specified user,wherein the one or more resources are associated with a second provider of a second application;
    - andwherein a responsible party for the funding includes at least one of the specified user, the first provider, or the second provider.
  - 12. The computer implemented method of claim 11, further comprising:
    - enabling the responsible party to specify at least one of a type or an amount of access to be provided while the responsible party is responsible for funding the access.
  - 13. The computer implemented method of claim 1, wherein access to the one or more resources is provided according to an account being maintained by a provider of the one or more resources, the access being provided according to one or more terms of the account.
  - 14. The computer implemented method of claim 13, wherein the account corresponds to one of the specified user, the entity, the provider, or a third party.
  - 15. The computer implemented method of claim 13, wherein generating the applicable delegation profile is based at least in part upon a relationship of the entity to a holder of the account.
  - 16. The computer-implemented method of claim 13, wherein the permissions of the applicable delegation profile are restricted to a scope that is less than or equal to permissions of the holder of the account.
  - 17. The computer-implemented method of claim 1, wherein the user credential comprises a security token issued by the third party identity provider, the security token including information for the specified user.
  - 18. The computer-implemented method of claim 1, wherein the entity is provided with access only when the identity provider is a federation provider indicated by the applicable delegation profile or when the identity information provided by the identity provider includes at least one piece of mandatory information.
  - 19. The computer-implemented method of claim 1, wherein the funding is provided via an in-application purchase performed via a mobile computing device.

20. A computer system, comprising:
- at least one processor; and
  
  memory including instructions that, when executed by the at least one processor, cause the computer system to;
  
  receive, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a secure token generated by a third party identity provider, the secure token including identity information for the entity and a specified user independent from the entity;
  
  generate, by the processor, an applicable delegation profile for the request based at least in part on the user credential including the identity information for the entity, the applicable delegation profile comprising identifiers for one of the specified user or principals and permissions for accessing the one or more resources, the permissions applicable to the specified user or the principals;
  
  identify one or more parties to provide an amount of funding based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources;
  
  determine whether the amount of funding is provided for the access in response to the identification of the one or more parties;
  
  authenticating, by the processor, the entity based at least in part on the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and
  
  provide the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The computer system of claim 20, wherein the instructions when executed further cause the computer system to:
    - determine an amount of digital currency associated with the request, wherein determining whether funding is provided for the access includes determining whether the amount of digital currency is sufficient for the access to the one or more resources.
  - 22. The computer system of claim 20, wherein the instructions when executed further cause the computer system to:
    - cause advertising to be provided for display to the entity in order to obtain the funding for the access.
  - 23. The computer system of claim 20, wherein the instructions when executed further cause the computer system to:
    - determine an amount of advertising to be provided, the amount being based at least in part upon at least one aspect of the access or the applicable delegation profile.
  - 24. The computer system of claim 20, wherein the instructions when executed further cause the computer system to:
    - verify that the amount of advertising was displayed for the entity.

25. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to:
- receive, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a cryptographic token generated by a third party identity provider and including identity information for the entity and a specified user independent from the entity;
  
  generate, by the at least one processor of the computing system, an applicable delegation profile for the request based at least in part on the user credential and the identity information for the entity, the applicable delegation profile comprising identifiers for one of the specified user or principals and permissions for accessing the one or more resources, the permissions applicable to the specified user or the principals;
  
  identify one or more parties to provide an amount of funding required to provide access based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources;
  
  determine whether the amount of funding is provided for the access in response to the identification of the one or more parties;
  
  authenticate, by the at least one processor of the computing system, the entity based at least in part upon the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and
  
  provide the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions.
- View Dependent Claims (26, 27, 28)
- - 26. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed further cause the computer system to:
    - determine an amount of digital currency associated with the request, wherein determining whether funding is provided for the access includes determining whether the amount of digital currency is sufficient for the access to the one or more resources.
  - 27. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed further cause the computer system to:
    - cause advertising to be provided for display to the entity in order to obtain the funding for the access.
  - 28. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed further cause the computer system to:
    - determine an amount of advertising to be provided, the amount being based at least in part upon at least one aspect of the access or the applicable delegation profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Popick, Daniel Stephen, Behm, Bradley Jeffery
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
MURPHY, JOSEPH B

Application Number

US13/760,769
Time in Patent Office

1,343 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06Q 20/02   involving a neutral party, ...

G06Q 20/229   Hierarchy of users of accounts

G06Q 20/405   Establishing or using trans...

G06Q 30/0277   Online advertisement

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

Funding access in a distributed electronic environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Funding access in a distributed electronic environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links