Using representational state transfer (REST) for consent management

US 9,565,178 B2
Filed: 04/14/2016
Issued: 02/07/2017
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sending, from an application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, to an authorization computer system, a request for permission to access a scope of information associated with the user;

based on authentication of the user associated with the device, receiving, at the device associated with the user, through the REST-based interface, from the authorization computer system, a request for consent by the user to allow the application to access information that is within the scope of information associated with the user; and

responsive to the device receiving consent from the user, sending, from the device associated with the user, through the REST-based interface, to the authorization computer system, information indicating the consent to allow the application to access the information, wherein the authorization computer system stores a mapping between the application and the scope of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for sending, from an application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, to an authorization computer system, a request for permission to access a scope of information associated with the user. The techniques can further include, based on authentication of the user, receiving, at the device associated with the user, through the REST-based interface, a request for consent by the user to allow the application to access information that is within the scope of information associated with the user. Furthermore, the techniques can include, responsive to the device receiving consent from the user, sending, from the device associated with the user, through the REST-based interface, to the authorization computer system, the consent to allow the application to access the information for the authorization computer system to store a mapping between the application and the scope.

Citations

20 Claims

1. A method comprising:
- sending, from an application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, to an authorization computer system, a request for permission to access a scope of information associated with the user;
  
  based on authentication of the user associated with the device, receiving, at the device associated with the user, through the REST-based interface, from the authorization computer system, a request for consent by the user to allow the application to access information that is within the scope of information associated with the user; and
  
  responsive to the device receiving consent from the user, sending, from the device associated with the user, through the REST-based interface, to the authorization computer system, information indicating the consent to allow the application to access the information, wherein the authorization computer system stores a mapping between the application and the scope of information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving, at the device, from the authorization computer system, through the REST-based interface, a request for an authentication credential associated with the user.
  - 3. The method of claim 2, further comprising:
    - sending, from the device, the authentication credential to the authorization computer system through the REST-based interface, wherein the authorization computer system, determines the authentication of the user based on the authentication credential.
  - 4. The computer-implemented method of claim 1, further comprising:
    - sending, from the application on the device, through the REST-based interface, to the authorization computer system, a request for permission to access new information within the scope of information; and
      
      receiving, at the device, through the REST-based interface, from the authorization computer system, a response providing the permission to access the new information, wherein the permission to access the new information is determined based on identifying the mapping between the application and the scope of information.
  - 5. The computer-implemented method of claim 1, wherein communication between the device and the authorization computer system occurs through the REST-based interface without involving a Hypertext Transfer Protocol (HTTP) redirect operation.
  - 6. The computer-implemented method of claim 1, further comprising:
    - sending, from the application, through the REST-based interface, to the authorization computer system, a request to revoke the consent, wherein revoking the consent includes deleting the mapping stored by the authorization computer system.

7. A machine-readable memory comprising instructions which, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- sending, from an application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, to an authorization computer system, a request for permission to access a scope of information associated with the user;
  
  based on authentication of the user associated with the device, receiving, at the device associated with the user, through the REST-based interface, from the authorization computer system, a request for consent by the user to allow the application to access information that is within the scope of information associated with the user; and
  
  responsive to the device receiving consent from the user, sending, from the device associated with the user, through the REST-based interface, to the authorization computer system, information indicating the consent to allow the application to access the information, wherein the authorization computer system stores a mapping between the application and the scope of information.
- View Dependent Claims (8, 9, 10)
- - 8. The machine-readable memory of claim 7, wherein the instructions, when executed by the one or more processors, cause the one or more processors to perform:
    - receiving, at the device, from the authorization computer system, through the REST-based interface, a request for an authentication credential associated with the user.
  - 9. The machine-readable memory of claim 8, wherein the instructions, when executed by the one or more processors, cause the one or more processors to perform:
    - sending, from the device, the authentication credential to the authorization computer system through the REST-based interface, wherein the authorization computer system, determines authentication of the user based on the authentication credential.
  - 10. The machine-readable memory of claim 7, wherein the instructions, when executed by the one or more processors, cause the one or more processors to perform:
    - sending, from the application on the device, through the Representational State Transfer (REST)-based interface, to the authorization computer system, a request for permission to access new information within the scope of information; and
      
      receiving, at the device, through the REST-based interface, from the authorization computer system, a response providing the permission to access the new information, wherein the permission to access the new information is determined based on identifying the mapping between the application and the scope of information.

11. A system comprising:
- one or more hardware processors; and
  
  a memory storing a plurality of instructions, the plurality of instructions, when executed by the one or more hardware processors, causes the one or more hardware processors to;
  
  send, from an application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, to an authorization computer system, a request for permission to access a scope of information associated with the user;
  
  based on authentication of the user associated with the device, receive, at the device associated with the user, through the REST-based interface, from the authorization computer system, a request for consent by the user to allow the application to access information that is within the scope of information associated with the user; and
  
  responsive to the device receiving consent from the user, send, from the device associated with the user, through the REST-based interface, to the authorization computer system, information indicating the consent to allow the application to access the information, wherein the authorization computer system stores a mapping between the application and the scope of information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the plurality of instructions, when executed by the one or more hardware processors, further causes the one or more hardware processors to:
    - send, from the device, an authentication credential to the authorization computer system through the REST-based interface, wherein the authorization computer system, determines authentication of the user based on the authentication credential.
  - 13. The system of claim 12, wherein the plurality of instructions further configure the one or more hardware processors to:
    - send, from the application on the device, through the Representational State Transfer (REST)-based interface, to the authorization computer system, a request for permission to access new information within the scope of information; and
      
      receive, at the device, through the REST-based interface, from the authorization computer system, a response providing the permission to access the new information, wherein the permission to access the new information is determined based on identifying the mapping between the application and the scope of information.
  - 14. The system of claim 11, wherein communication between the device and the authorization computer system occurs through the REST-based interface without involving a Hypertext Transfer Protocol (HTTP) redirect operation.
  - 15. The system of claim 11, wherein the plurality of instructions further configure the one or more hardware processors to:
    - send, from the application, through the REST-based interface, to the authorization computer system, a request to revoke the consent, wherein revoking the consent includes deleting the mapping stored at the authorization computer system.
  - 16. The system of claim 11, wherein the request for consent is received by the application on the device, and wherein the consent is sent by the application on the device.
  - 17. The system of claim 11, wherein communication through the REST-based interface does not involve an HTML-based redirect.
  - 18. The system of claim 11, wherein the plurality of instructions further configure the one or more hardware processors to:
    - render a user interface on a display of the device, the user interface displaying one or more commands associated with communication between the device and the authorization computer system occurring through the REST-based interface.
  - 19. The system of claim 18, wherein communication associated with the one or more commands, through the REST-based interface, does not involve an HTML-based redirect.
  - 20. The system of claim 11, wherein the plurality of instructions further configure the one or more hardware processors to:
    - send, from the device, through the REST-based interface, to the authorization computer system, a request for a list of mappings;
      
      receiving, by the device, through the REST-based interface, from the authorization computer system, the list of mappings, wherein the list of mappings includes the mapping.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sondhi, Ajay, Chu, Ching-Wen, Kim, Beomsuk, Hingarajiya, Ravi
Primary Examiner(s)
Vaughan, Michael R

Application Number

US15/099,426
Publication Number

US 20160226859A1
Time in Patent Office

299 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2221/2103   Challenge-response

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/06   Authentication

Using representational state transfer (REST) for consent management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using representational state transfer (REST) for consent management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links