Access token management

US 9,646,151 B2
Filed: 05/15/2015
Issued: 05/09/2017
Est. Priority Date: 01/30/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising a server and a user device which are connected to each other via a network,the server including:

a first hardware processor to authenticate, using an access token, a user of a user device connected via the network;

the first hardware processor to receive an access token from the user device; and

the first hardware processor to transmit, when the access token is received, determination information that enables a determination as to whether or not a remaining time until a time of expiration of the access token from a time of the determination is less than a predetermined threshold, to the user device, andthe user device including;

a second hardware processor to transmit an authentication request to the server;

the second hardware processor to transmit the access token to the server;

the second hardware processor to receive the determination information from the server;

the second hardware processor to determine, when the determination information is received, whether or not a remaining time until a time of expiration of the access token is less than a predetermined threshold;

the second hardware processor to transmit an issuance request for an access token when the remaining time until the time of expiration of the access token is determined to be less than the predetermined threshold; and

a token managing unit to, when receiving a new access token, validate the new access token and invalidating an old access token, whereinthe first hardware processor issues a new access token with an updated time of expiration when an issuance request for an access token which is transmitted by the user device having received the determination information is received,the token managing unit associates, with a plurality of access tokens retained in the user device, data which enables priorities among the access tokens to be compared, and when the new access token is received, associates the new access token with the data including a value that has a higher priority than other access tokens in order to validate the new access token and invalidate the other access tokens at the same time, andwhen a plurality of access tokens are retained in the user device, the second hardware processor compares the data associated with the plurality of access tokens, and transmits an access token with a highest priority to the server;

wherein the first hardware processor authenticates the user by handling both the new access token and an old access token as valid access tokens during a period from issuance of the new access token to expiration of a time of expiration of the old access token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a server including: a user authenticating unit that authenticates, using an access token, a user of a user device; a token receiving unit that receives an access token from the user device; and a determination information transmitting unit which, when the access token is received, transmits determination information that enables a determination as to whether or not a remaining time until a time of expiration of the access token is less than a predetermined threshold, to the user device, wherein the user authenticating unit issues a new access token with an updated time of expiration when an issuance request for an access token which is transmitted by the user device having received the determination information is received.

Citations

3 Claims

1. A system comprising a server and a user device which are connected to each other via a network,the server including:
- a first hardware processor to authenticate, using an access token, a user of a user device connected via the network;
  
  the first hardware processor to receive an access token from the user device; and
  
  the first hardware processor to transmit, when the access token is received, determination information that enables a determination as to whether or not a remaining time until a time of expiration of the access token from a time of the determination is less than a predetermined threshold, to the user device, andthe user device including;
  
  a second hardware processor to transmit an authentication request to the server;
  
  the second hardware processor to transmit the access token to the server;
  
  the second hardware processor to receive the determination information from the server;
  
  the second hardware processor to determine, when the determination information is received, whether or not a remaining time until a time of expiration of the access token is less than a predetermined threshold;
  
  the second hardware processor to transmit an issuance request for an access token when the remaining time until the time of expiration of the access token is determined to be less than the predetermined threshold; and
  
  a token managing unit to, when receiving a new access token, validate the new access token and invalidating an old access token, whereinthe first hardware processor issues a new access token with an updated time of expiration when an issuance request for an access token which is transmitted by the user device having received the determination information is received,the token managing unit associates, with a plurality of access tokens retained in the user device, data which enables priorities among the access tokens to be compared, and when the new access token is received, associates the new access token with the data including a value that has a higher priority than other access tokens in order to validate the new access token and invalidate the other access tokens at the same time, andwhen a plurality of access tokens are retained in the user device, the second hardware processor compares the data associated with the plurality of access tokens, and transmits an access token with a highest priority to the server;
  
  wherein the first hardware processor authenticates the user by handling both the new access token and an old access token as valid access tokens during a period from issuance of the new access token to expiration of a time of expiration of the old access token.
- View Dependent Claims (2, 3)
- - 2. The system according to claim 1, wherein the determination information receiving unit receives, from the server, the remaining time until the time of expiration of the access token as the determination information.
  - 3. The system according to claim 1, the server further comprising a token generating unit to generate an access token using identification information of the user device and time of expiration related information that is related to a time of expiration of the access token, whereinthe first hardware processor authenticates the user by determining whether or not the access token received from the user device is the access token that is generated using the identification information of the user device and the time of expiration related information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PFU Limited (Fujitsu Limited)
Original Assignee
PFU Limited (Fujitsu Limited)
Inventors
Miyakawa, Osamu
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/713,786
Publication Number

US 20160224782A1
Time in Patent Office

725 Days
Field of Search

726 2- 10
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/45   Structures or tools for the...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

Access token management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Access token management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links