Authorization server system, control method thereof, and storage medium

US 9,686,257 B2
Filed: 09/26/2013
Issued: 06/20/2017
Est. Priority Date: 09/27/2012
Status: Active Grant

First Claim

Patent Images

1. An authorization server capable of communicating with a server configured to provide a resource service to an apparatus connected via a network and the apparatus including a resource service cooperation application configured to use the resource service, the authorization server comprising:

one or more processors; and

one or more computer-readable media storing one or more programs, the one or more programs comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;

receiving, at the authorization server from a browser on the apparatus, information associated with a client on the apparatus and a request for a token, the information and the request being transmitted by a user'"'"'s operation via the browser;

issuing, by the authorization server, an authorization code in response to the request, transmitting to the browser the authorization code and a request for redirection to the client, and issuing first authorization information based on the authorization code received from the client which has requested the first authorization information, the client accepting the access of the browser redirected from the authorization server and receiving the authorization code from the browser at the time of the redirection, the first authorization information for identifying a first scope of authorization, the first scope of authorization including authorization to use the resource service, wherein the issuing the first authorization information is performed based on one or more user inputs indicating a user has authorized delegating authorization for using the resource service;

receiving, at the authorization server from the client, the first authorization information and a request to issue second authorization information corresponding to a second scope of authorization, the request to issue the second authorization information comprising a request sent by the client for delegating authorization for using the resource service by the resource service cooperation application;

in response to receiving the first authorization information and the request to issue the second authorization information, identifying;

the first scope of authorization based on the first authorization information, andthe second scope of authorization based on information specifying a requested scope of authorization for the second authorization information,determining whether to issue the second authorization information based on the first scope of authorization;

in response to determining to issue the second authorization information, issuing, by the authorization server, the second authorization information for identifying the second scope of authorization, wherein the second scope of authorization comprises a scope of authorization for using the resource service; and

transmitting, from the authorization server to the client, the second authorization information, the second authorization information including information usable by the resource service cooperation application to access the resource services,wherein the determining whether to issue the second authorization information comprises determining whether the first scope of authorization encompasses the second scope of authorization, andwherein the issuing the second authorization information is performed in response to determining that the first scope of authorization encompasses the second scope of authorization.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In response to reception of a request, an authorization server system identifies authorization based on first authorization information received by a reception unit along with the request. The authorization server system gives at least some of the identified authorization to an application, and issues second authorization information for identifying the given authorization.

22 Citations

View as Search Results

11 Claims

1. An authorization server capable of communicating with a server configured to provide a resource service to an apparatus connected via a network and the apparatus including a resource service cooperation application configured to use the resource service, the authorization server comprising:
- one or more processors; and
  
  one or more computer-readable media storing one or more programs, the one or more programs comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, at the authorization server from a browser on the apparatus, information associated with a client on the apparatus and a request for a token, the information and the request being transmitted by a user'"'"'s operation via the browser;
  
  issuing, by the authorization server, an authorization code in response to the request, transmitting to the browser the authorization code and a request for redirection to the client, and issuing first authorization information based on the authorization code received from the client which has requested the first authorization information, the client accepting the access of the browser redirected from the authorization server and receiving the authorization code from the browser at the time of the redirection, the first authorization information for identifying a first scope of authorization, the first scope of authorization including authorization to use the resource service, wherein the issuing the first authorization information is performed based on one or more user inputs indicating a user has authorized delegating authorization for using the resource service;
  
  receiving, at the authorization server from the client, the first authorization information and a request to issue second authorization information corresponding to a second scope of authorization, the request to issue the second authorization information comprising a request sent by the client for delegating authorization for using the resource service by the resource service cooperation application;
  
  in response to receiving the first authorization information and the request to issue the second authorization information, identifying;
  
  the first scope of authorization based on the first authorization information, andthe second scope of authorization based on information specifying a requested scope of authorization for the second authorization information,determining whether to issue the second authorization information based on the first scope of authorization;
  
  in response to determining to issue the second authorization information, issuing, by the authorization server, the second authorization information for identifying the second scope of authorization, wherein the second scope of authorization comprises a scope of authorization for using the resource service; and
  
  transmitting, from the authorization server to the client, the second authorization information, the second authorization information including information usable by the resource service cooperation application to access the resource services,wherein the determining whether to issue the second authorization information comprises determining whether the first scope of authorization encompasses the second scope of authorization, andwherein the issuing the second authorization information is performed in response to determining that the first scope of authorization encompasses the second scope of authorization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The authorization server according to claim 1, the operations further comprising:
    - providing, to the apparatus, an authorization screen for presentation in the browser, the authorization screen prompting a user of the browser to provide an authorization operation, wherein the providing the authorization screen to the browser is performed based on the request for the token; and
      
      receiving, at the authorization server from the browser on the apparatus, information indicating the user provided the authorization operation by using the authorization screen, the authorization operation comprising the one or more user inputs indicating the user has authorized delegating authorization for using the resource service,wherein the issuing the first authorization information comprises issuing the first authorization information based on the authorization operation.
  - 3. The authorization server according to claim 1, wherein the authorization server is configured to be capable for issuing the first authorization information for limiting the authorization to be used by the resource service cooperation application and the authorization server is configured to be capable for issuing the first authorization information for not limiting the authorization to be used by the resource service cooperation application,wherein the determining whether to issue the second authorization information comprises determining whether the first authorization information is not limiting the authorization to be used by the resource service cooperation application, andwherein, in response to determining that the first authorization information is not limiting the authorization to be used by the resource service cooperation application, the issuing the second authorization information is performed without comparing the first scope of authorization to the second scope of authorization.
  - 4. The authorization server according to claim 1, wherein the determining whether to issue the second authorization information comprises:
    - identifying the user based on the first authorization information;
      
      identifying authority of the user based on information indicating a scope of authorization associated with the user; and
      
      determining whether the authority of the user includes authorization corresponding to the second scope of authorization,wherein the issuing the second authorization information is performed in response to determining that the authority of the user includes authorization corresponding to the second scope of authorization.
  - 5. The authorization server according to claim 1, wherein the determining whether to issue the second authorization information comprises determining whether authority of the client includes authorization corresponding to the second scope of authorization, and wherein the issuing the second authorization information is performed in response to determining that the authority of the client includes authorization corresponding to the second scope of authorization.
  - 6. The authorization server according to claim 1, the operations further comprising:
    - receiving, at the authorization server from the server, the second authorization information;
      
      identifying the second scope of authorization based on the second authorization information, the second scope of authorization comprising authorization for using the resource service; and
      
      transmitting, from the authorization server to the server, information about the second scope of authorization,wherein the information about the second scope of authorization includes information usable by the server to confirm that the authorization corresponding to the second authorization information is the authorization for using the resource service, and to authorize the resource service cooperation application using the resource service by the confirmed authorization.
  - 7. The authorization server according to claim 1, wherein the apparatus is an image forming apparatus comprising at least one of image processing units including a printing unit and a scanner unit,wherein the server comprises at least one of image processing services including a printing service and a form service, andwherein the authorization server is configured to be capable for communicating with the apparatus and the server.
  - 8. The authorization server according to claim 1, wherein the apparatus is a smartphone, andwherein the authorization server is connectable with the smartphone.

9. A control method for controlling an authorization server connectable with a server configured to provide a resource service to an apparatus connected via a network and the apparatus including a resource service cooperation application configured to use the resource service, the method comprising:
- receiving, at the authorization server from a browser on the apparatus, information associated with a client on the apparatus and a request for a token, the information and the request being transmitted by a user'"'"'s operation via the browser;
  
  issuing, by the authorization server, an authorization code in response to the request, transmitting to the browser the authorization code and a request for redirection to the client, and issuing first authorization information based on the authorization code received from the client which has requested the first authorization information, the client accepting the access of the browser redirected from the authorization server and receiving the authorization code from the browser at the time of the redirection, the first authorization information for identifying a first scope of authorization, the first scope of authorization including authorization to use the resource service, wherein the issuing the first authorization information is performed based on one or more user inputs indicating a user has authorized delegating authorization for using the resource service;
  
  receiving, at the authorization server from the client, the first authorization information and a request to issue second authorization information corresponding to a second scope of authorization, the request to issue the second authorization information comprising a request sent by the client for delegating authorization for using the resource service by the resource service cooperation application;
  
  in response to receiving the first authorization information and the request to issue the second authorization information, identifying;
  
  the first scope of authorization based on the first authorization information, andthe second scope of authorization based on information specifying a requested scope of authorization for the second authorization information,determining whether to issue the second authorization information based on the first scope of authorization;
  
  in response to determining to issue the second authorization information, issuing, by the authorization server, the second authorization information for identifying the second scope of authorization, wherein the second scope of authorization comprises a scope of authorization for using the resource service; and
  
  transmitting, from the authorization server to the client, the second authorization information, the second authorization information including information usable by the resource service cooperation application to access the resource services,wherein the determining whether to issue the second authorization information comprises determining whether the first scope of authorization encompasses the second scope of authorization, andwherein the issuing the second authorization information is performed in response to determining that the first scope of authorization encompasses the second scope of authorization.

10. A non-transitory storage medium storing a program that, when executed! by n authorization server, causes the authorization server to perform method for controlling an authorization server connectable with a server configured to provide a resource service to an apparatus connected via a network and the apparatus including a resource service cooperation application configured to use the resource service, the method comprising:
- receiving, at the authorization server from a browser on the apparatus, information associated with a client on the apparatus and a request for a token, the information and the request being transmitted by a user'"'"'s operation via the browser;
  
  issuing, by the authorization server, an authorization code in response to the request, transmitting to the browser the authorization code and a request for redirection to the client, and issuing first authorization information based on the authorization code received from the client which has requested the first authorization information, the client accepting the access of the browser redirected from the authorization server and receiving the authorization code from the browser at the time of the redirection, the first authorization information for identifying a first scope of authorization, the first scope of authorization including authorization to use the resource service, wherein the issuing the first authorization information is performed based on one or more user inputs indicating a user has authorized delegating authorization for using the resource service;
  
  receiving, at the authorization server from the client, the first authorization information and a request to issue second authorization information corresponding to a second scope of authorization, the request to issue the second authorization information comprising a request sent by the client for delegating authorization for using the resource service by the resource service cooperation application;
  
  in response to receiving the first authorization information and the request to issue the second authorization information, identifying;
  
  the first scope of authorization based on the first authorization information, andthe second scope of authorization based on information specifying a requested scope of authorization for the second authorization information,determining whether to issue the second authorization information based on the first scope of authorization;
  
  in response to determining to issue the second authorization information, issuing, by the authorization server, the second authorization information for identifying the second scope of authorization, wherein the second scope of authorization comprises a scope of authorization for using the resource service; and
  
  transmitting, from the authorization server to the client, the second authorization information, the second authorization information including information usable by the resource service cooperation application to access the resource services,wherein the determining whether to issue the second authorization information comprises determining whether the first scope of authorization encompasses the second scope of authorization, andwherein the issuing the second authorization information is performed in response to determining that the first scope of authorization encompasses the second scope of authorization.

11. An authorization system including, an apparatus which has a resource service cooperation application configured to use a resource service, and an authorization server capable of communicating with a server configured to provide the resource service to the apparatus connected via a network, the authorization system comprising:
- one or more processors; and
  
  one or more computer-readable media storing one or more programs, the one or more programs comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  sending, from a browser on the apparatus, information associated with a client on the apparatus and a request for a token;
  
  receiving, at the authorization server from a browser on the apparatus, the information and the request, the information and the request being transmitted by a user'"'"'s operation via the browser;
  
  issuing, by the authorization server, an authorization code in response to the request, transmitting to the browser the authorization code and a request for redirection to the client, and issuing first authorization information based on the authorization code received from the client which has requested the first authorization information, the client accepting the access of the browser redirected from the authorization server and receiving the authorization code from the browser at the time of the redirection, the first authorization information for identifying a first scope of authorization, the first scope of authorization including authorization to use the resource service, wherein the issuing the first authorization information is performed based on one or more user inputs indicating a user has authorized delegating authorization for using the resource service;
  
  receiving, at the authorization server from the client, the first authorization information and a request to issue second authorization information corresponding to a second scope of authorization, the request to issue the second authorization information comprising a request sent by the client for delegating authorization for using the resource service by the resource service cooperation application;
  
  in response to receiving the first authorization information and the request to issue the second authorization information, identifying;
  
  the first scope of authorization based on the first authorization information, andthe second scope of authorization based on information specifying a requested scope of authorization for the second authorization information;
  
  determining whether to issue the second authorization information based on the first scope of authorization;
  
  in response to determining to issue the second authorization information, issuing, by the authorization server, the second authorization information for identifying the second scope of authorization, wherein the second scope of authorization comprises a scope of authorization for using the resource service; and
  
  transmitting, from the authorization server to the client, the second authorization information, the second authorization information including information usable by the resource service cooperation application to access the resource service,wherein the determining whether to issue the second authorization information comprises determining whether the first scope of authorization encompasses the second scope of authorization, andwherein the issuing the second authorization information is performed in response to determining that the first scope of authorization encompasses the second scope of authorization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Ayutthaya Limited (Canon Inc.)
Original Assignee
Canon Ayutthaya Limited (Canon Inc.)
Inventors
Tamura, Yu
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
LAPIAN, ALEXANDER R

Application Number

US14/037,714
Publication Number

US 20140090027A1
Time in Patent Office

1,363 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/608   Secure printing

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Authorization server system, control method thereof, and storage medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization server system, control method thereof, and storage medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links