Authorization based on access token

US 9,736,694 B2
Filed: 07/12/2016
Issued: 08/15/2017
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one data processor; and

memory storing instructions which, when executed by the at least one data processor, result in operations comprising;

generating by a mobile client device, an authorization request with a secure token that corresponds to both the mobile client device and to a third party application and which is used to access a server, the authorization request being embedded with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if an authorization token should be provided to the mobile client device, the plurality of parameters chosen from a group comprising;

a requesting mobile client device, a third-party application, and a scope of usage;

requesting, by the mobile client device, access to the server by using the authorization token, in response to the authorization request, the server comprising a database and a register, the register storing a plurality of profiles of mobile client devices with respective secure tokens in the database;

receiving, by the mobile client device, the authorization token if the server determines that the authorization token should be provided to the mobile client device;

first determining that the secure token is valid by determining that a scope of usage is within a defined security level for the mobile client device and the third-party application;

second determining, using the register, that the mobile client device and the third-party application are registered in one of the plurality of profiles in the register; and

providing the mobile client device access to the server based on the first determining and the second determining.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device may include an authenticator and a processor. The authenticator may generate an authorization request with a secure token to access a server. The processor may access the server using an authorization token, if the authenticator receives the authorization token in response to the authorization request. The authenticator may embed the authorization request with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if the authorization token should be given to the mobile device.

16 Citations

View as Search Results

15 Claims

1. A system comprising:
- at least one data processor; and
  
  memory storing instructions which, when executed by the at least one data processor, result in operations comprising;
  
  generating by a mobile client device, an authorization request with a secure token that corresponds to both the mobile client device and to a third party application and which is used to access a server, the authorization request being embedded with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if an authorization token should be provided to the mobile client device, the plurality of parameters chosen from a group comprising;
  
  a requesting mobile client device, a third-party application, and a scope of usage;
  
  requesting, by the mobile client device, access to the server by using the authorization token, in response to the authorization request, the server comprising a database and a register, the register storing a plurality of profiles of mobile client devices with respective secure tokens in the database;
  
  receiving, by the mobile client device, the authorization token if the server determines that the authorization token should be provided to the mobile client device;
  
  first determining that the secure token is valid by determining that a scope of usage is within a defined security level for the mobile client device and the third-party application;
  
  second determining, using the register, that the mobile client device and the third-party application are registered in one of the plurality of profiles in the register; and
  
  providing the mobile client device access to the server based on the first determining and the second determining.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the secure token is embedded in the authorization request.
  - 3. The system of claim 1, wherein the authorization token is based on a web session identification number.
  - 4. The system of claim 1, wherein the authorization token is based on a time-stamp associated with the authorization request.
  - 5. The system of claim 1, wherein the scope of usage is associated with at least one of data deletion, data modification, data read, data write, and data query.

6. A computer-implemented method comprising:
- generating by a mobile client device, an authorization request with a secure token that corresponds to both the mobile client device and to a third party application and which is used to access a server, the authorization request being embedded with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if an authorization token should be provided to the mobile client device, the plurality of parameters chosen from a group comprising;
  
  a requesting mobile client device, a third-party application, and a scope of usage;
  
  requesting, by the mobile client device, access to the server by using the authorization token, in response to the authorization request, the server comprising a database and a register, the register storing a plurality of profiles of mobile client devices with respective secure tokens in the database;
  
  receiving, by the mobile client device, the authorization token if the server determines that the authorization token should be provided to the mobile client device;
  
  first determining that the secure token is valid by determining that a scope of usage is within a defined security level for the mobile client device and the third-party application;
  
  second determining, using the register, that the mobile client device and the third-party application are registered in one of the plurality of profiles in the register; and
  
  providing the mobile client device access to the server based on the first determining and the second determining.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the secure token is embedded in the authorization request.
  - 8. The method of claim 6, wherein the authorization token is based on a web session identification number.
  - 9. The method of claim 6, wherein the authorization token is based on a time-stamp associated with the authorization request.
  - 10. The method of claim 6, wherein the scope of usage is associated with at least one of data deletion, data modification, data read, data write, and data query.

11. A non-transitory computer program product storing instructions which, when executed by at least one data processor forming part of at least one computing device, result in operations comprising:
- generating by a mobile client device, an authorization request with a secure token that corresponds to both the mobile client device and to a third party application and which is used to access a server, the authorization request being embedded with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if an authorization token should be provided to the mobile client device, the plurality of parameters chosen from a group comprising;
  
  a requesting mobile client device, a third-party application, and a scope of usage;
  
  requesting, by the mobile client device, access to the server by using the authorization token, in response to the authorization request, the server comprising a database and a register, the register storing a plurality of profiles of mobile client devices with respective secure tokens in the database;
  
  receiving, by the mobile client device, the authorization token if the server determines that the authorization token should be provided to the mobile client device;
  
  first determining that the secure token is valid by determining that a scope of usage is within a defined security level for the mobile client device and the third-party application;
  
  second determining, using the register, that the mobile client device and the third-party application are registered in one of the plurality of profiles in the register; and
  
  providing the mobile client device access to the server based on the first determining and the second determining.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11, wherein the secure token is embedded in the authorization request.
  - 13. The computer program product of claim 11, wherein the authorization token is based on a web session identification number.
  - 14. The computer program product of claim 11, wherein the authorization token is based on a time-stamp associated with the authorization request.
  - 15. The computer program product of claim 11, wherein the scope of usage is associated with at least one of data deletion, data modification, data read, data write, and data query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Mihaylov, Yanislav, Pavlov, Plamen
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/208,489
Publication Number

US 20160366592A1
Time in Patent Office

399 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

Authorization based on access token

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization based on access token

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links