Cookie optimization
First Claim
1. A computing device comprising:
- at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and execute instructions including instructions for causing the computing device to perform operations, the operations including;
receiving an identity token that is associated with a user;
determining a list of candidate computing accounts for the user on a given computing domain based on information contained within the identity token;
determining computing accounts, from the list of candidate computing accounts, that the user has access to and the user'"'"'s permission level on each of the computing accounts from the list of candidate computing accounts that the user has access to;
in response to determining the computing accounts, generating an intermediate token for the user, the intermediate token including an identity claim for the user and a list of computing accounts that the user was determined to have access to;
generating an account token for an account selected from the list of computing accounts that the user was determined to have access to;
providing the account token to another computing device; and
in response to a request, authorizing a holder of the account token to access the account selected from the list of computing accounts that the user was determined to have access to.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein is a system and method for optimizing a cookie or token in a web service or other claims based domain system. A user presents an identity token to the domain system which verifies the identity claim as authentic and then determines what accounts the user has access to on the domain. The user is issued an intermediate token by the system which includes the locations of the accounts the user has access to. The user then selects the account they wish to interact with and receives an account token back to the user for the specific account, including any of the privileges the user has on the account. The account token also includes information that the user has multiple accounts on the domain. The user is able to switch accounts on the domain system without having to revalidate their credentials to the domain system.
-
Citations
20 Claims
-
1. A computing device comprising:
at least one memory and at least one processor, wherein the at least one memory and the at least one processor are respectively configured to store and execute instructions including instructions for causing the computing device to perform operations, the operations including; receiving an identity token that is associated with a user; determining a list of candidate computing accounts for the user on a given computing domain based on information contained within the identity token; determining computing accounts, from the list of candidate computing accounts, that the user has access to and the user'"'"'s permission level on each of the computing accounts from the list of candidate computing accounts that the user has access to; in response to determining the computing accounts, generating an intermediate token for the user, the intermediate token including an identity claim for the user and a list of computing accounts that the user was determined to have access to; generating an account token for an account selected from the list of computing accounts that the user was determined to have access to; providing the account token to another computing device; and in response to a request, authorizing a holder of the account token to access the account selected from the list of computing accounts that the user was determined to have access to. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method comprising:
-
receiving, by a computing device, an identity token for a user; extracting a domain identifier for at least one computing domain from the identity token, wherein the domain identifier is contained within a portion of the identity token; determining a list of locations of computing accounts that the user has permission to access based at least in part on the extracted domain identifier; generating an intermediate token for the user, the intermediate token indicating the determined list of locations of computing accounts; generating an account token for an account selected from the computing accounts that the user has permission to access; transmitting, by the computing device, the generated account token to another computing device, the generated account token including an indication that the user has multiple accounts; and authorizing a holder of the account token to access the account selected from the computing accounts that the user has permission to access. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
receiving, by a computing device, an identity token that is associated with a user; determining a list of candidate computing accounts for the user on a given computing domain based on information contained within the identity token; determining computing accounts, from the list of candidate computing accounts, that the user has access to and the user'"'"'s permission level on each of the computing accounts from the list of candidate computing accounts that the user has access to; in response to determining the computing accounts, generating an intermediate token for the user, the intermediate token including an identity claim for the user and a list of computing accounts that the user was determined to have access to; generating an account token for an account selected from the list of computing accounts that the user was determined to have access to; providing the account token to another computing device; and in response to a request, authorizing a holder of the account token to access the account selected from the list of computing accounts that the user was determined to have access to. - View Dependent Claims (19, 20)
-
Specification