Authorization and authentication based on an individual's social network

US 9,798,777 B2
Filed: 06/06/2016
Issued: 10/24/2017
Est. Priority Date: 07/22/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising, by one or more computing devices:

receiving, from a client device associated with a first entity of a communication service, a request by the first entity to access the communication service, the request comprising an entity identifier (ID) of the first entity;

retrieving, by one or more of the computing devices, a black list comprising entity IDs of entities who are not authorized to access the communication service;

sending, by one or more of the computing devices, a query to a social graph server for a list comprising IDs of entities related to entities on the black list, wherein a relationship database of the social graph server stores a graph data structure comprising a plurality of nodes corresponding to a plurality of entities and a plurality of edges connecting the nodes, each edge establishing a degree of separation between two nodes;

determining, by one or more of the computing devices, a gray list based on the IDs of entities received in response to the query to the social graph server, wherein the gray list comprises entity IDs of entities who are not authorized to access the communication service based on their relationships in the graph data structure to the entities on the black list;

determining, by one or more of the computing devices, whether the first entity is authorized to access the communication service based at least in part on the gray list; and

prohibiting, by one or more of the computing devices, access to the communication service by the first entity if the first entity is not authorized to access the communication service based on the gray list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In particular embodiments, a method includes receiving, from a client device associated with a first entity of a communication service, a request by the first entity to access the communication service, the request comprising an entity identifier (ID) of the first entity, determining whether the first entity is authorized to access the communication service based at least in part on a gray list comprising entity IDs of the entities who are not authorized to access the communication service, wherein the gray list is based on a black list, and prohibiting, by one or more of the computing devices, access to the communication service by the first entity if the first entity is not authorized to access the communication service based on the gray list.

87 Citations

View as Search Results

33 Claims

1. A method comprising, by one or more computing devices:
- receiving, from a client device associated with a first entity of a communication service, a request by the first entity to access the communication service, the request comprising an entity identifier (ID) of the first entity;
  
  retrieving, by one or more of the computing devices, a black list comprising entity IDs of entities who are not authorized to access the communication service;
  
  sending, by one or more of the computing devices, a query to a social graph server for a list comprising IDs of entities related to entities on the black list, wherein a relationship database of the social graph server stores a graph data structure comprising a plurality of nodes corresponding to a plurality of entities and a plurality of edges connecting the nodes, each edge establishing a degree of separation between two nodes;
  
  determining, by one or more of the computing devices, a gray list based on the IDs of entities received in response to the query to the social graph server, wherein the gray list comprises entity IDs of entities who are not authorized to access the communication service based on their relationships in the graph data structure to the entities on the black list;
  
  determining, by one or more of the computing devices, whether the first entity is authorized to access the communication service based at least in part on the gray list; and
  
  prohibiting, by one or more of the computing devices, access to the communication service by the first entity if the first entity is not authorized to access the communication service based on the gray list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising:
    - accessing, by one or more of the computing devices, the graph data structure, wherein the plurality of nodes comprise a first node corresponding to the first entity and one or more second nodes corresponding to one or more second entities associated with the communication service, respectively.
  - 3. The method of claim 1, wherein determining whether the first entity is authorized to access the communication service comprises determining if the first node is connected by an edge to a second node corresponding to an entity on the gray list.
  - 4. The method of claim 1, wherein determining whether the first entity is authorized to access the communication service comprises determining if the first node is connected by an edge to a second node corresponding to an entity on the black list.
  - 5. The method of claim 1, wherein the gray list comprises all entities corresponding to nodes within a threshold degree of separation of at least one node corresponding to an entity on the black list.
  - 6. The method of claim 5, wherein the threshold degree of separation is one, two, or three.
  - 7. The method of claim 1, wherein the black list is maintained by the communication service.
  - 8. The method of claim 1, wherein the black list is maintained by a third-party system.
  - 9. The method of claim 1, wherein the request to access the communication service comprises a request to send a message via the communication service.
  - 10. The method of claim 1, wherein the request to access the communication service comprises a request to access a content item on the communication service.
  - 11. The method of claim 1, wherein the request to access the communication service comprises a request to authenticate the first entity via the communication service.
  - 12. The method of claim 1, wherein the communication service comprises an online social network.
  - 13. The method of claim 1, wherein the communication service comprises an e-mail service.
  - 14. The method of claim 1, wherein the communication service comprises a messaging service.
  - 15. The method of claim 1, wherein the request is received from a third-party application via an API associated with the communication service.
  - 16. The method of claim 1, wherein the request is received from a native application associate with the communication service installed on the client device.

17. A service provider system comprising:
- one or more processors; and
  
  one or more servers having a memory storing computer-executable instructions that when executed by one or more of the processors cause the processors to;
  
  receive, from a client device associated with a first entity of a communication service, a request by the first entity to access the communication service, the request comprising an entity identifier (ID) of the first entity;
  
  retrieve a black list comprising entity IDs of entities who are not authorized to access the communication service;
  
  send a query to a social graph server for a list comprising IDs of entities related to entities on the black list, wherein a relationship database of the social graph server stores a graph data structure comprising a plurality of nodes corresponding to a plurality of entities and a plurality of edges connecting the nodes, each edge establishing a degree of separation between two nodes;
  
  determine a gray list based on the IDs of entities received in response to the query to the social graph server, wherein the gray list comprises entity IDs of entities who are not authorized to access the communication service based on their relationships in the graph data structure to the entities on the black list;
  
  determine whether the first entity is authorized to access the communication service based at least in part on the gray list; and
  
  prohibit access to the communication service by the first entity if the first entity is not authorized to access the communication service based on the gray list.

18. A system comprising:
- means for receiving, from a client device associated with a first entity of a communication service, a request by the first entity to access the communication service, the request comprising an entity identifier (ID) of the first entity;
  
  means for retrieving a black list comprising entity IDs of entities who are not authorized to access the communication service;
  
  means for sending a query to a social graph server for a list comprising IDs of entities related to entities on the black list, wherein a relationship database of the social graph server stores a graph data structure comprising a plurality of nodes corresponding to a plurality of entities and a plurality of edges connecting the nodes, each edge establishing a degree of separation between two nodes;
  
  means for determining a gray list based on the IDs of entities received in response to the query to the social graph server, wherein the gray list comprises entity IDs of entities who are not authorized to access the communication service based on their relationships in the graph data structure to the entities on the black list;
  
  means for determining whether the first entity is authorized to access the communication service based at least in part on the gray list; and
  
  means for prohibiting access to the communication service by the first entity if the first entity is not authorized to access the communication service based on the gray list.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The system of claim 18, further comprising:
    - means for accessing the graph data structure, wherein the plurality of nodes comprise a first node corresponding to the first entity and one or more second nodes corresponding to one or more second entities associated with the communication service, respectively.
  - 20. The system of claim 18, wherein the means for determining whether the first entity is authorized to access the communication service comprises means for determining if the first node is connected by an edge to a second node corresponding to an entity on the gray list.
  - 21. The system of claim 18, wherein the means for determining whether the first entity is authorized to access the communication service comprises means for determining if the first node is connected by an edge to a second node corresponding to an entity on the black list.
  - 22. The system of claim 18, wherein the gray list comprises all entities corresponding to nodes within a threshold degree of separation of at least one node corresponding to an entity on the black list.
  - 23. The system of claim 22, wherein the threshold degree of separation is one, two, or three.
  - 24. The system of claim 18, wherein the black list is maintained by the communication service.
  - 25. The system of claim 18, wherein the black list is maintained by a third-party system.
  - 26. The system of claim 18, wherein the request to access the communication service comprises a request to send a message via the communication service.
  - 27. The system of claim 18, wherein the request to access the communication service comprises a request to access a content item on the communication service.
  - 28. The system of claim 18, wherein the request to access the communication service comprises a request to authenticate the first entity via the communication service.
  - 29. The system of claim 18, wherein the communication service comprises an online social network.
  - 30. The system of claim 18, wherein the communication service comprises an e-mail service.
  - 31. The system of claim 18, wherein the communication service comprises a messaging service.
  - 32. The system of claim 18, wherein the request is received from a third-party application via an API associated with the communication service.
  - 33. The system of claim 18, wherein the request is received from a native application associate with the communication service installed on the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Lunt, Christopher
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/174,899
Publication Number

US 20160286000A1
Time in Patent Office

505 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24575   using context

G06F 16/248   Presentation of query results

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 21/31   User authentication

G06F 21/604   Tools and structures for ma...

G06Q 50/01   Social networking

H04L 51/04   Real-time or near real-time...

H04L 51/212   using filtering or selectiv...

H04L 51/52   for supporting social netwo...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 67/60   Scheduling or organising th...

Authorization and authentication based on an individual's social network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

87 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Authorization and authentication based on an individual's social network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others