Peer applications trust center

US 9,853,960 B2
Filed: 03/23/2015
Issued: 12/26/2017
Est. Priority Date: 04/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

registering, at a device comprising a hardware processor that executes a first application, a second application and a third application, wherein registering the third application comprises obtaining a unique identifier associated with the third application;

receiving, by the device, a request to establish a trust relationship between the second application and the third application, the request being received from the second application;

in response to determining, that the trust relationship is authorized, issuing, by the device, a token to the second application;

receiving, by the device and from the second application, an application access request comprising the unique identifier and the token, wherein the device identifies the third application based upon the unique identifier and determines if access to the third application is to be granted to the second application based on the token; and

establishing, by the device, the trust relationship between the third application and the second application, whereby the third application is granted access to the second application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies are disclosed herein for a peer applications trust center. A trust client can execute on a client computer and a trust service can execute on a server computer to provide the peer applications trust center. The trust client or trust server can register applications. During registration, the trust server or the trust client can generate a public key or other identifier for identifying the registered application. If another application requests access to the registered application, the trust server or the trust client can determine if the request specifies a registered application by name. If the requestor is granted access to the application, the requestor can be issued a token. Tokens can be revoked, updated, replaced, or renewed for various purposes.

18 Citations

View as Search Results

20 Claims

1. A method comprising:
- registering, at a device comprising a hardware processor that executes a first application, a second application and a third application, wherein registering the third application comprises obtaining a unique identifier associated with the third application;
  
  receiving, by the device, a request to establish a trust relationship between the second application and the third application, the request being received from the second application;
  
  in response to determining, that the trust relationship is authorized, issuing, by the device, a token to the second application;
  
  receiving, by the device and from the second application, an application access request comprising the unique identifier and the token, wherein the device identifies the third application based upon the unique identifier and determines if access to the third application is to be granted to the second application based on the token; and
  
  establishing, by the device, the trust relationship between the third application and the second application, whereby the third application is granted access to the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein determining if the access is to be granted comprises determining if the token is valid.
  - 3. The method of claim 1, wherein the unique identifier comprises a public key.
  - 4. The method of claim 1, wherein obtaining the unique identifier comprises obtaining a first public key that is associated with the second application and obtaining a second public key that is associated with the third application, and wherein the unique identifier comprises the second public key.
  - 5. The method of claim 1, wherein determining if the access is to be granted comprises determining if the token is valid, and wherein the device is configured to issue an error code to the second application and to deny the access in response to a determination that the token is not valid.
  - 6. The method of claim 1, wherein determining that the trust relationship is authorized comprises:
    - determining that the unique identifier corresponds to the third application; and
      
      determining that the third application comprises a registered application.
  - 7. The method of claim 1, wherein issuing the token comprises:
    - determining a time period for which the token will be valid; and
      
      issuing the token with a life that corresponds to the time period determined.
  - 8. The method of claim 7, further comprising:
    - determining that the token has expired;
      
      issuing a new token; and
      
      reestablishing the trust relationship using the new token.
  - 9. The method of claim 1, further comprising:
    - determining that a new version of the token is available;
      
      revoking the token;
      
      issuing the new version of the token; and
      
      reestablishing the trust relationship using the new version of the token.
  - 10. The method of claim 1, wherein the second application authenticates with the third application using the token.

11. A system comprising:
- a processor; and
  
  a memory that stores a first application comprising computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  registering a second application and a third application, wherein registering the third application comprises obtaining a unique identifier associated with the third application,receiving a request to establish a trust relationship between the second application and the third application, the request being received from the third application,in response to determining that the trust relationship is authorized, issuing a token to the third application,receiving, from the third application, an application access request comprising the unique identifier and the token, wherein the processor identifies the second application based upon the unique identifier and determines if access to the third application is to be granted to the second application based on the token, andestablishing the trust relationship between the second application and the third application whereby the second application is granted access to the third application.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein determining if the access is to be granted comprises determining if the token is valid, and wherein if a determination is made that the token is not valid, an error code is issued to the second application and access to the third application is denied.
  - 13. The system of claim 11, wherein the request to establish the trust relationship comprises a name identifying an application, and wherein determining that the trust relationship is authorized comprises determining that the name corresponds to the second application and determining that the second application comprises a registered application.
  - 14. The system of claim 11, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - determining a time period for which the token will be valid;
      
      specifying a life of the token, the life of the token corresponding to the time period;
      
      issuing the token with the life specified;
      
      determining that the token has expired;
      
      issuing a new token; and
      
      reestablishing the trust relationship using the new token.
  - 15. The system of claim 11, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - determining that a new version of the token is available;
      
      revoking the token;
      
      issuing the new version of the token; and
      
      reestablishing the trust relationship using the new version of the token.

16. A computer storage medium having computer-executable instructions stored thereon that, when executed by a processor, cause the processor to execute operations associated with a first application, the operations comprising:
- registering a second application and a third application, wherein registering the third application comprises obtaining a unique identifier associated with the third application;
  
  receiving a request to establish a trust relationship between the second application and the third application, the request being received from the third application;
  
  in response to determining that the trust relationship is authorized, issuing a token to the third application;
  
  receiving, from the third application, an application access request comprising the unique identifier and the token, wherein the processor identifies the second application based upon the unique identifier and determines if access to the third application is to be granted to the second application based on the token; and
  
  establishing the trust relationship between the second application and the third application whereby the second application is granted access to the third application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer storage medium of claim 16, wherein determining if the access is to be granted comprises determining if the token is valid, and wherein if a determination is made that the token is not valid, an error code is issued to the second application and access to the third application is denied.
  - 18. The computer storage medium of claim 16, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - determining that a new version of the token is available;
      
      revoking the token;
      
      issuing the new version of the token; and
      
      reestablishing the trust relationship using the new version of the token.
  - 19. The computer storage medium of claim 16, wherein the request to establish the trust relationship comprises a name identifying an application, and wherein determining that the trust relationship is authorized comprises determining that the name corresponds to the second application and determining that the second application comprises a registered application.
  - 20. The computer storage medium of claim 16, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - determining a time period for which the token will be valid;
      
      specifying a life of the token, the life of the token corresponding to the time period;
      
      issuing the token with the life specified;
      
      determining that the token has expired;
      
      issuing a new token; and
      
      reestablishing the trust relationship using the new token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Original Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Yu, Loc An
Primary Examiner(s)
Rahim, Monjour

Application Number

US14/665,218
Publication Number

US 20150195271A1
Time in Patent Office

1,009 Days
Field of Search

726 9
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/033   Test or assess software

H04L 63/00   Network architectures or ne...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

Peer applications trust center

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Peer applications trust center

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others