Sharing keys

US 9,923,879 B1
Filed: 01/16/2015
Issued: 03/20/2018
Est. Priority Date: 01/16/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium including instructions, which upon execution by one or more processors, cause the one or more processors to perform operations comprising:

receiving, from a client device associated with a user account of a first user, a request to grant a second user access to a key associated with a credential, the credential being associated with the user account of the first user, and the request including an address of the second user, wherein the key permits access to a resource;

in response to receiving the request, accessing, at a server system, a second user account based on the address of the second user;

before granting the second user access to the key;

sending, by the server system, a message to the address of the second user, the message identifying the key;

before authenticating the second user for access to the key and before modifying one or more permissions or authorizations to grant the second user access to the key, receiving, by the server system from a device associated with the second user, (i) a second message that requests access to the key and (ii) a third message that includes authentication information for the second user; and

authenticating, by the server system, the second user based on the received authentication information;

in response to authenticating the second user, granting, by the server system, the second user access to the key by modifying one or more permissions or authorizations such that the second user is enabled to obtain, from the server system and using the second user account, a representation of the key that allows access to the resource;

communicating, to the address of the second user, a message indicating that the second user account has been associated with the key;

after the communicating, receiving, by the server system, a second request associated with the second user account; and

in response to receiving the second request, providing, by the server system, (i) credential information indicating a set of credentials associated with the second user account, (ii) key information indicating a set of keys associated with the second user account, or (iii) both the credential information and the key information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject matter described herein can be embodied in a computer-readable medium storing instructions that cause one or more processors to perform operations including receiving, from a client device associated with a user account of a first user, a request to grant a second user access to a key associated with a credential. The credential is associated with the user account of the first user, the request includes an address of the second user, and the key permits access to a resource. The operations include accessing, at a server, a second user account based on the address of the second user, and associating, by the server, the key with the second user account, such that the second user is enabled to access the resource. The operations further include communicating, to the address of the second user, a message indicating that the second user account has been associated with the key.

Citations

20 Claims

1. A non-transitory computer-readable storage medium including instructions, which upon execution by one or more processors, cause the one or more processors to perform operations comprising:
- receiving, from a client device associated with a user account of a first user, a request to grant a second user access to a key associated with a credential, the credential being associated with the user account of the first user, and the request including an address of the second user, wherein the key permits access to a resource;
  
  in response to receiving the request, accessing, at a server system, a second user account based on the address of the second user;
  
  before granting the second user access to the key;
  
  sending, by the server system, a message to the address of the second user, the message identifying the key;
  
  before authenticating the second user for access to the key and before modifying one or more permissions or authorizations to grant the second user access to the key, receiving, by the server system from a device associated with the second user, (i) a second message that requests access to the key and (ii) a third message that includes authentication information for the second user; and
  
  authenticating, by the server system, the second user based on the received authentication information;
  
  in response to authenticating the second user, granting, by the server system, the second user access to the key by modifying one or more permissions or authorizations such that the second user is enabled to obtain, from the server system and using the second user account, a representation of the key that allows access to the resource;
  
  communicating, to the address of the second user, a message indicating that the second user account has been associated with the key;
  
  after the communicating, receiving, by the server system, a second request associated with the second user account; and
  
  in response to receiving the second request, providing, by the server system, (i) credential information indicating a set of credentials associated with the second user account, (ii) key information indicating a set of keys associated with the second user account, or (iii) both the credential information and the key information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable storage medium of claim 1, wherein the operations further comprise:
    - determining, at the server system, that the user account of the first user is authorized to provide the second user access to the key associated with the credential.
  - 3. The non-transitory computer-readable storage medium of claim 1, wherein the operations further comprise:
    - in response to receiving the authentication information for the second user, retrieving the second user account based on the authentication information.
  - 4. The non-transitory computer-readable storage medium of claim 1, wherein the operations further comprise:
    - determining that the second user does not have an account;
      
      sending an invitation to the to the address of the second user to invite the second user to create the second user account upon determining that the second user does not have a user account;
      
      receiving a response to the invitation; and
      
      generating the second user account based on the response.
  - 5. The non-transitory computer-readable storage medium of claim 4, wherein the invitation includes a uniform resource locator (URL) that permits the second user to provide authentication information for generating the second user account.
  - 6. The non-transitory computer-readable storage medium of claim 1, wherein the address of the second user is one of an e-mail address, a social network account address, a phone number, and an instant messaging account address.
  - 7. The non-transitory computer-readable storage medium of claim 1, wherein:
    - the request to grant the second user access to the key includes one or more constraints on access for the second user to the key; and
      
      the third message is received after the second message.
  - 8. The non-transitory computer-readable storage medium of claim 7, wherein the one or more constraints include at least one of a time, a location, and a presence of the first user.

9. A computer-implemented method comprising:
- receiving, from a client device associated with a user account of a first user, a request to grant a second user access to a key associated with a credential, the credential being associated with the user account of the first user, and the request including an address of the second user, wherein the key permits access to a resource;
  
  in response to receiving the request, accessing, at a server system, a second user account based on the address of the second user;
  
  before granting the second user access to the key;
  
  sending, by the server system, a message to the address of the second user, the message identifying the key;
  
  before authenticating the second user for access to the key and before modifying one or more permissions or authorizations to grant the second user access to the key, receiving, by the server system from a device associated with the second user, (i) a second message that requests access to the key and (ii) a third message that includes authentication information for the second user; and
  
  authenticating, by the server system, the second user based on the received authentication information;
  
  in response to authenticating the second user, granting, by the server system, the second user access to the key by modifying one or more permissions or authorizations such that the second user is enabled to obtain, from the server system and using the second user account, a representation of the key that allows access to the resource;
  
  communicating, to the address of the second user, a message indicating that the second user account has been associated with the key;
  
  after the communicating, receiving, by the server system, a second request associated with the second user account; and
  
  in response to receiving the second request, providing, by the server system, (i) credential information indicating a set of credentials associated with the second user account, (ii) key information indicating a set of keys associated with the second user account, or (iii) both the credential information and the key information.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer-implemented method of claim 9, further comprising:
    - determining, at the server system, that the user account of the first user is authorized to provide the second user access to the key associated with the credential.
  - 11. The computer-implemented method of claim 9, further comprising:
    - in response to receiving the authentication information for the second user, retrieving the second user account based on the authentication information.
  - 12. The computer-implemented method of claim 9, further comprising:
    - determining that the second user does not have an account;
      
      sending an invitation to the to the address of the second user to invite the second user to create the second user account upon determining that the second user does not have a user account;
      
      receiving a response to the invitation; and
      
      generating the second user account based on the response.
  - 13. The computer-implemented method of claim 12, wherein the invitation includes a uniform resource locator (URL) that permits the second user to provide authentication information for generating the second user account;
    - andwherein the address of the second user is one of an e-mail address, a social network account address, a phone number, and an instant messaging account address.
  - 14. The computer-implemented method of claim 9, wherein:
    - the request to grant the second user access to the key includes one or more constraints on access for the second user to the key, the one or more constraints including at least one of a time, a location, and a presence of the first user; and
      
      the third message is received after the second message.

15. A system comprising:
- one or more computing devices and one or more storage devices storing instructions which when executed by the one or more computing devices, cause the one or more computing devices to perform operations comprising;
  
  receiving, from a client device associated with a user account of a first user, a request to grant a second user access to a key associated with a credential, the credential being associated with the user account of the first user, and the request including an address of the second user, wherein the key permits access to a resource;
  
  in response to receiving the request, accessing, at a server system, a second user account based on the address of the second user;
  
  before granting the second user access to the key;
  
  sending, by the server system, a message to the address of the second user, the message identifying the key;
  
  before authenticating the second user for access to the key and before modifying one or more permissions or authorizations to grant the second user access to the key, receiving, by the server system from a device associated with the second user, (i) a second message that requests access to the key and (ii) a third message that includes authentication information for the second user; and
  
  authenticating, by the server system, the second user based on the received authentication information;
  
  in response to authenticating the second user, granting, by the server system, the second user access to the key by modifying one or more permissions or authorizations such that the second user is enabled to obtain, from the server system and using the second user account, a representation of the key that allows access to the resource;
  
  communicating, to the address of the second user, a message indicating that the second user account has been associated with the key;
  
  after the communicating, receiving, by the server system, a second request associated with the second user account; and
  
  in response to receiving the second request, providing, by the server system, (i) credential information indicating a set of credentials associated with the second user account, (ii) key information indicating a set of keys associated with the second user account, or (iii) both the credential information and the key information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the operations further comprise:
    - determining, at the server system, that the user account of the first user is authorized to provide the second user access to the key associated with the credential.
  - 17. The system of claim 15, wherein the operations further comprise:
    - in response to receiving the authentication information for the second user, retrieving the second user account based on the authentication information.
  - 18. The system of claim 15, wherein the operations further comprise:
    - determining that the second user does not have an account;
      
      sending an invitation to the to the address of the second user to invite the second user to create the second user account upon determining that the second user does not have a user account;
      
      receiving a response to the invitation; and
      
      generating the second user account based on the response.
  - 19. The system of claim 15, wherein the invitation includes a uniform resource locator (URL) that permits the second user to provide authentication information for generating the second user account;
    - andwherein the address of the second user is one of an e-mail address, a social network account address, a phone number, and an instant messaging account address.
  - 20. The system of claim 15, wherein:
    - the request to grant the second user access to the key includes one or more constraints on access for the second user to the key, the one or more constraints including at least one of a time, a location, and a presence of the first user; and
      
      the third message is received after the second message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Ziraknejad, Siamak, Jung, Hanna, Gehret, John
Primary Examiner(s)
Shaw, Brian F

Application Number

US14/599,162
Time in Patent Office

1,159 Days
Field of Search

713168, 713185, 726 5, 726 18, 726 4, 726 9
US Class Current
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

Sharing keys

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Sharing keys

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links