Delegating authorizations
First Claim
Patent Images
1. A method for delegating access tokens relied upon to authenticate access to services, the method comprising:
- receiving a plurality of access tokens from a plurality of service providers after the plurality of service providers associates each of the plurality of access tokens with at least one of a plurality of users;
associating the plurality of access tokens with a plurality GP of control devices, the plurality of control devices each having been previously authenticated with at least one of the plurality of users;
receiving a first credential generated in response to a sink device being engaged to access a first service associated with a first service provider of the plurality of service providers at a first instance in time;
identifying a first control device of the plurality of control devices associated with the first credential as a function of information included within the first credential;
identifying a first access token of the plurality of access tokens associated with a first user of the plurality of users associated with the first control device; and
transmitting the first access token to the first service provider at a second instance in time occurring after the first instance, the first service provider granting the sink device access to the first service at the second instance according to entitlements of the first user if the first access token is valid when received, thereby enabling the sink device to access the first service without providing the first access token to the first service provider.
1 Assignment
0 Petitions
Accused Products
Abstract
Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity.
4 Citations
20 Claims
-
1. A method for delegating access tokens relied upon to authenticate access to services, the method comprising:
-
receiving a plurality of access tokens from a plurality of service providers after the plurality of service providers associates each of the plurality of access tokens with at least one of a plurality of users; associating the plurality of access tokens with a plurality GP of control devices, the plurality of control devices each having been previously authenticated with at least one of the plurality of users; receiving a first credential generated in response to a sink device being engaged to access a first service associated with a first service provider of the plurality of service providers at a first instance in time; identifying a first control device of the plurality of control devices associated with the first credential as a function of information included within the first credential; identifying a first access token of the plurality of access tokens associated with a first user of the plurality of users associated with the first control device; and transmitting the first access token to the first service provider at a second instance in time occurring after the first instance, the first service provider granting the sink device access to the first service at the second instance according to entitlements of the first user if the first access token is valid when received, thereby enabling the sink device to access the first service without providing the first access token to the first service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate access to services of a service provider, the processor being a hardware construct capable of executing the plurality of non-transitory instructions, the non-transitory instructions being sufficient for:
-
associating each of a plurality of access tokens with at least one of a plurality of users; associating each of the plurality of access tokens with at least one of a plurality or control devices, the plurality of control devices each having been previously authenticated with at least one of the plurality of users; determining a credential generated in response to a sink device being engaged to access a service associated with the service provider at a first instance in time; identifying a control device of the plurality of control devices associated with the credential as a function of information included within the credential; identifying an access token of the plurality of access tokens associated with a user of the plurality of users associated with the control device; and transmitting the access token to the service provider at a second instance in time occurring after the first instance when use of the access token is authenticated, the service provider granting the sink device access to the service at the second instance according to entitlements of the user if the access token is valid when received, thereby enabling the sink device to access the service without providing the access token to the service provider. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for authenticating a sink device to access a service associated a service provider without requiring the sink device to provide an access token required by the service provider to access the service, the method comprising:
-
associating the access token with a user authenticated access to the service; associating the access token with at least one of a plurality of control devices, the plurality of control devices each having been previously authenticated with the user; determining a credential generated in response to the sink device being engaged to access a service associated with the service provider at a first instance in time; identifying a control device of the plurality of control devices associated with the credential as a function of information included within the credential; and transmitting the access token to the service provider at a second instance in time occurring after the first instance when use of the access token is verified by the control device, the service provider granting the sink device access to the service at the second instance according to entitlements of the user if the access token is valid when received, thereby enabling the sink device to access the service without providing the access token to the service provider. - View Dependent Claims (19, 20)
-
Specification