Delegating authorizations

US 9,961,072 B2
Filed: 05/09/2017
Issued: 05/01/2018
Est. Priority Date: 11/05/2013
Status: Active Grant

First Claim

Patent Images

1. A method for delegating access tokens relied upon to authenticate access to services, the method comprising:

receiving a plurality of access tokens from a plurality of service providers after the plurality of service providers associates each of the plurality of access tokens with at least one of a plurality of users;

associating the plurality of access tokens with a plurality GP of control devices, the plurality of control devices each having been previously authenticated with at least one of the plurality of users;

receiving a first credential generated in response to a sink device being engaged to access a first service associated with a first service provider of the plurality of service providers at a first instance in time;

identifying a first control device of the plurality of control devices associated with the first credential as a function of information included within the first credential;

identifying a first access token of the plurality of access tokens associated with a first user of the plurality of users associated with the first control device; and

transmitting the first access token to the first service provider at a second instance in time occurring after the first instance, the first service provider granting the sink device access to the first service at the second instance according to entitlements of the first user if the first access token is valid when received, thereby enabling the sink device to access the first service without providing the first access token to the first service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity.

4 Citations

20 Claims

1. A method for delegating access tokens relied upon to authenticate access to services, the method comprising:
- receiving a plurality of access tokens from a plurality of service providers after the plurality of service providers associates each of the plurality of access tokens with at least one of a plurality of users;
  
  associating the plurality of access tokens with a plurality GP of control devices, the plurality of control devices each having been previously authenticated with at least one of the plurality of users;
  
  receiving a first credential generated in response to a sink device being engaged to access a first service associated with a first service provider of the plurality of service providers at a first instance in time;
  
  identifying a first control device of the plurality of control devices associated with the first credential as a function of information included within the first credential;
  
  identifying a first access token of the plurality of access tokens associated with a first user of the plurality of users associated with the first control device; and
  
  transmitting the first access token to the first service provider at a second instance in time occurring after the first instance, the first service provider granting the sink device access to the first service at the second instance according to entitlements of the first user if the first access token is valid when received, thereby enabling the sink device to access the first service without providing the first access token to the first service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising determining at least a portion of the information included in the first credential as a result of the sink device determining an identity of the first control device.
  - 3. The method of claim 1 further comprising determining at least a portion of the information included in the first credential as a result of the sink device determining an indicator displayed on the first control device having an indicia sufficient for identifying the first control device.
  - 4. The method of claim 3 further comprising instructing an identifier application on the sink device to determine the indicia by processing an image of the indicator captured with a camera of the sink device.
  - 5. The method of claim 4 further comprising instructing the first user to capture the image by positioning the camera to take a picture of a webpage displayed on the first control device.
  - 6. The method of claim 5 further comprising transmitting a redirect message to a browser operating on the sink device to automatically direct the browser to a service page used to engage the first service.
  - 7. The method of claim 1 further comprising:
    - updating the first access token after being determined as invalid with a second access token received from the first service provider at a third instance in time occurring after the second instance;
      
      receiving a second credential generated while the sink device is being engaged to access the first service at a fourth instance in time occurring after the third instance; and
      
      transmitting the second access token to the first service provider at a fifth instance in time occurring after the fourth instance as a function of information included within the second credential, the first service provider granting the sink device access to the first service at the fifth instance if the second access token is valid when received, thereby enabling the sink device to access the first service without providing the second access token to the service provider.
  - 8. The method of claim 1 further comprising:
    - transmitting an authentication request to the first control device at a third instance in time occurring before the first instance, the authentication request requesting the first control device to indicate an acceptance or a denial for transmission of the first access token to the first service provider;
      
      transmitting the first access token to the first service provider when the authentication request indicates the acceptance; and
      
      denying transmission of the first access token to the first service provider when the authentication request indicates the denial.

9. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate access to services of a service provider, the processor being a hardware construct capable of executing the plurality of non-transitory instructions, the non-transitory instructions being sufficient for:
- associating each of a plurality of access tokens with at least one of a plurality of users;
  
  associating each of the plurality of access tokens with at least one of a plurality or control devices, the plurality of control devices each having been previously authenticated with at least one of the plurality of users;
  
  determining a credential generated in response to a sink device being engaged to access a service associated with the service provider at a first instance in time;
  
  identifying a control device of the plurality of control devices associated with the credential as a function of information included within the credential;
  
  identifying an access token of the plurality of access tokens associated with a user of the plurality of users associated with the control device; and
  
  transmitting the access token to the service provider at a second instance in time occurring after the first instance when use of the access token is authenticated, the service provider granting the sink device access to the service at the second instance according to entitlements of the user if the access token is valid when received, thereby enabling the sink device to access the service without providing the access token to the service provider.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The non-transitory computer-readable medium of claim 9 wherein the non-transitory instructions are sufficient for determining at least a portion of the information included in the credential as a result of the sink device determining an identity of the control device.
  - 11. The non-transitory computer-readable medium of claim 10 wherein the non-transitory instructions are sufficient for instructing the sink device to perform a discovery process whereby the identity of the control device is determined from messages exchanged between the sink device and the control device.
  - 12. The non-transitory computer-readable medium of claim 9 wherein the non-transitory instructions are sufficient for determining at least a portion of the information included in the credential as a result of the sink device determining a (MAC) addresses of the control device.
  - 13. The non-transitory computer-readable medium of claim 9 wherein the non-transitory instructions are sufficient for determining at least a portion of the information included in the credential as a result of the sink device determining a username for a user thereof.
  - 14. The non-transitory computer-readable medium of claim 9 wherein the non-transitory instructions are sufficient for determining at least a portion of the information included in the credential as a result of the sink device determining an indicator displayed on the control device having an indicia sufficient for identifying the control device.
  - 15. The non-transitory computer-readable medium of claim 14 wherein the non-transitory instructions are sufficient for instructing an application on the sink device to determine the indicia by processing an image of the indicator captured with a camera thereof.
  - 16. The non-transitory computer-readable medium of claim 9 wherein the non-transitory instructions are sufficient for determining at least a portion of the information included in the credential as a result of information input to a login page displayed with a browser operating on the sink device, the login page being utilized by the sink device to access the service.
  - 17. The non-transitory computer-readable medium of claim 9 wherein the non-transitory instructions are sufficient for:
    - transmitting an authentication request to the control device at a third instance in time occurring before the first instance, the authentication request requesting the control device to authenticate use of the access token with an acceptance or a denial;
      
      transmitting the access token to the service provider when the authentication request indicates the acceptance; and
      
      denying transmission of the access token to the service provider when the authentication request indicates the denial.

18. A method for authenticating a sink device to access a service associated a service provider without requiring the sink device to provide an access token required by the service provider to access the service, the method comprising:
- associating the access token with a user authenticated access to the service;
  
  associating the access token with at least one of a plurality of control devices, the plurality of control devices each having been previously authenticated with the user;
  
  determining a credential generated in response to the sink device being engaged to access a service associated with the service provider at a first instance in time;
  
  identifying a control device of the plurality of control devices associated with the credential as a function of information included within the credential; and
  
  transmitting the access token to the service provider at a second instance in time occurring after the first instance when use of the access token is verified by the control device, the service provider granting the sink device access to the service at the second instance according to entitlements of the user if the access token is valid when received, thereby enabling the sink device to access the service without providing the access token to the service provider.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 further comprising:
    - transmitting an verification request to the control device at a third instance in time occurring before the first instance, the verification request requesting the control device to authenticate use of the access token with an acceptance or a denial;
      
      transmitting the access token to the service provider when the authentication request indicates the acceptance; and
      
      denying transmission of the access token to the service provider when the authentication request indicates the denial.
  - 20. The method claim 18 further comprising:
    - transmitting the verification request to the control device via a webpage displayed on a browser of the control device; and
      
      determining the acceptance or the denial as a function of an input made via the control device to the webpage displayed on the browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Lund, Robert M., Johnson, Steven E.
Primary Examiner(s)
LEE, JASON T

Application Number

US15/590,343
Publication Number

US 20170244696A1
Time in Patent Office

357 Days
Field of Search

726 7
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 67/02   based on web technology, e....

H04L 9/3213   using tickets or tokens, e....

Delegating authorizations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Delegating authorizations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links