User device security manager

US 9,230,089 B2
Filed: 12/10/2012
Issued: 01/05/2016
Est. Priority Date: 07/16/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an identification module comprising one or more hardware processors and configured to identify an access request issued from an application to access remote resources associated with a web service, the application being configured to execute at a user device and being separate from the user device security manager;

an artifact module configured to retrieve at least one user artifact from a security manager identifier (SMID) received from the web service;

a processor-implemented verification module to perform fingerprinting of the user device based on the at least one user artifact;

an acquisition module configured to acquire security information associated with the application, the security information including an application identification and at least an access scope for the application to access the remote resources or a nonce for the application, the acquisition of the security information being performed in response to the access request being identified; and

a communication module configured toissue an authentication request to the web service based on the access request to access the remote resources associated with the web service, the authentication request comprising the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application,transmit the authentication request to the web service for authentication of the application by the web service based on the security information associated with the application, andin response to the authentication request including the security information being transmitted, receiving an indication from the web service that the application is authenticated by the web service based on the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed to authenticate and authorize a user for web services using user devices. In various embodiments, a method may comprise: identifying, by a user device security manager executing at a user device corresponding to a user of a web service, a first request issued from an application to access remote resources associated with the web service, the application executing at the user device and separate from the user device security manager; acquiring, by the user device security manager, security information of the application in response to the identifying of the first request, the security information including at least one of an application identification, an access scope or a nonce of the application; and transmitting a second request from the user device security manager to the web service to authenticate the application by the web service based, at least in part, on the application identification.

40 Citations

View as Search Results

19 Claims

1. An apparatus comprising:
- an identification module comprising one or more hardware processors and configured to identify an access request issued from an application to access remote resources associated with a web service, the application being configured to execute at a user device and being separate from the user device security manager;
  
  an artifact module configured to retrieve at least one user artifact from a security manager identifier (SMID) received from the web service;
  
  a processor-implemented verification module to perform fingerprinting of the user device based on the at least one user artifact;
  
  an acquisition module configured to acquire security information associated with the application, the security information including an application identification and at least an access scope for the application to access the remote resources or a nonce for the application, the acquisition of the security information being performed in response to the access request being identified; and
  
  a communication module configured toissue an authentication request to the web service based on the access request to access the remote resources associated with the web service, the authentication request comprising the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application,transmit the authentication request to the web service for authentication of the application by the web service based on the security information associated with the application, andin response to the authentication request including the security information being transmitted, receiving an indication from the web service that the application is authenticated by the web service based on the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the at least one user artifact comprises at least one of an image, color, or phrase selected by a user of the user device, and wherein the at least one user artifact is previously registered at the web service in relation with the user.
  - 3. The apparatus of claim 1, wherein the SMID comprises a string of symbols or a quick response (QR) code.
  - 4. The apparatus of claim 1, wherein the artifact module is further configured to:
    - receive the SMID using at least one of QR code submission, redirection, push notification, manual entry, or an email communication.
  - 5. The apparatus of claim 1, wherein the artifact module is further configured to:
    - transmit the SMID to the web service to verify the user device in response to the identifying of the access request.
  - 6. The apparatus of claim 1, wherein the verification module is further configured to:
    - signal a display associated with the user device to present at least one portion of the at least one user artifact based on receiving an indication that the user device is verified by the web service.
  - 7. The apparatus of claim 1, wherein the at least one user artifact is to be eliminated from the web service after the user device has been verified by the web service.
  - 8. The apparatus of claim 1, wherein the verification module is further configured to:
    - prevent the user device from prompting the user with one or more user authentication pages based on identifying a valid user token associated with the user from the SMID.

9. A method comprising:
- identifying, by a user device security manager of a user device corresponding to a user of a web service, using one or more hardware processors, an access request issued from an application to access remote resources associated with the web service, the application executing at the user device and being separate from the user device security manager;
  
  retrieving at least one user artifact from a security manager identifier (SMID) received from the web service;
  
  performing fingerprinting of the user device based on the at least one user artifact;
  
  acquiring, by the user device security manager, security information associated with the application, the security information including an application identification and at least an access scope for the application to access the remote resources or a nonce for the application, the acquiring of the security information being performed in response to the identifying of the access request;
  
  issuing, by the user device security manager, an authentication request to the web service based on the access request to access the remote resources associated with the web service, the authentication request comprising the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application;
  
  transmitting the authentication request from the user device security manager to the web service for authentication of the application by the web service based on the security information associated with the application; and
  
  in response to the transmitting of the authentication request including the security information, receiving an indication from the web service that the application is authenticated by the web service based on the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The method of claim 9, further comprising:
    - forwarding the access request to the web service along with the access scope based on the receiving of the indication from the web service that the application is authenticated by the web service.
  - 11. The method of claim 9, further comprising:
    - transmitting a user consent to the web service based on an outcome of checking of the access scope for the application to access the remote resources by the web service with respect to the remote resources.
  - 12. The method of claim 9, further comprising:
    - transmitting a further request to the web service to issue an application token for the application.
  - 13. The method of claim 12, further comprising:
    - encrypting the application token issued from the web service with the nonce of the application; and
      
      forwarding the encrypted token to the application.
  - 14. The method of claim 13, wherein the forwarding of the encrypted token further comprises:
    - transmitting the nonce to the application.
  - 15. The method of claim 14, wherein the encrypted token is to be decrypted by the application using the nonce transmitted to the application along with the encrypted token.
  - 16. The method of claim 13, further comprising:
    - preventing the application from accessing the remote resources until the application transmits the token retrieved from the encrypted token to the web service.
  - 17. The method of claim 9, wherein the application comprises a mobile application, and wherein the application identification comprises a mobile application identification separate from an identification of a non-mobile version of the application.
  - 18. The method of claim 9, wherein the security information is provided in the form of a system development kit (SDK) included in the application.

19. A non-transitory machine-readable storage medium storing instructions that, when executed by one or more hardware processors, cause the one or more hardware processors to perform operations comprising:
- identifying, by a user device security manager of a user device corresponding to a user of a web service, an access request issued from an application to access remote resources associated with the web service, the application executing at the user device and being separate from the user device security manager;
  
  retrieving at least one user artifact from a security manager identifier (SMID) received from the web service;
  
  performing fingerprinting of the user device based on the at least one user artifact;
  
  acquiring, by the user device security manager, security information associated with the application, the security information including an application identification and at least an access scope for the application to access the remote resources or a nonce for the application, the acquiring of the security information being performed in response to the identifying of the access request;
  
  issuing, by the user device security manager, an authentication request to the web service based on the access request to access the remote resources associated with the web service, the authentication request comprising the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application;
  
  transmitting the authentication request from the user device security manager to the web service for authentication of the application by the web service based on the security information associated with the application; and
  
  in response to the transmitting of the authentication request including the security information, receiving an indication from the web service that the application is authenticated by the web service based on the security information including the application identification and at least the access scope for the application to access the remote resources or the nonce for the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Angal, Rajeev
Primary Examiner(s)
Chao, Michael
Assistant Examiner(s)
KU, SHIUH-HUEI P

Application Number

US13/709,705
Publication Number

US 20140020070A1
Time in Patent Office

1,121 Days
Field of Search

380/1, 380/247, 713/182, 713/185, 726/2, 726 4- 5, 726/9, 726 26- 30
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

User device security manager

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

User device security manager

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others