Token management

US 9,935,934 B1
Filed: 03/31/2015
Issued: 04/03/2018
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving user identification information identifying a user for providing user access to a plurality of third-party resources;

selecting, from a plurality of shards by one or more computing devices, a shard in response to receiving the user identification information;

storing, in a token repository by the one or more computing devices, a mapping of information identifying the selected shard to the user identification information identifying the user;

receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource;

in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining, by the one or more computing devices, whether the credentials for accessing the particular third-party resource are cached in the selected shard;

in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting, by the one or more computing devices, the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and

in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard;

determining, by the one or more computing devices, whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and

(ii) credential information for accessing the plurality of third-party resources;

in response to determining that information identifying accounts associated with the user is stored in the token repository;

obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and

obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource;

in response to determining that information identifying accounts associated with the user is not stored in the token repository;

obtaining, from the particular third-party resource by the one or more computing devices, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and

storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and

providing, by the one or more computing devices, access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for management access tokens is described. Access tokens for accessing third-party resources are stored and managed in a token repository. An access token may be obtained from a third-party resource. Once a user has authorized the system to access a third-party resource and unless that authorization is revoked, the user is not required to reauthorize the system in a pending or any subsequent interactive session, regardless of which shard of the system and third-party resource the user is connected to. The system can also use the authorization to execute scheduled requests for accessing or obtaining data from the third-party resource.

44 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving user identification information identifying a user for providing user access to a plurality of third-party resources;
  
  selecting, from a plurality of shards by one or more computing devices, a shard in response to receiving the user identification information;
  
  storing, in a token repository by the one or more computing devices, a mapping of information identifying the selected shard to the user identification information identifying the user;
  
  receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource;
  
  in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining, by the one or more computing devices, whether the credentials for accessing the particular third-party resource are cached in the selected shard;
  
  in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting, by the one or more computing devices, the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and
  
  in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard;
  
  determining, by the one or more computing devices, whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
  
  (ii) credential information for accessing the plurality of third-party resources;
  
  in response to determining that information identifying accounts associated with the user is stored in the token repository;
  
  obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and
  
  obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource;
  
  in response to determining that information identifying accounts associated with the user is not stored in the token repository;
  
  obtaining, from the particular third-party resource by the one or more computing devices, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and
  
  storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and
  
  providing, by the one or more computing devices, access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented method of claim 1, further comprising:
    - in response to determining that the information identifying accounts associated with the user is stored in the token repository;
      
      caching, in the selected shard, the credentials including the third-party access token for accessing the particular third-party resource obtained from the token repository.
  - 3. The computer-implemented method of claim 1, wherein selecting, from a plurality of shards, a shard comprises:
    - determining whether at least a portion of a shard is mapped to the user; and
      
      in response to determining that the at least the portion of the shard is mapped to the user, selecting the same portion of the shard for the user.
  - 4. The computer-implemented method of claim 1, wherein selecting, from a plurality of shards, a shard comprises:
    - determining that a shard has an access capacity that satisfies a particular threshold; and
      
      selecting the shard that has the access capacity that satisfies the particular threshold.
  - 5. The computer-implemented method of claim 1, wherein selecting, from a plurality of shards, a shard comprises:
    - determining that the user has been invited by a second user to access the particular third-party resource;
      
      determining a shard that is mapped to the second user; and
      
      selecting, for the user, the shard that is mapped to the second user.
  - 6. The computer-implemented method of claim 1, wherein receiving a request to access a third-party resource comprises one of:
    - receiving a request from the user to access the particular third-party resource; and
      
      receiving a request generated by a processor to access the particular third-party resource according to a determined schedule associated with the user.
  - 7. The computer-implemented method of claim 1, wherein obtaining, from the particular third-party resource, the third-party resource access token that provides access to the particular third-party resource comprises:
    - executing an open authentication protocol with the particular third-party resource;
      
      receiving, from the particular third-party resource, the third-party resource access token that provides access for the particular third-party resource;
      
      storing the received third-party resource access token in the token repository; and
      
      caching the received third-party resource access token in the selected shard.
  - 8. The computer-implemented method of claim 1, wherein providing access to the particular third-party resource comprises:
    - obtaining data associated with the user from the particular third-party resource; and
      
      generating a graphical user interface configured to display at least a portion of the obtained data.
  - 9. The computer-implemented method of claim 1, further comprising:
    - receiving data indicating that access, for the user, to the particular third-party resource is revoked; and
      
      in response to receiving the data indicating that access, for the user, to the particular third-party resource is revoked, transmitting a message indicating that the user is not authorized to access the particular third-party resource.
  - 10. The computer-implemented method of claim 1, wherein:
    - the stored mapping includes an expiration time threshold of the third-party resource access token;
      
      the third-party resource access token provides access to all third-party resources associated with the user; and
      
      each shard in the plurality of shards is configured to process data transceived to and from a different third-party resource.
  - 11. The computer-implemented method of claim 10, further comprising:
    - revoking access of the user to the particular third-party resource in response to determining that a time duration of user access to the particular third-party resource satisfies the expiration time threshold of the third-party resource access token.
  - 12. The computer-implemented method of claim 1, further comprising:
    - determining whether a user session for accessing the particular third-party resource has been terminated; and
      
      in response to determining that the user session for accessing the particular third-party resource has been terminated, maintaining, in a cache of the selected shard, the third-party resource access token.

13. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable and when executed by one or more computers, cause the one or more computers to perform actions comprising;
  
  receiving user identification information identifying a user for providing user access to a plurality of third-party resources;
  
  selecting, from a plurality of shards, a shard in response to receiving the user identification information;
  
  storing, in a token repository, a mapping of information identifying the selected shard to the user identification information identifying the user;
  
  receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource;
  
  in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining whether the credentials for accessing the particular third-party resource are cached in the selected shard;
  
  in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and
  
  in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard;
  
  determining whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
  
  (ii) credential information for accessing the plurality of third-party resources in response to determining that information identifying accounts associated with the user is stored in the token repository;
  
  obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and
  
  obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource;
  
  in response to determining that information identifying accounts associated with the user is not stored in the token repository;
  
  obtaining, from the particular third-party resource, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and
  
  storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and
  
  providing access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein:
    - the stored mapping includes an expiration time threshold of the third-party resource access token;
      
      the third-party resource access token provides access to all third-party resources associated with the user; and
      
      each shard in the plurality of shards is configured to process data transceived to and from a different third-party resource.
  - 15. The system of claim 13, wherein the actions further comprise:
    - in response to determining that the information identifying accounts associated with the user is stored in the token repository;
      
      caching, in the selected shard, credentials including the third-party access token for accessing the particular third-party resource obtained from the token repository.
  - 16. The system of claim 13, wherein:
    - selecting, from a plurality of shards, a shard comprises selecting a shard based on one of a user mapped portion of shard, an access capacity, an invitation by another user;
      
      selecting the shard based on the user mapped portion of the shard comprises;
      
      determining whether at least a portion of a shard is mapped to the user; and
      
      in response to determining that the at least the portion of the shard is mapped to the user, selecting the same portion of the shard for the user;
      
      selecting the shard based on the access capacity comprises;
      
      determining that a shard has an access capacity that satisfies a particular threshold; and
      
      selecting the shard that has the access capacity that satisfies the particular threshold; and
      
      selecting the shard based on the invitation by another user comprises;
      
      determining that the user has been invited by a second user to access the particular third-party resource;
      
      determining a shard that is mapped to the second user; and
      
      selecting, for the user, the shard that is mapped to the second user.

17. One or more non-transitory computer-readable storage media comprising instructions, which, when executed by one or more computers, cause the one or more computers to perform actions comprising:
- receiving user identification information identifying a user for providing user access to a plurality of third-party resources;
  
  selecting, from a plurality of shards, a shard in response to receiving the user identification information;
  
  storing, in a token repository, a mapping of information identifying the selected shard to the user identification information identifying the user;
  
  receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource;
  
  in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining whether the credentials for accessing the particular third-party resource are cached in the selected shard;
  
  in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and
  
  in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard;
  
  determining whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
  
  (ii) credential information for accessing the plurality of third-party resources;
  
  in response to determining that information identifying accounts associated with the user is stored in the token repository;
  
  obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and
  
  obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource;
  
  in response to determining that information identifying accounts associated with the user is not stored in the token repository;
  
  obtaining, from the particular third-party resource, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and
  
  storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and
  
  providing access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more non-transitory computer-readable storage media of claim 17, wherein:
    - the stored mapping includes an expiration time threshold of the third-party resource access token;
      
      the third-party resource access token provides access to all third-party resources associated with the user; and
      
      each shard in the plurality of shards is configured to process data transceived to and from a different third-party resource.
  - 19. The one or more non-transitory computer-readable storage media of claim 17, wherein the actions further comprise:
    - in response to determining that the information identifying accounts associated with the user is stored in the token repository;
      
      caching, in the selected shard, credentials including the third-party access token for accessing the particular third-party resource obtained from the token repository.
  - 20. The one or more non-transitory computer-readable storage media of claim 17, wherein:
    - selecting, from a plurality of shards, a shard comprises selecting a shard based on one of a user mapped portion of shard, an access capacity, an invitation by another user;
      
      selecting the shard based on the user mapped portion of the shard comprises;
      
      determining whether at least a portion of a shard is mapped to the user; and
      
      in response to determining that the at least the portion of the shard is mapped to the user, selecting the same portion of the shard for the user;
      
      selecting the shard based on the access capacity comprises;
      
      determining that a shard has an access capacity that satisfies a particular threshold; and
      
      selecting the shard that has the access capacity that satisfies the particular threshold; and
      
      selecting the shard based on the invitation by another user comprises;
      
      determining that the user has been invited by a second user to access the particular third-party resource;
      
      determining a shard that is mapped to the second user; and
      
      selecting, for the user, the shard that is mapped to the second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Orozco, Luis, Siauw, Gie Kian
Primary Examiner(s)
Lesniewski, Victor

Application Number

US14/674,943
Time in Patent Office

1,099 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 9/3213   using tickets or tokens, e....

Token management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Token management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links