Controlling exposure of sensitive data and operation using process bound security tokens in cloud computing environment
US-9237020-B2 · Jan 12, 2016 · US
Redirecting Access Requests to an Authorized Server System for a Cloud Service
US2015149530A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2015149530-A1 |
| Application number | US-201314091830-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 27, 2013 |
| Priority date | Nov 27, 2013 |
| Publication date | May 28, 2015 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In some embodiments, a first server system of a cloud service can receive a bearer token for accessing the cloud service. The bearer token can be generated based on authenticating a remote client in communication with the first server system. The first server system can determine that a resource of the cloud service is hosted by a second server system of the cloud service rather than the first server system. The resource can be identified using the bearer token. The first server system can provide the bearer token to the remote client along with redirect information for accessing the second server system. The second server system can in respond to receiving the bearer token from the remote client by establishing a session with the remote client. The remote client can access the resource via the session with the second server system.
First claim
Opening claim text (preview).
1 . A method comprising: receiving, by a first server system of a cloud service, a bearer token for accessing the cloud service, wherein the bearer token is generated based on authenticating a remote client in communication with the first server system; determining, by the first server system, that a resource of the cloud service is hosted by a second server system of the cloud service rather than the first server system; and providing, by the first server system, the bearer token to the remote client along with redirect information for accessing the second server system. 2 . The method of claim 1 , further comprising: receiving, by the first server system, a credential from the remote client; and providing, by the first server system, the credential to an authentication provider for authenticating the remote client, wherein the bearer token is received from the authentication provider in response to providing the credential. 3 . The method of claim 1 wherein the first server system determines that the resource is hosted by the second server system based at least in part on the bearer token. 4 . The method of claim 1 , wherein determining that the resource is hosted by the second server system comprises: requesting a resource identifier from an authentication provider that provided the bearer token to the first server system; receiving the resource identifier from the authentication provider; and determining that the resource identifier identifies the resource that is hosted by the second server system and that is not hosted by the first server system. 5 . The method of claim 1 further comprising: receiving, by the first server system, a request for accessing the resource that is directed to a uniform resource locator (URL) associated with the cloud service; and wherein the first server system identifies that the resource based at least in part on the request. 6 . The method of claim 1 , wherein providing the bearer token with the redirect information comprises: generating a cookie including the bearer token and the redirect information, wherein the redirect information includes a network identifier for the second server system; and transmitting the cookie to the remote client via a data network. 7 . The method of claim 6 , wherein the first server system is accessible via the data network via an additional network identifier different than the network identifier for the second server system. 8 . The method of claim 1 , further comprising establishing a session between the second server system and the remote client for accessing the resource in response to the second server system receiving the bearer token from the remote client, wherein the session is established in response to the second server system determining that the bearer token is valid. 9 . The method of claim 1 , wherein the cloud service comprises a content management service and wherein the resource comprises electronic content hosted by the second server system. 10 . A system comprising: a first server comprising a first processor, the first processor configured for: receiving a bearer token for accessing a cloud service including the first server, wherein the bearer token is generated based on authenticating a remote client in communication with the first server system, determining that a resource of the cloud service is hosted by a second server system of the cloud service rather than the first server system, and providing the bearer token to the remote client along with redirect information for accessing the second server system; and the second server, the second server comprising a second processor configured for: receiving the bearer token from the remote client, and establishing a session between the second server system and the remote client for accessing the resource in response to receiving the bearer token. 11 . The system of claim 10 , wherein the first processor is further configured for: receiving a credential from the remote client; and providing the credential to an authentication provider for authenticating the remote client, wherein the bearer token is received from the authentication provider in response to providing the credential. 12 . The system of claim 10 , wherein the first processor is further configured for determining that the resource is hosted by the second server system based at least in part on the bearer token. 13 . The system of claim 10 , wherein determining that the resource is hosted by the second server system comprises: requesting a resource identifier from an authentication provider that provided the bearer token to the first server system; receiving the resource identifier from the authentication provider; and determining that the resource identifier identifies the resource that is hosted by the second server system and that is not hosted by the first server system. 14 . The system of claim 10 , wherein providing the bearer token with the redirect information comprises: generating a cookie including the bearer token and the redirect information, wherein the redirect information includes a network identifier for the second server system; and transmitting the cookie to the remote client via a data network. 15 . The system of claim 14 , wherein the first server system is accessible via the data network via an additional network identifier different than the network identifier for the second server system. 16 . A non-transitory computer-readable medium embodying program code executable by a processing device, the non-transitory computer-readable medium comprising: program code for receiving, by a first server system of a cloud service, a bearer token for accessing the cloud service, wherein the bearer token is generated based on authenticating a remote client in communication with the first server system; program code for determining, by the first server system, that a resource of the cloud service is hosted by a second server system of the cloud service rather than the first server system; program code for providing, by the first server system, the bearer token to the remote client along with redirect information for accessing the second server system; and program code for establishing a session between the second server system and the remote client for accessing the resource in response to the second server system receiving the bearer token from the remote client. 17 . The non-transitory computer-readable medium of claim 16 , further comprising: program code for receiving, by the first server system, a credential from the remote client; and program code for providing, by the first server system, the credential to an authentication provider for authenticating the remote client, wherein the bearer token is received from the authentication provider in response to providing the credential. 18 . The non-transitory computer-readable medium of claim 16 , wherein determining that the resource is hosted by the second server system comprises: requesting a resource identifier from an authentication provider that provided the bearer token to the first server system; receiving the resource identifier from the authentication provider; and determining that the resource identifier identifies the resource that is hosted by the second server system and that is not hosted by the first server system. 19 . The non-transitory computer-readable medium of claim 16 , wherein providing the bearer token with the redirect information comprises: generating a cookie including the
Assignees
Inventors
Classifications
- H04L67/42Primary
Electricity · mapped topic
based on the content of a request · CPC title
- H04L67/563Primary
Data redirection of data network streams · CPC title
for accessing one among a plurality of replicated servers · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2015149530A1 cover?
- In some embodiments, a first server system of a cloud service can receive a bearer token for accessing the cloud service. The bearer token can be generated based on authenticating a remote client in communication with the first server system. The first server system can determine that a resource of the cloud service is hosted by a second server system of the cloud service rather than the first …
- Who is the assignee on this patent?
- Adobe Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L67/42. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu May 28 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).