Entity authentication for pre-authenticated links
US-2024396898-A1 · Nov 28, 2024 · US
Method and apparatus for providing enhanced service authorization
US9258288B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9258288-B2 |
| Application number | US-201313741033-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 14, 2013 |
| Priority date | Feb 18, 2009 |
| Publication date | Feb 9, 2016 |
| Grant date | Feb 9, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token identifier, a secondary token is identified; and then the secondary token is sent to the first service provider, wherein the first service provider and the second service provider belong to different trust domains and the first service provider can use the secondary token to access resources of the second service provider.
First claim
Opening claim text (preview).
What is claimed is: 1. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to at least perform the following steps: determining that a request is received from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider; based on the secondary token identifier, identifying a secondary token; and causing, at least in part, an initiation of sending the secondary token to the first service provider, wherein the type of access and privileges the first service provider has in relation to the resources of the second service provider is based on the secondary token. 2. A non-transitory computer readable storage medium of claim 1 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to further perform: creating the secondary token based on the secondary token identifier, in response to receiving the request. 3. A non-transitory computer readable storage medium of claim 2 , wherein first service provider and the second service provider belong to different trust domains. 4. A non-transitory computer readable storage medium of claim 1 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to further perform: retrieving the secondary token from a memory store based on the secondary token identifier. 5. A non-transitory computer readable storage medium of claim 1 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to further perform: creating an account on an authorization server associated with the primary token, wherein the first service provider authenticates and authorizes access to resources of the first service provider based on the primary token, and wherein the primary token includes a user name and password. 6. A non-transitory computer readable storage medium of claim 5 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to further perform: creating a plurality of secondary token identifiers and respective secondary tokens, associated with the account; and storing the plurality of secondary token identifiers in a memory store of the authorization server. 7. An apparatus comprising: at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: determine that a request is received from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider; based on the secondary token identifier, identify a secondary token, wherein the type of access and privileges the first service provider has in relation to the resources of the second service provider is based on the secondary token, and cause, at least in part, an initiation of sending the secondary token to the first service provider. 8. An apparatus of claim 7 , wherein first service provider and the second service provider belong to different trust domains. 9. An apparatus of claim 7 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to: create the secondary token based on the secondary token identifier, in response to receiving the request. 10. An apparatus of claim 7 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to: retrieve the secondary token from a memory store based on the secondary token identifier. 11. An apparatus of claim 7 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to: create an account on an authorization server associated with the primary token, wherein the primary token includes a user name and password. 12. An apparatus of claim 11 , wherein, for identifying the secondary token, the apparatus is further caused, at least in part, to: create a plurality of secondary token identifiers and respective secondary tokens, associated with the account; and store the plurality of secondary token identifiers in a memory store of the authorization server. 13. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to at least perform the following steps: receiving at a first service provider a request relating to accessing resources of a second service provider, the request associated with a primary token; requesting from an authorization system a secondary token, the secondary token based at least in part on the second service provider and the primary token; and receiving the secondary token from the authorization system. 14. A non-transitory computer readable storage medium of claim 13 , wherein the apparatus is further caused, at least in part, to further perform requesting from the second service provider access to the resources of the second service provider using the secondary token. 15. A non-transitory computer readable storage medium of claim 13 , wherein the first service provider allows access to resources of the first service provider based on the primary token. 16. A non-transitory computer readable storage medium of claim 13 , wherein the request includes the primary token. 17. A non-transitory computer readable storage medium of claim 13 , wherein the first service provider and the second service provider belong to different trust domains. 18. A non-transitory computer readable storage medium of claim 13 , wherein the secondary token, at least in part, identifies a scope of resources of the second service provider that the first provider is authorized to access. 19. A non-transitory computer readable storage medium of claim 13 , wherein the request is received from a user device. 20. A non-transitory computer readable storage medium of claim 19 , wherein the user device comprises a mobile handset.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9258288B2 cover?
- An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token…
- Who is the assignee on this patent?
- Nokia Technologies Oy
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 09 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).