What technology area does this patent fall under?

Primary CPC classification H04L63/083. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Apr 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Authorization token cache system and method

US9306939B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9306939-B2
Application number	US-201414292646-A
Country	US
Kind code	B2
Filing date	May 30, 2014
Priority date	May 30, 2014
Publication date	Apr 5, 2016
Grant date	Apr 5, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system includes one or more processors to request access tokens from a token service computer, cache the access tokens and related information in a token cache, transmit the access tokens with a resource request to a resource server, and receive requested resources in response to the resource request. The resource server transmits representations of requested resources to computing devices having valid tokens. The access tokens and related information including credentials information and token metadata are stored in the token cache.

First claim

Opening claim text (preview).

What is claimed is: 1. A system, comprising: at least one processor to: send an initialization message from an application to a token client, the initialization message comprising credentials information and token metadata; cache the credentials information and the token metadata in a token cache and return a session identifier that maps to a cache key to retrieve the token metadata and the credentials information, wherein the token metadata comprises at least one service property used for obtaining an access token from a token service; send a first access token request based on the credentials information and the token metadata; receive a first access token response and retrieve a first access token from the first access token response using the token metadata; cache the first access token in the token cache by associating the first access token with the cache key; send a resource request for protected resources; receive a resource response from a resource server, the resource response having a representation of the protected resources; send, based on the resource response, the representation of the protected resources; send the first access token request to a token service computer; receive the first access token response from the token service computer; receive by the token client the resource response from the resource server, the resource response indicating that the resource request is one of an unauthorized request and a bad request; send a second access token request to the token service computer based on the credentials information and the token metadata; receive a second access token response from the token service computer and retrieving a second access token from the second access token response using the token metadata; and cache the second access token in the token cache by associating the second access token with the cache key. 2. A method, comprising: sending, by at least one processor, an initialization message from an application to a token client, the initialization message comprising credentials information and token metadata; caching, by the at least one processor, the credentials information and the token metadata in a token cache and returning a session identifier that maps to a cache key to retrieve the token metadata and the credentials information, wherein the token metadata comprises at least one service property used for obtaining an access token from a token service; sending, by the at least one processor, a first access token request based on the credentials information and the token metadata; receiving, by the at least one processor, a first access token response and retrieving a first access token from the first access token response using the token metadata; caching, by the at least one processor, the first access token in the token cache by associating the first access token with the cache key; sending, by the at least one processor, a resource request for protected resources; receiving, by the at least one processor, a resource response from a resource server, the resource response having a representation of the protected resources; sending, based on the resource response, by the at least one processor, the representation of the protected resources; sending the first access token request to a token service computer; receiving the first access token response from the token service computer; receiving by the token client the resource response from the resource server, the resource response indicating that the resource request is one of an unauthorized request and a bad request; sending a second access token request to the token service computer based on the credentials information and the token metadata; receiving a second access token response from the token service computer and retrieving a second access token from the second access token response using the token metadata; and caching the second access token in the token cache by associating the second access token with the cache key. 3. The method of claim 2 , further comprising: receiving by the token client a second access token from the resource server in response to the resource request for protected resources; retrieving the second access token using the token metadata; and caching the second access token in the token cache by associating the second access token with the cache key. 4. The method of claim 2 , further comprising: retrieving the first access token from a particular XPath expression within an extensible markup language (XML) document of the first access token response, wherein the XPath expression is associated with the at least one service property. 5. The method of claim 2 , further comprising: retrieving the first access token from a particular JSONPath expression within a Javascript Object Notation (JSON) document of the first access token response, wherein the JSONPath expression is associated with the at least one service property. 6. The method of claim 2 , further comprising: binding the first access token to a particular position in a body of the resource request using a particular XPath expression in an XML document, wherein the XPath expression is associated with the at least one service property. 7. The method of claim 2 , further comprising: binding the first access token to a particular position in a body of the resource request using a particular JSONPath expression in a JSON document, wherein the JSONPath expression is associated with the at least one service property. 8. The method of claim 2 , further comprising: executing a cryptographic hash function on the credentials information comprising a first username and a first password to obtain a first hash-based message authentication code; receiving input comprising a second username and a second password and executing the cryptographic hash function on the second username and the second password to obtain a second hash-based message authentication code; comparing the first hash-based message authentication code with the second hash-based message authentication code and determining that the credentials information is valid; and sending the resource request for protected resources having the first access token to the resource server. 9. The method of claim 2 , wherein the token metadata is associated with a particular token service of a plurality of token services and includes at least one service property used for obtaining an access token from the particular token service. 10. The method of claim 2 , wherein the token cache comprises a hash table stored in transitory memory and the application comprises a representational state transfer (REST)ful application. 11. The method of claim 2 , wherein the first access token comprises one of an Oauth access token, a Nimbula access token, and a WebCenter Authorization access token that grants the application access to the protected resources. 12. A non-transitory computer-readable medium including instructions stored thereon that, when executed by at least one processor, cause the at least one processor to perform operations comprising: sending an initialization message from an application to a token client, the initialization message comprising credentials information and token metadata; caching the credentials information and the token metadata in a token cache and returning a session identifier that maps to a cache key to retrieve the token metadata and the credentials information, wherein the token metadata comprises at least one service property used for obtaining an access token from a token service; sending a first access token request based on the credentials information and the token metadata; rec

Assignees

Oracle Int Corp

Inventors

Classifications

H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L67/2842
Electricity · mapped topic
H04L67/568
Storing data temporarily at an intermediate stage, e.g. caching · CPC title
H04L63/10Primary
for controlling access to devices or network resources · CPC title
H04L63/0807
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title

Patent family

Related publications grouped by family.

View patent family 54703123

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9306939B2 cover?: A system includes one or more processors to request access tokens from a token service computer, cache the access tokens and related information in a token cache, transmit the access tokens with a resource request to a resource server, and receive requested resources in response to the resource request. The resource server transmits representations of requested resources to computing devices ha…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/083. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Apr 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Transitioning a logged-in state from a native application to any associated web resource

Authenticated access to a protected resource using an encoded and signed token

Systems and methods for caching content with notification-based invalidation

Frequently asked questions