Network device for distributing computing operations by data communication in a network
US-12164880-B2 · Dec 10, 2024 · US
Accessing network services using a network access service
US9813401B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9813401-B2 |
| Application number | US-201514886999-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 19, 2015 |
| Priority date | Oct 19, 2015 |
| Publication date | Nov 7, 2017 |
| Grant date | Nov 7, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A network access service operates as an intermediary between client applications and network services. The network access service is configured to perform one or more authentication processes required by the network services on behalf of the client applications. This includes the network access service obtaining and managing access tokens on behalf of the client applications. The network access service reuses access tokens and automatically acquires new access tokens upon expiration. The network access service is also configured to format data from a client application into a format required by a network service and to provide application program interface and language support required by a network service.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: one or more processors; and one or more memories storing instructions which, when processed by the one or more processors, cause: a network access service receiving, from a client application executing on a first client device, a first request for the client application to access a network service that requires performance of a particular authentication process for access, in response to the network access service receiving, from the client application executing on the first client device, the first request for the client application executing on the first client device to access the network service, the network access service: performing, based upon user credentials for a user of the client application, the particular authentication process on behalf of the client application executing on the first client device to obtain a first access token for accessing the network service, using the first access token to access the network service on behalf of the client application executing on the first client device, and again performing, based upon the user credentials for the user of the client application, the particular authentication process on behalf of the client application executing on the first client device to obtain a second access token for accessing the network service, wherein the second access token is different than the first access token, the network access service receiving, from the client application executing on a second client device that is different than the first client device, a second request for the client application executing on the second client device to access the network service, and in response to the network access service receiving, from the client application executing on the second client device, the second request for the client application executing on the second client device to access the network service, the network access service using the second access token to access the network service on behalf of the client application executing on the second client device. 2. The apparatus of claim 1 , wherein: the second access token is valid for a specified amount of time, and the one or more memories store additional instructions which, when processed by the one or more processors cause the network access service to: determine, based upon the specified amount of time for the second access token, whether the second access token is still valid, if, based upon the specified amount of time for the second access token, the second access token is no longer valid, then: performing, based upon the user credentials for the user, the particular authentication process on behalf of the client application to obtain a third access token for accessing the network service, wherein the third access token is different than the first access token and the second access token, and use the third access token for subsequent requests to access the network service on behalf of the client application. 3. The apparatus of claim 1 , wherein the one or more memories store additional instructions which, when processed by the one or more processors cause: the network access service receiving, from the client application executing on the first client device, a third request for the client application to access the network service that requires performance of a particular authentication process for access, wherein the third request is associated with a third user of the client application, in response to the network access service receiving, from the client application executing on the first client device, the third request for the client application executing on the first client device to access the network service, the network access service retrieving and using a third access token to access the network service on behalf of the client application executing on the first client device and the second user. 4. The apparatus of claim 1 , wherein the one or more memories store additional instructions which, when processed by the one or more processors cause: the network access service receiving, from the client application executing on the first client device, a third request for the client application to access the network service that requires performance of the particular authentication process for access, wherein the third request specifies a logical group, in response to the network access service receiving, from the client application executing on the first client device, the third request for the client application executing on the first client device to access the network service, wherein the third request specifies a logical group, the network access service: determining whether an access token is available for the logical group with respect to both the client application executing on the first client device and the network service, in response to determining that an access token is available for the logical group with respect to both the client application executing on the first client device and the network service, the using the access token that is available for the logical group with respect to both the client application executing on the first client device and the network service to process the third request at the client application executing on the first client device, and in response to determining that an access token is not available for the logical group with respect to both the client application executing on the first client device and the network service, then: performing, based upon user credentials for the logical group, the particular authentication process on behalf of the client application executing on the first client device to obtain a particular access token for accessing the network service, and using the particular access token to process the third request with respect to the network service. 5. The apparatus of claim 1 , wherein: the first request for the client application to access the network service includes a request for data from the client application to be stored by the network service, and the one or more memories store additional instructions which, when processed by the one or more processors cause the network access service to format the data from the client application in a format that is supported by the network service and different than a format in which the data is received from the client application. 6. The apparatus of claim 1 , wherein the network access service using the first access token to access the network service on behalf of the user of the client application includes issuing one or more instructions that conform to an application program interface that is supported by the network service and not supported by the client application. 7. The apparatus of claim 1 , wherein: the first request for the client application to access a network service that requires performance of a particular authentication process for access includes a request for the client application to access a second network service that is different than the first network service and requires performance of a second particular authentication process for access that is different than the particular authentication process, and the one or more memories store additional instructions which, when processed by the one or more processors cause the network access service to in response to the request for the client application to access a second network service that is different than the first network service and requires performance of a second particular authentication process for access that is different than the particular authentication process, the network access service retrieving a third access token for the particular user of the client application with respect to the second n
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
- H04L67/10Primary
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS] · CPC title
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9813401B2 cover?
- A network access service operates as an intermediary between client applications and network services. The network access service is configured to perform one or more authentication processes required by the network services on behalf of the client applications. This includes the network access service obtaining and managing access tokens on behalf of the client applications. The network access…
- Who is the assignee on this patent?
- Malatesha Rathnakara, Wong Lana, Kitada Hiroshi, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L67/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 07 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).