Registration and network access control
US-9112861-B2 · Aug 18, 2015 · US
Systems and methods for authenticating an online user using a secure authorization server
US9992199B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9992199-B2 |
| Application number | US-201715789793-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 20, 2017 |
| Priority date | Nov 16, 2015 |
| Publication date | Jun 5, 2018 |
| Grant date | Jun 5, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.
First claim
Opening claim text (preview).
What is claimed is: 1. A secure authorization server for verifying an identity of an end user, said secure authorization server comprising at least one processor in communication with at least one memory, said secure authorization server programmed to: receive, from a computing client, an authentication request including a first redirection uniform resource indicator (URI); associate the first redirection URI with responses to requests from the computing client; transmit an authentication response to the computing client, wherein the authentication response includes an authorization code representative of a validation of the authentication request; receive, from the computing client, a token request, wherein the token request includes the authorization code and a second redirection URI; transmit, in response to validating the authorization code and determining that the second redirection URI matches the first redirection URI, a token response to the computing client, wherein the token response includes an access token having a lifetime; receive, from the computing client, a user information request that includes the access token from the token response; and transmit end-user data to the computing client in response to a validation of the access token. 2. A secure authorization server in accordance with claim 1 , wherein the authentication request includes a secure authentication request identifier, and wherein said secure authorization server is further programmed to validate the authentication request by at least verifying that the secure authentication request identifier is valid. 3. A secure authorization server in accordance with claim 2 , wherein said secure authorization server is further programmed to include at least the secure authentication request identifier in the authorization code. 4. A secure authorization server in accordance with claim 2 , wherein said secure authorization server is further programmed to include in the token response an identification token including at least the secure authentication request identifier from the authentication request. 5. A secure authorization server in accordance with claim 1 , wherein said secure authorization server is further programmed to include in the token response the lifetime of the access token. 6. A secure authorization server in accordance with claim 1 , wherein said secure authorization server is further programmed to include in the token response a refresh token usable by the computing client to obtain the access token from said secure authorization server. 7. A secure authorization server in accordance with claim 1 , wherein the end-user data includes profile information associated with the end user on a social media platform. 8. A method for verifying an identity of an end user, said method implemented using a secure authorization computing device including at least one processor in communication with a memory, the secure authorization computing device in communication with a computing client, said method comprising: receiving, from the computing client, an authentication request including a first redirection uniform resource indicator (URI); associating the first redirection URI with responses to requests from the computing client; transmitting an authentication response to the computing client, wherein the authentication response includes an authorization code representative of a validation of the authentication request; receiving, from the computing client, a token request, wherein the token request includes the authorization code and a second redirection URI; transmitting, in response to validating the authorization code and determining that the second redirection URI matches the first redirection URI, a token response to the computing client, wherein the token response includes an access token having a lifetime; receiving, from the computing client, a user information request that includes the access token from the token response; and transmitting end-user data to the computing client in response to a validation of the access token. 9. The method in accordance with claim 8 , wherein the authentication request includes a secure authentication request identifier, said method further comprising validating the authentication request by at least verifying that the secure authentication request identifier is valid. 10. The method in accordance with claim 9 , further comprising including at least the secure authentication request identifier in the authorization code. 11. The method in accordance with claim 9 further comprising including in the token response an identification token including at least the secure authentication request identifier from the authentication request. 12. The method in accordance with claim 8 , further comprising including in the token response the lifetime of the access token. 13. The method in accordance with claim 8 , further comprising including in the token response a refresh token usable by the computing client to obtain the access token from the secure authorization computing device. 14. The method in accordance with claim 8 , further comprising including, in the end-user data, profile information associated with the end user on a social media platform. 15. A non-transitory computer-readable storage media having computer-executable instructions embodied thereon for verifying an identity of an end user, wherein when executed by at least one processor, the computer-executable instructions cause the processor to: receive, from a computing client, an authentication request including a first redirection uniform resource indicator (URI); associate the first redirection URI with responses to requests from the computing client; transmit an authentication response to the computing client, wherein the authentication response includes an authorization code representative of a validation of the authentication request; receive, from the computing client, a token request, wherein the token request includes the authorization code and a second redirection URI; transmit, in response to validating the authorization code and determining that the second redirection URI matches the first redirection URI, a token response to the computing client, wherein the token response includes an access token having a lifetime; receive, from the computing client, a user information request that includes the access token from the token response; and transmit end-user data to the computing client in response to a validation of the access token. 16. The non-transitory computer-readable storage media of claim 15 , wherein the authentication request includes a secure authentication request identifier, and wherein the computer-executable instructions further cause the processor to include in the token response an identification token including at least the secure authentication request identifier from the authentication request. 17. The non-transitory computer-readable storage media of claim 15 , wherein the computer-executable instructions further cause the processor to include in the token response the lifetime of the access token. 18. The non-transitory computer-readable storage media of claim 15 , wherein the computer-executable instructions further cause the processor to include in the token response a refresh token usable by the computing client to obtain the access token from the at least one processor. 19. A secure authorization server for verifying an identity of an end user, said secure authorization server comprising at least one processor in communica
Assignees
Inventors
Classifications
- H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Non-electric detonators; Blasting caps; Primers · CPC title
the material being an inorganic nitrogen-oxygen salt · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9992199B2 cover?
- A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the auth…
- Who is the assignee on this patent?
- Mastercard International Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 05 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).