708 results about "Access token" patented technology

A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

The Audience Content Exposure Monitoring Apparatuses, Methods and Systems (“ACEM”) transforms pulsing request (e.g., 1107), viewing status, purchase request, channel selection, survey request, sentiment request, atmospherics, social media posts, response events, data request and access token, app/device input monitoring, check-in, URL access, etc. inputs via ACEM components into atmospherics sampling record (e.g., 1106), ad contents (e.g., 1115), RT data/records, ad tags, media program, full page content outputs. In some embodiments, the ACEM provides a mobile metering system that configures the data collection of audience environment atmospherics to evaluate audience media exposure. In one implementation, the ACEM may employ media data collection technology using a combination of mobile device metering app and cloud hosted server side technology to determine when and how often a user mobile device should record and/or generate monitoring atmospherics of audience environment; and to determine what content the audience has been exposed to based on the collected monitoring data.

An apparatus may include a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service. The processor may be further configured to determine a request type, wherein the request type may be a user identification and password combination, a request token exchange, or an access token exchange. The processor may be additionally configured to extract one or more parameters included in the request based upon the determined request type and to perform one or more security checks based at least in part upon the one or more extracted parameters. The processor may be further configured to create an access token based at least in part upon the results of the one or more security checks and to provide the access token to the remote entity.

The invention is directed to techniques for providing security in data storage systems that provide access to data by other systems, such as host computer systems. A data access manager generates access tokens that it assigns to storage locations that store data in one or more data storage assemblies in the data storage system. A host that makes a request to access specific storage locations having data must obtain an access token associated with those storage locations from the data access manager, and provide the access token with the request to the data storage system. The data storage system then authenticates the request based on the access token.

A method of gaining access to a resource using an access token linked to a print medium, comprising the steps of: determining a print media identifier from the print medium using a sensor module of a mobile telecommunications device, the print media identifier having been linked to the access token; identifying, using the mobile telecommunications device and the print media identifier, the access token; and, causing the access token to be supplied to a system, wherein the system is configured to authenticate the access token and, if the authentication succeeds, provide access to the resource.

A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

A computer system including a processor, an access token communicator capable of being coupled to the processor and adapted to read an access token, an input device coupled to the processor that is able to receive verification data that confirms authorized access of the access token, and software executable on the processor that includes instructions to control access to the processor and including code to access the access token and the verification data, code to verify the validity of the access token using the verification data, code to set security policies in the processor, and code to control access to resources in the processor based on the security policies. In addition, a method for reading an access token, verifying the validity of the access token, setting security policies in a computer system, and unlocking a computer system and a nonvolatile storage device attached to the computer system.

A method is disclosed. The method includes transmitting by a computing device, an account creation request to a remote server computer. The method further includes automatically provisioning the computing device with an access token in response to receiving a request to create the account.

A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

A method and apparatus for securely establishing voice over Internet Protocol calls are disclosed. In a Registration Security approach, a Gatekeeper sends an Access Token in all Registration Request messages. The Access Token contains information that authenticates the Gateway to the Gatekeeper. The Gatekeeper formats a message to an authentication server that will authenticate the information contained in the token, and the server responds with either an Access-Accept or Access-Reject message. The Gatekeeper responds to the Gateway with either a Registration Confirm message or a Registration Reject message. If a call is then placed from a successfully authenticated Gateway, that Gateway generates a new Access Token that is identical to the one generated during registration, except for the timestamp. The Gatekeeper uses the authentication server to authenticate the originating gateway, before sending the designation side Access Confirm message. As a result, a non-authenticated endpoint that knows a Gateway's address cannot use the Gateway address to circumvent security and access the telephone network to place unauthorized calls or free calls. In Admission or Per-Call Security, a Gateway is also required to include an Access Token in all originating side Admission Request messages. Such token contains information that identifies the user of the Gateway to the Gatekeeper, based on an account number and PIN obtained from the user. The Access Token is authenticated in the manner described above.

The invention discloses a system and a method for accessing a third party application based on a cloud platform. The method comprises the steps of receiving a cloud platform account and cloud platform password information, wherein the cloud platform account number and the cloud platform password information are input by a user, and displaying applications provided by the cloud platform to the user; according to the third party application selected by the user, querying a stored binding information mapping table, acquiring third party application account information and access token information corresponding to the third party application and cloud platform account information, or third party application account information and encrypted third party application password information corresponding to the third party application and the cloud platform account information, and sending the third party application account information and the access token information, or the third party application account information and the encrypted third party application password information to a third party application server; receiving authentication approval information returned by the third party application server, pulling the third party application from the third party application server and displaying the third party application to the user. With the application of the invention, the operation complexity of the frequent login of the user is reduced, and the security of the access to the third party application of the user is improved.

The invention discloses a method, a device and a system for implementing the authorization of a third-party application based on an open platform. The method comprises the following steps of: receiving an authorization request initiated by the third-party application, and determining that the received authorization request does not carry third-party application access token information; determining that an access token for single sign-on (SSO) client application mapping is stored in a client, and displaying user information corresponding to the stored access token; receiving user information which is selected from the displayed user information by a user, mapping the user information into the access token, analyzing the authorization request, and acquiring a third-party application identifier; packaging the mapped access token and the acquired third-party application identifier into an agent authorization request, and outputting the agent authorization request to the open platform; and receiving an agent authorization request response returned by the open platform, and outputting the third-party application access token information carried in the agent authorization request response to the third-party application. By the invention, application authorization efficiency can be improved.

A method, system and computer accessible medium for expiring access tokens in preparation for freezing file images. A metadata server may maintain a next scheduled quiesce time and may issue access tokens configured to expire before the next scheduled quiesce time. A metadata server may set an access token's expiration time to a maximum expiration time indicated by the next scheduled quiesce time or may set an access token's expiration time to a default expiration time if the default expiration time is earlier than the maximum expiration time. A storage device may recognize and enforce the access token's expiration time.

A system and method for providing network access includes identifying an available network resource, providing an access token to the available network resource, tracking the access token, and terminating the access token.

A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system.

A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.

The invention refers to a method for authorizing access to a third party application, called client (2), to protected resources owned by a user (1) and hosted in a server (3). The method comprising: the client being used by the user asking for a temporary token to the server; the server sending a first SMS to the user, said first SMS providing means to authenticate the user; authenticating the user by the means provided in previous two steps; the user authorizing the client; the server sending a second SMS to the user providing some information needed to obtain an access token; the client getting the information of the previous step from the user and the access token; the client accessing protected resources using the access token.

The invention discloses a user data authorization method, a user data authorization device and a user data authorization system. The method comprises the steps that an authorization server receives an authorization request transmitted by a third-party application server, wherein the authorization request comprises a server identifier and a server address; an identity authentication request is transmitted to an authentication gateway to authenticate the identity of a client user by the authentication gateway; an identity authentication response which is fed back by the authentication gateway is received, wherein the identity authentication response comprises an user identifier of the authenticated user; user sub-accounts which are matched with the user identifier are searched from the authorization server and are transmitted to a client for the client user to select an authorized sub-account; the authorized sub-account which is fed back by the client is received, and a corresponding relationship among the server identifier, the user identifier and the authorized sub-account is built and saved; and the user identifier, the authorized sub-account and an access token are transmitted to the third-party application server by using the server address. The third-party partial use authorization by the user is realized, the network service quality is improved and the service experience of the user is improved.

The invention relates to a resource access authorization method. The method concretely comprises the following steps: a user accesses or uses a specific application according to the following flows: the user accesses Widget application or other application in a terminal; the application acquires a user authentication token authenticated by the user from an application container and then initiates a resource access token request to an authentication, authorization and accounting server; the authentication, authorization and accounting server checks the user, the application, the application container and information of resources to be accessed by the application and generates a final resource access token after determining that the resources can be accessed; the authentication, authorization and accounting server gives the final resource access token to the application; the application initiates a resource access request to a resource server; the resource server checks a resource access token of the application; after the check is passed, the resources requested by the application are returned; and the application shows the resources to the terminal user. The resource access authorization method has the advantage that the method is suitable for resource access control and authorization of various terminals (a computer, a television/a set top box, a mobile phone, a mobile terminal and the like) in the fields of the Internet and tri-networks integration (the telecommunication network, the computer network and the cable television network).

A system for authorizing access to a resource associated with a tenancy in an identity management system that includes a plurality of tenancies receives an access token request for an access token that corresponds to the resource, the request including user information and application information, the user information including roles of a user and the application information including roles of the application. The system evaluates the access token request by computing dynamic roles and corresponding dynamic scopes for the access token including a second intersection between the dynamic roles of the user and the dynamic roles of the application. The system then provides the access token that includes the computed static scopes, where the scopes are based at least on the roles of the user and the roles of the application, and further including the computed dynamic roles and corresponding dynamic scopes.