Patent · US Active

Identifying and destroying potentially misappropriated access tokens

US9742757B2 · kind B2 · utility

6Cited by

5References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Simon Gilbert Canning · Gold Coast, AU
Pranam C. Sreedhar · Singapore, SG
Patrick R. Wardrop · Austin, US
Shane Bradley Weeden · Paradise Point, AU

Key dates

Filing date	Nov 27, 2013
Grant date	Aug 22, 2017
Priority date	—
Expiry date	Dec 19, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1441
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.