I 1111111111111111 11111 1111111111 1111111111 111111111111111 111111111111111111
`US009760723B2
`
`c12) United States Patent
`O'Neil et al.
`
`(IO) Patent No.:
`(45) Date of Patent:
`
`US 9,760,723 B2
`*Sep.12,2017
`
`(54) TECHNIQUES FOR IN-APP USER DATA
`AUTHORIZATION
`
`USPC ..... 726/1-7, 26-30; 713/152, 165, 182, 185
`See application file for complete search history.
`
`(71) Applicant: Facebook, Inc., Menlo Park, CA (US)
`
`(72)
`
`Inventors: Edward Kenneth O'Neil, Seattle, WA
`(US); Vladimir Fedorov, Menlo Park,
`CA (US); Tirunelveli R. Vishwanath,
`Santa Clara, CA (US)
`
`(73) Assignee: FACEBOOK, INC., Menlo Park, CA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by O days.
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`(21) Appl. No.: 14/661,583
`
`(22) Filed:
`
`Mar. 18, 2015
`
`(65)
`
`Prior Publication Data
`
`US 2015/0193635 Al
`
`Jul. 9, 2015
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`8,265,595 Bl*
`
`9/2012 Reeves
`
`6,473,800 Bl* 10/2002 Jerger ..................... G06F 21/52
`709/224
`H04M 1/72577
`455/410
`2/2014 Fong-Jones ......... G06F 21/6281
`713/165
`8/2014 Johansson ........... H04L 63/0428
`726/28
`9/2004 Kubala ............. G06F 17 /30893
`715/809
`
`8,656,465 Bl*
`
`8,819,851 Bl*
`
`2004/0169685 Al*
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`Developing Secure Mobile Applications for Android an introduc(cid:173)
`tion to making secure Android applications, Jesse Burns, pp. 1-28,
`iSEC Partners, 2008. *
`
`Primary Examiner - Shanta M Abedin
`
`Related U.S. Application Data
`
`(57)
`
`ABSTRACT
`
`(63)
`
`Continuation of application No. 13/781,118, filed on
`Feb. 28, 2013, now Pat. No. 9,003,556.
`
`(51)
`
`(52)
`
`(58)
`
`Int. Cl.
`G06F 21160
`G06F 17130
`G06F 21162
`U.S. Cl.
`CPC
`
`(2013.01)
`(2006.01)
`(2013.01)
`
`G06F 21162 (2013.01); G06F 21160
`(2013.01); G06F 2116245 (2013.01); G06F
`2116281 (2013.01)
`
`Field of Classification Search
`CPC ...... G06F 21/60; G06F 21/6245; G06F 21/62;
`G06F 21/6281
`
`Techniques for in-app user data authorization are described.
`An apparatus may comprise a processor circuit, a permis(cid:173)
`sions component, and a token component. The permissions
`component may be operative on the processor circuit to
`receive a request from an application to perform a task on a
`device and to return a response to the request to the
`application based on active permissions for the application.
`The token component may be operative on the processor
`circuit to manage a token database and to determine the
`active permissions for the application based on the token
`database. Other embodiments are described and claimed.
`
`18 Claims, 13 Drawing Sheets
`
`Authori:<1titm Srstem JOO
`
`Permissions
`Component
`J:!O
`
`,,.-------------
`: Request 113 :
`
`'····r·····'
`
`Dialog
`Component
`240
`
`-- - - - - - - - -- - - -- - - -
`'
`'
`'
`'
`: Active Permissions !
`137 _______ j
`
`:
`l_/ser Response:
`]
`255
`·- --- t __ ;
`
`Token Component
`130
`
`B
`
`'ii,ken Database
`135
`
`Application
`l/0
`
`User
`lnterface
`Component
`250
`
`I
`
`,-----,
`User
`Response
`2ii
`I
`I
`1 __ :_· __ I
`
`I
`
`Page 1 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`US 9,760,723 B2
`Page 2
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`2006/0048224 Al * 3/2006
`
`2006/0218394 Al * 9/2006
`
`2008/0127220 Al*
`
`5/2008
`
`2009/0319577 Al* 12/2009
`2010/0274910 Al* 10/2010
`
`2012/0150941 Al*
`
`6/2012
`
`2014/0007195 Al*
`
`1/2014
`
`2014/0082611 Al * 3/2014 Li
`
`Duncan ............... G06F 21/6218
`726/22
`Yang ..................... G06F 21/604
`713/167
`Morris ................ G06F 9/45512
`719/320
`Obasanjo .......... G06F 15/17306
`Ghanaie-Sichanie . H04L 9/3234
`709/229
`Goldman .............. G06F 9/4443
`709/203
`Gupta . . . . . . . . . . . . . . . . . . . . . G06F 21/34
`726/4
`............................. G06F 8/61
`717/178
`
`* cited by examiner
`
`Page 2 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Application
`110
`
`,- - ---,
`I ~ Request
`113
`I
`l ----- J
`(- - --- \
`
`I
`
`I
`1
`......, Response I
`117
`I
`I
`l ----- J
`
`...
`-
`
`Permissions
`Component
`120
`
`...
`
`_,.
`-..
`
`FIG.1
`
`Authorization Sy_stem 100
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`r- -
`I
`I
`I
`I
`
`Active
`I Permissions
`I
`I
`137
`I
`I
`I
`'---------------
`J ~
`
`- \
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`
`Token Component
`130
`
`B
`
`Token Database
`135
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`....
`0 ....
`....
`
`~
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 3 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Authorization Sy_stem 100
`---------------,
`,-
`: Active Permissions :
`13 7
`ll◄---11-----1:
`:
`
`I
`
`I
`
`I
`I
`
`--------------~---~
`
`I
`I
`
`..
`
`Permissions
`Component
`120
`
`r - -- - _t _____ _
`: Request 113 :
`
`I
`
`I
`
`r
`I
`
`I
`
`-\
`I
`
`I
`
`: User Response :
`:
`:
`255
`
`I
`
`1_. ·----1---'
`
`I
`
`Application ·
`110
`
`,-----
`I
`'
`~ Request 1
`:
`113
`I
`l _____ J
`
`I 111
`
`,- -- - -,
`....., Response 1
`I
`l _____ ,
`117 ~
`I
`
`User
`Inte~face
`Component
`250
`
`,-----,
`I
`I
`~Dialog 245141
`I
`I
`l _____ J
`
`,-----,
`1 User
`1
`~ Response I
`255
`I
`I
`l _____ J
`
`\ __ - - · . - - - - - _1
`
`I
`
`I
`
`I ► 1
`
`Dialog
`Component
`240
`
`FIG. 2
`
`Token Component
`130
`
`B
`
`Token Database
`135
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`--.J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`N
`0 ....
`....
`
`~
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 4 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Qn.erating Environ1nent300 --------DeviceJLO
`
`@)
`
`7:11 am
`
`-
`
`flP.plication 110
`
`Dialog 320
`
`Control330
`
`■
`
`Lorem ipsum dolor sit amet, consectetur adipiscing elit.
`Pellentesque mattis sapien id tellus malesuada sagittis. --(cid:173)
`Nullam aliquam pretium tincidunt. Donec ac lorem nunc,
`id accumsan nibh. Sed eros tortor, congue sit amet
`viverra eu, iacubs non massa. Nulla lobortis, turpis vel
`consectetur pulvinar, lacus lacus molestie lorem, vel
`dictt
`Aliql MyBook
`Viva
`SUSI
`com
`
`Control335
`
`accu'-(cid:173)
`
`Cancel
`
`OK
`
`Socia]Reader would like access to your basic I-
`profile info and friends.
`.,,. 11
`=-=Ir
`teml==
`I
`feug -------~~_J
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`~
`
`rJJ =(cid:173)
`.....
`0 ....
`....
`
`~
`
`Proin adipiscing dignissim pharetra. Vivarnus ut sapien
`sit amet metus fermentum malesuada in non tellus.
`Integer iaculis fringilla auctor. Pellentesque orci dui,
`vehicula dapibus interdum ac, pretium eleifend nunc.
`
`FIG. 3
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 5 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`I I" I
`
`Dialog
`Logic
`440
`
`r----,
`I
`I
`I Request I
`113
`I
`I
`I
`I
`
`, ____ ,
`r----,
`I
`I Dialog I
`245
`I
`I
`I
`I
`l _ -•- - J
`
`User
`Interface
`Component
`250
`
`Dialog Component 240
`,,,- - - - - - -- - - '
`
`Dialog
`Template
`430-2
`
`Dialog Template
`Database
`410
`
`◄
`
`l!!!!Oo B
`
`Permission Permission Permission
`Bucket 420-1 Bucket 420-2 Bucket 420-3
`
`Permission
`Bucket 420-n
`
`•••
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`.i;...
`0 ....
`....
`
`~
`
`\
`
`b
`
`___ ..,. ___
`'
`,
`1 Dialoo
`I
`I
`1 Template,
`I
`·
`I
`I 430-]
`I
`-------
`I
`
`\
`
`,-------,
`,
`1 Dialog
`I
`I
`1 Template,
`I
`I
`I 430-2
`I
`-------
`I
`
`\
`
`f
`
`___ ...., ___
`\
`I Dialog
`I
`I
`I
`: Template : •
`I 430-3
`I
`-------
`I
`
`\
`
`•
`
`•
`
`,-------,
`,
`1 Dialog
`I
`I
`1 Template,
`I
`I
`I 430-n
`I
`-------
`I
`
`\
`
`d
`rJl.
`\0
`~
`
`0--, = ~
`N w = N
`
`FIG. 4
`
`Page 6 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Token Comp_onent 130
`
`r
`I
`
`-- - - --,
`I
`Token 530 ~
`I
`'------- I
`
`Permissions
`Repository
`520
`
`--- ---,
`User
`... ... Authorization L....ti
`510
`'-------
`
`I
`I
`
`I
`
`~
`
`----- -----
`--
`
`~ J
`
`,,,,---
`......
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`Ul
`0 ....
`....
`
`~
`
`"--
`Token Database
`135
`
`FIG. 5
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`,------,
`User
`I
`I
`:Response 255
`I
`'- - -
`I
`
`-...
`
`Dialog
`Component
`240
`
`Page 7 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Token Com12..onent 130
`
`I
`
`Token
`Logic
`610
`
`•
`
`-
`
`-
`
`-
`
`- .. -
`
`-
`
`-
`
`-
`
`-
`
`-
`
`r- -
`I
`I
`f
`
`: Token 530
`
`I
`I
`I
`
`:
`
`I
`I
`I
`I
`I
`I
`..._ ____________ J
`
`•
`
`C -----
`
`' - - -
`Token Database
`135
`
`I
`
`,.---------,
`.
`.
`'A . p
`.. 1 ctzve ermzsswns 1
`137
`I
`I
`l _________ J
`
`I
`
`Permissions
`.. 1
`Component
`120
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`O'I
`0 ....
`....
`
`~
`
`FIG.6
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 8 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`...,
`
`I
`I
`
`------,
`' I
`Query
`720
`'-------'
`------,
`.
`.
`I
`ermzsswns 1
`P
`Update ~
`730
`'-------
`
`Permissions
`Repository
`520
`
`Token
`Come.anent
`130
`
`.._ ...
`
`Token
`Logic
`610
`---
`
`-
`-
`
`FIG. 7
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`-....J
`0 ....
`....
`
`~
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`------,
`I
`Active
`1
`I Permissions
`137
`I
`I
`
`' - - - ... -- -
`
`-I ~
`
`I
`
`..
`
`Permissions
`Cmnponent
`120
`
`..
`
`Page 9 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`U.S. Patent
`
`Sep.12,2017
`
`Sheet 8 of 13
`
`US 9,760,723 B2
`
`Receive a requestfrom an application to perform a task on a
`device
`802
`
`, ,
`
`Retrieve an active token from a token database
`804
`
`,,
`
`Determine active pernu:~'sionsfhr the application according to
`the active token
`806
`
`~,
`
`.,
`
`~
`
`.,
`
`,
`
`~
`
`Return a response to the request to the application based on the
`active permissions.for the application
`808
`
`~
`
`r
`
`...
`
`r
`
`r
`
`...
`
`FIG. 8
`
`Page 10 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Centrali_zed Sy_stem 900
`
`Device 310
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`Authorization System 100
`Token
`Cmnponent
`130
`
`Dialog
`Component
`240
`
`Permissions
`Component
`120
`
`---.....
`_,,,,,
`
`Token
`Database 135
`
`Processing Component
`930
`
`Communications Component
`940
`
`FIG. 9
`
`Permissions
`Repository
`520
`
`l Signals
`
`944
`
`/ Media 942
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`1,0
`
`rJJ =(cid:173)
`.....
`0 ....
`....
`
`~
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`User
`Interface
`Component
`250
`
`Application
`110
`
`Page 11 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`Distributed Sy_stem 1000
`
`Device 310
`
`Server Device 1010
`
`Authorization System 100
`
`Permissions Repository
`520
`
`Processing
`Component 1030
`
`Processing
`Component 1035
`
`Communications
`Component 1040
`
`Media /050
`
`·"'··.,
`
`/
`
`Communications
`Component 1045
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`....
`0
`0 ....
`....
`
`~
`
`FIG.JO
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 12 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`~U s e r
`"Carla"
`
`listened
`
`ll06
`
`1100
`
`1102
`-~,...--.._.,_
`
`11nn
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`I
`
`\
`
`::::a • < I
`
`I played I
`
`- / l ( l ' J - - - ' User
`
`\
`
`-
`
`ll06
`
`\ "So~tifv" ~
`
`'---------1106
`
`ll06-.........__
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`....
`....
`0 ....
`....
`
`~
`
`FIG. Ji
`
`1102
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 13 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`U.S. Patent
`
`Sep.12,2017
`
`Sheet 12 of 13
`
`US 9,760,723 B2
`
`1200
`
`1202
`
`1204
`
`1206
`
`PROCESSING
`UNIT
`
`1208
`SYSTEM
`MEMORY
`
`NON-VOL
`
`VOLATILE
`
`, _____________ _
`- - - - - - _/'" 1230 - - 1
`1 OPERATING SYSTEAf 1
`,- - -- - _ _c_1!3_21
`----------- .....
`1 APPLICATIONS 1
`- _£_ ~ 2!!
`-
`-
`r- -
`MODULES
`1
`1
`'------------ ....
`... - - - -- _c_ ~2!~
`___________ ..,..
`DATA
`
`I
`
`I
`
`-
`
`~_-:__---v- 1214
`-;214(_
`Li-xTERi\lAL HD0
`-
`-
`. -
`-
`
`1216
`
`c 1226
`~,-l-N_T_'ER_E_i.:4_C._E_,l--.i
`
`1218
`
`OPTICAL
`DRIVE
`
`DISK
`
`VIDEO
`ADAPTOR
`
`1242
`(WIRED/WIRELESS)
`1258
`
`INPUT
`DEV/CE
`INTERFACE i..--..+1
`
`MODEM
`
`(WIRED/WJRELESS)
`
`FIG.12
`
`1244
`
`MONITOR
`
`1238
`
`KEYBOARD
`
`1240
`
`MOUSE
`
`1248
`
`REMOTE
`COMPUTER(S)
`
`1250
`
`MEMORY!
`STORAGE
`
`Page 14 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`1300
`
`e .
`00 .
`
`~
`~
`~
`
`~ = ~
`
`1302
`
`1304
`
`SERVER(S)
`
`1308
`
`1310
`
`CLIENT DATA STORE(S)
`
`SERVER DATA STORE(S)
`
`FIG. 13
`
`rJJ
`('D
`
`'? ....
`~
`N
`0 ....
`
`-....J
`
`('D
`('D
`
`~
`
`rJJ =(cid:173)
`.....
`....
`0 ....
`....
`
`~
`
`d r.,;_
`
`\0
`~
`
`0--, = ~
`N w = N
`
`Page 15 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`US 9,760,723 B2
`
`1
`TECHNIQUES FOR IN-APP USER DATA
`AUTHORIZATION
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`The present application is continuation of and claims
`priority to U.S. patent application Ser. No. 13/781,118,
`entitled "Teclmiques for In-App User Data Authorization"
`and filed Feb. 28, 2013, the entirety of which is incorporated
`herein by reference.
`
`BACKGROUND
`
`2
`FIG. 4 illustrates an embodiment of a dialog component
`for the authorization system.
`FIG. 5 illustrates an embodiment of a token component
`for the authorization system.
`FIG. 6 illustrates a second embodiment of a token com(cid:173)
`ponent for the authorization system.
`FIG. 7 illustrates a third embodiment of a token compo(cid:173)
`nent for the authorization system.
`FIG. 8 illustrates an embodiment of a logic flow for the
`10 authorization system of FIG. 1.
`FIG. 9 illustrates an embodiment of a centralized system
`for the authorization system of FIG. 1.
`FIG. 10 illustrates an embodiment of a distributed system
`for the authorization system of FIG. 1.
`FIG. 11 illustrates a social graph.
`FIG. 12 illustrates an embodiment of a computing archi(cid:173)
`tecture.
`FIG. 13 illustrates an embodiment of a communications
`architecture.
`
`15
`
`DETAILED DESCRIPTION
`
`The integration of social networking services with mobile
`devices has provided an avenue for users to integrate their
`mobile applications with their social networking presence.
`However, allowing a third-party application to access a
`social networking service on behalf of a user without that 20
`user's permission risks violating that user's privacy and
`identity. Where a user's permission is required it is desired
`to request it in a manner as convenient to them as possible.
`It is with respect to these and other considerations that the
`present improvements have been needed.
`
`SUMMARY
`
`The following presents a simplified summary in order to
`provide a basic understanding of some novel embodiments
`described herein. This summary is not an extensive over(cid:173)
`view, and it is not intended to identify key/critical elements
`or to delineate the scope thereof. Its sole purpose is to
`present some concepts in a simplified form as a prelude to
`the more detailed description that is presented later.
`Various embodiments are generally directed to techniques
`for in-app user data authorization. Some embodiments are
`particularly directed to techniques for using an in-app dialog
`to request a user's authorization to access user data on a
`social networking service. In one embodiment, for example,
`an apparatus may comprise a permissions component opera(cid:173)
`tive to receive a request from an application to perform a
`task on a device and to return a response to the request to the
`application based on active permissions for the application;
`and a token component operative on the processor circuit to
`manage a token database and to determine the active per(cid:173)
`missions for the application based on the token database.
`Other embodiments are described and claimed.
`To the accomplishment of the foregoing and related ends,
`certain illustrative aspects are described herein in connection
`with the following description and the annexed drawings.
`These aspects are indicative of the various ways in which the
`principles disclosed herein can be practiced and all aspects
`and equivalents thereof are intended to be within the scope
`of the claimed subject matter. Other advantages and novel 55
`features will become apparent from the following detailed
`description when considered in conjunction with the draw(cid:173)
`ings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 illustrates an embodiment of an authorization
`system.
`FIG. 2 illustrates a second embodiment of an authoriza(cid:173)
`tion system.
`FIG. 3 illustrates an embodiment of an operating envi(cid:173)
`ronment for the authorization system.
`
`Various embodiments are generally directed to techniques
`for managing access to data of one application or service
`25 from another application or service. This is sometimes
`referred to as "in-app" user data authorization. Some
`embodiments are particularly directed to teclmiques for
`using an in-app dialog to request user authorization to access
`user data from an online data source, such as a social
`30 networking service, for example.
`A user using an application on a mobile device may wish
`to update a network-based (e.g., the Internet) repository of
`information, such as a social networking service, from the
`mobile device based on their activities within the applica-
`35 tion. Further, for the sake of convenience, they may desire
`to have the application construct and perform the update
`automatically, such as in response to a selection of a user
`interface control within the application. However, the user
`may also wish to limit what applications are authorized to
`40 make changes to the Internet-based repository of informa(cid:173)
`tion and to limit what sort of changes the applications may
`make. As such, it is desirable to obtain user permission
`before allowing an application to update the Internet-based
`repository. Ideally, such a request would be made in as
`45 convenient a manner as possible for the user. In this case,
`convenience may be provided by reducing disruption to the
`user experience, such as by having a request take place
`within a pop-up window that appears superimposed over top
`the application. This allows a user to remain within a current
`50 context rather than switch to a different context of another
`application. Convenience may also be aided by providing
`the user with only as much information as is necessary to
`communicate the permission being granted; an overly-long
`request may waste the user's time with over-communication
`and therefore increase the friction of using the application to
`automatically access the repository to perform the update.
`However, limiting the information provided to a user should
`not extend to failing to provide to a user adequate notifica(cid:173)
`tion of the permissions they are granting to the application.
`60 Therefore, a desirable design goal is an authorization system
`that balances the needs for user disclosure and frictionless
`access so as to increase both the convenience and security of
`using the repository. This may be of particular value when
`used with a social networking service, due to the high need
`65 users place on both having control of their online identity
`and having a convenient method of updating their friends as
`to their current status.
`
`Page 16 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`US 9,760,723 B2
`
`3
`With general reference to notations and nomenclature
`used herein, the detailed descriptions which follow may be
`presented in terms of program procedures executed on a
`computer or network of computers. These procedural
`descriptions and representations are used by those skilled in
`the art to most effectively convey the substance of their work
`to others skilled in the art.
`A procedure is here, and generally, conceived to be a
`self-consistent sequence of operations leading to a desired
`result. These operations are those requiring physical
`manipulations of physical quantities. Usually, though not
`necessarily, these quantities take the form of electrical,
`magnetic or optical signals capable of being stored, trans(cid:173)
`ferred, combined, compared, and otherwise manipulated. It
`proves convenient at times, principally for reasons of com(cid:173)
`mon usage, to refer to these signals as bits, values, elements,
`symbols, characters, terms, numbers, or the like. It should be
`noted, however, that all of these and similar terms are to be
`associated with the appropriate physical quantities and are
`merely convenient labels applied to those quantities.
`Further, the manipulations performed are often referred to
`in terms, such as adding or comparing, which are commonly
`associated with mental operations performed by a human
`operator. No such capability of a human operator is neces(cid:173)
`sary, or desirable in most cases, in any of the operations 25
`described herein which form part of one or more embodi(cid:173)
`ments. Rather, the operations are machine operations. Useful
`machines for performing operations of various embodiments
`include general purpose digital computers or similar
`devices.
`Various embodiments also relate to apparatus or systems
`for performing these operations. This apparatus may be
`specially constructed for the required purpose or it may
`comprise a general purpose computer as selectively acti(cid:173)
`vated or reconfigured by a computer program stored in the 35
`computer. The procedures presented herein are not inher(cid:173)
`ently related to a particular computer or other apparatus.
`Various general purpose machines may be used with pro(cid:173)
`grams written in accordance with the teachings herein, or it
`may prove convenient to construct more specialized appa- 40
`ratus to perform the required method steps. The required
`structure for a variety of these machines will appear from the
`description given.
`Reference is now made to the drawings, wherein like
`reference numerals are used to refer to like elements 45
`throughout. In the following description, for purposes of
`explanation, numerous specific details are set forth in order
`to provide a thorough understanding thereof. It may be
`evident, however, that the novel embodiments can be prac(cid:173)
`ticed without these specific details. In other instances, well 50
`known structures and devices are shown in block diagram
`form in order to facilitate a description thereof. The intention
`is to cover all modifications, equivalents, and alternatives
`consistent with the claimed subject matter.
`FIG. 1 illustrates a block diagram for an authorization 55
`system 100. In one embodiment, the authorization system
`100 may comprise a computer-implemented authorization
`system 100 for in-app user data authorization. The authori(cid:173)
`zation system 100 may comprise, among other components,
`a permissions component 120 and a token component 130. 60
`Although the system 100 shown in FIG. 1 has a limited
`number of elements in a certain topology, it may be appre(cid:173)
`ciated that the system 100 may include more or less elements
`in alternate topologies as desired for a given implementa(cid:173)
`tion.
`The authorization system 100 may comprise a permis(cid:173)
`sions component 120. The permissions component 120 may
`
`4
`be operative to receive a request 113 from an application 110
`to perform a task on a device, consult a set of active
`permission 137 for the application 110, and to return a
`response 117 to the application 110 in response to the request
`113 based on the set of active permissions 137 for the
`application 110.
`The application 110 may comprise a software application
`running on a mobile device. The application 110 may
`comprise a first-party software application, such as a soft-
`10 ware application provided by the manufacturer of the device
`or the operating system. The application 110 may comprise
`a first-party software application provided by the owner or
`maintainer of an Internet-based service or repository related
`to the request 113, such as an Internet-based service of
`15 repository that would be updated if the task requested by
`request 113 were performed. The application 110 may
`comprise a third-party software application, such as a soft(cid:173)
`ware application developed by a party other than the manu(cid:173)
`facturer of the device or operating system. A third-party
`20 software application may be installed by the manufacturer of
`the device or the operating system, or may be installed by a
`user of the device. The application 110 may be generally
`operative to provide one or more functions and services to
`a user.
`The application 110 may be operative to receive a request
`from a user to perform a task and to construct and transmit
`a request 113 to the authorization system 100 for permission
`to perform the task. The application 110 may be operative to
`receive a response 117 from the authorization system 100 in
`30 response to the request 113. In some embodiments, the
`response 117 may comprise permission to perform the task.
`In some embodiments, the transmission of the request 113
`may comprise an attempt to perform the task, with the
`expectation that if permission for performing the task is
`granted that the task will be performed on behalf of the
`application 110 by authorization system 100. As such, the
`response 117 may comprise a notification to the application
`110 that the task has been performed or has not been
`performed. The response 117 may comprise a notification
`that the application 110 is authorized to perform the task or
`is not authorized to perform the task. The response 117 may
`comprise a notification that the application 110 is authorized
`to have the task performed on its behalf or is not authorized
`to have the task performed on its behalf.
`The authorization system 100 may comprise a token
`component 130 operative to manage a token database 135
`and to determine the active permissions 137 based on the
`token database 135. The token component 130 may be
`operative to perform this determination in response to
`receiving a notification from the permissions component 120
`that the application 110 made request 113.
`The token database 135 may comprise a database created
`and maintained according to any one of the known tech(cid:173)
`niques for creating and maintaining a database. The token
`component 130 may be operative to manage the token
`database 135 according to any of these known techniques for
`creating and maintaining a database. In general, the token
`database 135 may consist of any technique for storing and
`retrieving permissions including active permissions 137,
`whether or not the permissions are stored in a product or
`library specifically titled as a database. Determining the
`active permissions 137 based on the token database 135 may
`comprise retrieving the active permissions 137 from the
`token database 135 by performing a lookup based on appli-
`65 cation 110, such as a name or identifier for application 110.
`For example, application 110 may have an identifier regis(cid:173)
`tered with the token component 130 for use in making
`
`Page 17 of 28
`
`ironSource Exh. 1026
`ironSource Ltd. v. Digital Turbine Inc. PGR2022-00053
`
`

`

`US 9,760,723 B2
`
`6
`5
`The token component 130 may be operative to update the
`requests such as request 113 and for performing a lookup in
`token database 135. In some embodiments, the token data(cid:173)
`existing permissions to the active permissions 137 according
`to a user response 255. The user response 255 may have
`base 135 may be stored locally on the same device executing
`the application 110. Alternatively, in some embodiments the
`been generated in response to the permissions component
`120 determining that the existing permissions do not grant
`token database 135 may be stored remotely and accessed
`permission for the request 113. The permissions component
`using a network such as the Internet. It will be appreciated
`120 may be operative to send the request 113 to the dialog
`that a token may generally refer to a bundle of permission
`component 240 in order to request the generation of the user
`information related to a particular application, task, particu-
`response 255.
`lar task for a particular application, or any other unit of
`The dialog component 240 may be operative to construct
`security. In some embodiments, a token may refer to an 10
`a dialog 245 for display to a user, send the dialog 245 to a
`access token from an operating system. However, in general,
`user interface component 250, receive a user response 255
`retrieving, receiving, storing, or otherwise manipulating a
`from the user interface component 250, and send the user
`token may generally correspond to retrieving, receiving,
`response 255 to the token component 130. Constructing the
`storing, or otherwise manipulating information sufficient to
`15 dialog 245 may comprise constructing a string of text based
`determine permission information.
`on request 113 that communicates to a user the permissions
`Active permissions 137 may comprise a listing, tabula(cid:173)
`that would need to be granted in order for the task generating
`tion, or other record of tasks which the user has authorized
`request 113 to be performed by or for application 110. The
`the application 110 to perform or which the user has autho(cid:173)
`dialog 245 may be constructed in order to balance user
`rized the authorization system 100 to perform on behalf of
`20 disclosure and frictionless access. The dialog 245 may be
`application 110. The permissions component 120 may be
`operative to compare the request 113 to the active permis(cid:173)
`constructed in a localized language for the user. Although
`sions 137 for the application 110 and to determine that the
`some embodiments utilize a string of text by way of
`example, it may be appreciated that the dialog 245 may
`active permissions 137 grant authorization-or indicate that
`the user has granted authorization-for the application 110
`utilize any multimedia information, including audio, video,
`to perform the task or for the authorization system 100 to
`25 pictures, images, animations, icons, symbols, characters,
`perform the task on behalf of application 110. The task
`numbers and so forth. The embodiments are not limited in
`requested through request 113 may correspond to a type or
`this context.
`The user interface component 250 may comprise a portion
`category of permission and the permissions component 120
`of an operating system or software library. An operating
`may be operative to determine whether that type or category
`system may comprise any software, software application, or
`of permission is listed as authorized in the active permis- 30
`sions 137 in order to determine whether the request 113 is
`library operative to provide functionality, hardware access,
`or any other service to a user or application 110, such as an
`authorized. In some embodiments, only authorized tasks will
`be listed in active permissions 137 and as such the task being
`operating system provided by the manufacturer of a device.
`For example, an operating system may comprise Apple
`listed indicates that the task should be authorized. In some
`embodiments, additional tasks may specifically be listed as
`35 iOS®, Android®, Windows Mobile®, Windows Phone®, or
`not being authorized or active permissions 137 may include
`any other known operating system. The operating system
`may be operative to provide functionality to applications
`an entry for all tasks which may be requested with an
`such as application 110. A library may be a first-party library
`indication for each entry as to whether the associated task
`provided by the manufacturer of a device or operating
`has as of yet been authorized by the user.
`FIG. 2 illustrates a second block diagram for an authori(cid:173)
`40 system. A library may be a third-party library provided by an
`zation system 100. In the illustration of FIG. 2 the authori(cid:173)
`entity other than the manufacturer of a device or operating
`zation system 100 includes dialog component 240 in addi(cid:173)
`system. Generally, a library may be operative to provide
`functionality to application such as application 110. Addi(cid:173)
`tion to permissions component 120 and token component
`tionally or alternatively, th