A server, a system, a method, a
computer program and a computer program
product for accessing a server i a
computer network
Field of the invention
The invention relates to a server, a system, a method, a
computer program and a computer program product for accessing a
server in a computer network.
Background
Social networks are services, for example computer programs
n n o s - th.s.t s o w s to h o t t or
p t t © t o . T XCell social
networks only allow write access to the content to registered
users. Access control is typically performed by said servers
using credentials, for example username and password, in order
to grant access to reading or writing o f content in said social
network.
Each user typically has its own user account on the social
network, allowing to relate any content uploaded, using a
specific account to the user that owns the account o f the
social network.
everyone who wants to participate in said
social network needs to register first, for example to create
an account on said server hosting said social network.
Summary
The object o f the invention i s thus to allow users, that are
not registered o n a server o f a social network, t o access said
social network without having t o register first, while a t the
same time keeping the authentication requirement o f the social
network ,
The main idea o f the invention i s thus to access from a first
server the second server via a computer network, wherein said
first server i s adapted to upon successful authentication o f
first credentials o f a first user registered o n said first
server b y said first server, provide said first user access to
a t least a subset o f functions provided b y a n interface o f said
second server, using second credentials o f a second user
registered o n said second server for authentication with said
second server, wherein said second server i s adapted to provide
said functions via said interface. This way, authentication o f
said first user o n the first server i s used to allow access to
the social network via said second user's account o n the social
network w xth o t i x c o so c L I o i k s x o f
x S L w G t © c . x c X x socxciX
network to relate contributions o f said first user t o rejected
user o f said social network.
Advantageously, said first server comprises the receiving
means adapted to receive a first message comprising information
about said first user, in particular a request t o access a
function o f said interface, from a first client, sending means
adapted to send a second message comprising information about
said second user in particular a request to access said
function, to said second server, and processing means adapted
to determine said information about said second user. This way,
said first server receives information required t o authenticate
said first user, identifies said second user and the request o f
the first user, and sends information required for
authentication on said second server to the second server.
Advantageously, said information about said second user is
determined from said information about said first user. This
way, each first user is mapped to the appropriate second user
by said first server automatically.
Advantageously, said first message comprises a piece o f
information about said second user, and said information about
said second user is determined from said piece o f information.
This way, said first user submits enough information in said
first message to allow said first server to determine said
oriel . t o .3, LC S ·
Advantageously, said information about said second user
comprises credentials o f said second user. This way the
authentication message to said second server comprises all
information required for said second server to authenticate
said second user.
Advantageously, said information about said first user
comprises credentials o f said first user, wherein said first
server comprises authentication means adapted to authenticate
said first credentials o f said first user and wherein said
sending means is adapted to send said second message only upon
successful authentication o f said first credentials. This way,
the request to access a function o f a social network by a first
user is only forwarded to said second server in case
authentication o f said first user on said first server is
successful. This increases the reliability o f the service.
Advantageously, said first message comprises a request to
access a first function o f said interface, wherein said
processing means is adapted to confirm that said first user is
authorized to request said first function, and wherein said
sending means is adapted to send said second message only upon
successful authorization. This allows a second user to define
on said first server which of said functions provided by said
interface are available to a first user. Furthermore, only
requests to functions authorized by said second user are
forwarded by said first server.
Further developments of the invention can be gathered from
dependent claims and the following description.
Brief description of th figures
In the following, the invention will be explained further,
making reference to the attached drawings.
Figure 1 schematically shows a first part of a computer
network.
Figure schematically shows a sequence diagram.
Description of th embodiments
Figure 1 shows schematically a part of a computer network
100, comprising a first server 101, a second server 102, a
first client 103 and a second client 104.
Said servers and clients are connected via data links
depicted as solid lines and a cloud in figure 1 . Said data
links are for example local area network (LAN) , wireless local
area network ( LA ) or wide area network (WAN) connections.
Said connections are for example according to the well known
internet protocol (IP) , user datagram protocol (UDP) ,
transmission control protocol (TCP) or stream control
transmission protocol (SCTP) , signaling is for example
according to the well known simple object access protocol
(SOAP) , representational state transfer (REST) , session
initiation protocol (SIP) or internet protocol multimedia
s s s e (IMS) . A - s sing done u sing the w e known
uniform resource locators (URL) , uniform resource identifiers
(URI) , names or namespaces o f extensible mark of language (XML
version 1.0, third edition, 3C recommendation 8 , December
2009) .
The connections can but must not be directly between the
servers or devices. Typical use is on wide area networks with
multiple intermediate devices, depicted schematically as cloud
in figure 1 .
Said servers and clients comprise sending and receiving means
adapted to send and receive messages, using the afore mentioned
protocols , addresses and data links -
Goal of the invention is to allow a first user EU, who is not
registered user of a social network, to access said social
network via the account of a second user HU, while at the same
time marking all contributions of said first user EU to said
soc . t w o k . with. . " s i d i f ¾ l l o w i c t o l 3.t ©
the contribution o f said first user to said first user without
directly revealing said first user's identity to the social
network .
Said second server 102 provides access to said social network
"v i .W . f . f o - l c n p t i o p o Q
© f .
Said second server 102 is adapted to authenticate second
credentials of said second user HU, using said account of said
second user HU. For example said second server 102 is adapted
t t 1 t € S S t / . S .1
username and password as said second credentials.
Said second server 102 is adapted to provide functions o f
said social network via said interface API. Providing functions
in this context means for example allowing read-access to read
o r download content o f said social network, write-access t o
generate new content o n saxd social network, including
uploading o f pictures o r videos o r audios .
Interfaces API, like the well known application programming
interfaces are known t o the person skilled in the art, a s well
a s read-, write-, o r upload- functions .
Said first server 101 comprises authentication means adapted
t o authenticate first credentials o f said first user EU. Said
first credentials are for example a first username and a first
password, belonging t o a first account o f said first user,
- - - - - - ¾. - --I— J - L - € -
Scixci . i . o f .ZL.C1 f x s t s 101 i s L t o
1 © <¾, f t TO . 208 OTOp TX X X f O S CO - O S c XC
first user EU, in particular a request t o access a function o f
said interface API. Said information about said first user E U
XS f 0 3 . 1 Scixci £ x ITS 3. .t ¾ S ·
Said sending means o f said first server 101 i s adapted t o
send a second message 212 , comprising information about said
second user HU, in particular a request t o access said
function. Said sending means o f said first server 101 i s for
example adapted t o send said second message 212 only upon
successful authentication o f said first credentials b y said
authentication means o f said first server 101 .
Said information about said second user H U i s for example
said second credentials.
Said first server 101 comprises processing means adapted t o
determine said information about said second user HU.
Said processing means i s for example adapted t o determine
said information about said second user H U from said
information about said first user EU. Alternatively o r
additionally, said first message 208 comprises a piece o f
information about said second user HU , and said information
about said second user HU is determined from said piece o f
information. For example, said second username is said piece o f
information and said second credentials are determined by
mapping said second username to said second credentials. To
that end said second credentials may b e stored on said first
server 101, for example in a database.
Said first server 101 comprises optionally processing means
adapted to determine if said first user EU is authorized to
request said function. In this case, said sending means is
adapted to send said second message 212 only upon successful
authorization. For example a mapping o f functions to first user
names is stored on said first server 101 in said database and
said processing means is adapted to determine allowed functions
from said database .
A method for accessing from said first server 101 said second
server 102 via said computer network 100 is explained below,
making reference to the sequence diagram o f figure 2 .
According to said method, upon successful authentication o f
f x x s .x s o f . i f t . E! s t d . o x x
first server 101, access to at least a subset o f functions
provided by said interface API o f said second server 102 is
provided to said first user EU, using said second credentials
registered on said second server 102 for authentication o f said
second user HU.
Said method starts for example whenever said first user EU
starts a client program on said first client 103, in order to
access said social network. Said client program may b e a web
browser with a plug- in, allowing to access social networks.
After the start, a message 201, Request, is sent from said
first client 103 to said second client 104. Said message 201 is
for example a request to access said social network, comprising
said first username, a target identifier for identifying said
social network and the address o f said first client 103 . Said
target identifier is for example an internet protocol address.
Upon receipt o f said message 201, said second client 104
sends a message 202, Request to said first server 101. Said
message 202 is for example a request for access point creation,
comprising a list o f allowed functions, said second user's
credentials, said target identifier o f said social network,
said first username and said address o f said first client 103.
Said second user's credentials may b e read b y said second
client 104 from storage automatically o r said second client 104
may prompt said second user HU for confirmation, for example
using a computer program running on said second client 104.
Said computer program i s for example a web browser with a plugin,
automatically prompting said second user HU for
confirmation .
Upon receipt o f said message 202, said first server 101 sends
© c 203 R p o s f to S c f ϊ TS i X03 · S i c
203 is for example a response comprising the address o f an
access point created by said first server 101 for said first
user EU. Said message 203 for example comprises said first
credentials o f said first user EU, that allow said first user
EU to register o r login to said first account o f said first
user EU on said first server 101. Said st credentials are
for example a uniform resource identifier URI .
Upon receipt o f said message 203, said first client 103 sends
a message 204, Request, for example a request for activation o f
said access point. Said message 204 is optional. Said message
204 comprises for example said first credentials and said
address o f said first client 103. Said first credential may b e
for example part of said uniform resource identifier URI. Said
message 204 may be sent upon receipt of a user- input, for
example a mouse click on a link symbolizing said uniform
resource identifier URI by said first client 103. To that end,
S d £x s t © t 3 © .. Lp t t o x o ©xjp o f .
message 203, display said link, for example said uniform
resource identifier URI on said web browser via said plug- in.
Upon receipt of said message 204, said first server sends an
optional message 205, Request, to said second client 104. Said
ΐ S 2 0 X S f © ¾ J 1 _ . S t f O X* X O
confirmation, comprising said first username.
Upon receipt of said message 205, said second client 104
sends an optional message 206, Response, to said first server
101. Said message 206 is for example a response to the
activation confirmation, comprising a text ok" . Said message
206 may be sent by said second client 104 only upon receipt of
an inout confirmina said activation To that end said second
client 104 may be adapted to display a prompt for activation
confirmation, including said first username and send said
message 206 only in case the user of said second client 104
confirms said activation by clicking on a button displayed next
to said prompt .
Upon receipt of said message 206, said first server 101
forwards said message 206 to said first client 103 as an
optional message 207, Response.
Said message 207 is for example said activation confirmation
text ok" .
Said messages 201 to 207 are required for account activation
of said first account of said first user EU on said first
server 101. However, said messages 204 to 207 are optional for
account activation.
In case said first user EU already has a valid account on
said first server 101, said first client 103 is adapted to omit
said steps 201 to 207.
Upon receipt of said message 207, or in case a valid account
for said first user EU already exists on said first server 101,
103 sends a message 208, Request, to request access to a
function to said first server 101. Said message 208 comprises a
function identifier for identifying the requested function,
said target identifier for identification of said social
network, said first user credential, said first client's 103
address and optional payload data. Said function identifier is
for example a text string "read" , "write" , "upload" ,
"download" . Said target identifier is for example an internet
protocol address of said second server 102. Said first
credentials is for example said uniform resource identifier
UR . Said optional payload data is for example text or a
picture or video that shall be sent to said social network.
Said first client 103 is adapted to send said message 208
upon receipt of input from said first user EU, for example via
said web browser plug- in. Said plug- in for example prompts said
first user EU to indicate said function identifier by entering
said text string and identify said social network, for example
from a list from available social networks and mapping said
social network to said target identifier. Furthermore, said
first client 103 is adapted to read said first credentials from
storage on said first client 103, for example from a passwordmanager
application. Furthermore, said rst clxent 103 is
adapted to prompt for optional payload, in case a function
requiring payload was selected by said first client 103.
This means that said message 208 comprises information about
said first user EU, in particular said request to access said
function o f said interface . . To that n ., first client
103 or said web browser plug- in is adapted to prompt said first
user EU for functions only that are available in said social
network, identified by said target identifier.
Upon receipt o f said message 209, said first server 101
performs an authentication 109 o f said first user. T o that end,
ZL 1 * «- 10 L " t - t - C l.t € - 3 £ S . 1CZ c ZL ZL
credentials using the account data o f said first account stored
on said first server 101. Optionally, said first server 101 may
- - ZL t ZL O 1 3™£ Z C5 CZ» C CZ- k t -C5 - * t - Ϊ *
whether the requested function is available to said first user
EU. To that end, for example said first server 101 compares
said function identifier, received in said message 208, to said
list o f allowed functions stored on said first server 101 and
only authorizes said first user EU to request said function in
case said function identifier is found in said list o f
authorized functions for said first user EU.
Additionally o r optionally, said first server 101 is adapted
to send a message 210, Request, to said second client 104. Said
message 210 is for example a request for authorization o f
access to said functions that is sent to said second user HU.
Said message 210 comprises for example said function
identifier, said first username and said optional payload.
Upon receipt o f said message 210, said second client 104
sends a message 211, Response, to said first server 101. Said
message 211 may b e an authorization result, for example a text
"OK" or "not OK" . Said message 211 may b e sent only upon
receipt o f a confirmation from said second user HU. For
example, said second client 104 is adapted to prompt said
second user HU to authorize said access request by said first
user EU to said function. To that end, for example said
function identifier and said optional payload are displayed
next to said first user ame . Said input of said second user HU
may be a mouse click on a button displayed next to said prompt.
Upon successful authentication 209, or optionally upon
receipt of a positive response in message 211, said first
server 101 is adapted to send a message 212, Request, to said
second server 102. Said message 212 is for example a request to
access to a function via said interface API. Said message 212
for example comprises a function identifier, said second
credentials, said optional payload and said requester
identifier .
Said second credentials are for example read from storage of
said first server 101. Said requester identifier is for example
said first username. Said requester identifier may be a random
number or a nickname . In case a nickname is used, said first
server 101 is adapted to store said nickname with said account
data of said first account of said first user EU. This way,
said nickname may be related to said first user EU, for example
in case of legal prosecution.
In case said nickname is used for example, said first server
101 is adapted to prompt in additional messages said first
client 103 to provide said nickname, for example during account
creation after said message 201. Alternatively, said message
201 may comprise said nickname already.
In case said random number is used, said random number is
stored instead of said nickname.
Said message 212 in this case does not contain any
information allowing said second server 102 or said social
network to identify directly said first user EU. However, for
legal prosecution, said requester identifier allows said social
network provider to track content received in said message 212
or actions performed using said message 212 via said second
c it 1 s . T s c , thcit S i s o d. X ow to
relate all content viewed or received by said first user EU to
be related to said first user EU via said second user HU .
Upon receipt o f said message 212, said second server 102
performs the requested action that is for example executes the
optional payload and said requester identifier. Typically, said
second server 102 performs said function only in case said
second credentials are successfully authenticated against said
second user HU account.
Upon completion of said function, said second server 102
sends a message 213, Response, to said first server 101. Said
message 213 comprises said requester identifier and payload.
For example, said nickname is in said message 213 and the
result of said function is in said payload.
Upon receipt of said message 213, said first server 101 sends
s S X 4 f . s to S c f st cX t 103 Fox X
said first server 101 determines from said requester identifier
via lookup in said storage said first client's address and then
sends said message 214 to said first client 103 . Said message
fO . p O X O L (3. f l TS t X S
address is in this case stored upon authentication.
Optionally or alternatively, instead of using said requester
identifier, for example said nickname, to identify the address
of said first client 103, any other means o f relating the
response message 213 to the request message 212 may be used by
said first server 101, For example, said response message 213
may be related to said request message 212 via identifiers used
by said interface A P .
A syntax o f said requester identifier may be defined as a
text string in which, additionally to said first user's
nickname , sa id second u se 's na e in said social network is
used. To that end, said first server 101 may be adapted to
determine said requester identifier from said first username
and said second username. This way, not only the provider o f
the social network, but also all users able to view the
-C - c - I i l i X L J XX b to X vI l b
C nd user' s name in said social network. This may make
relating said first user EU to said content via said second
user e r for ex a l in case o f prosecution .
server
102 may provide for different parameters or options to b e sent
in said message 212. Also, the response message 213 may b e
structurally or from its content be different from said message
213 describes above. It is understood that the invention
applies likewise to any type o f interfaces API that are
provided by said second server 102 . Particularly, interfaces
like the simple object access protocol (SOAP) , the
representational state transfer (REST) or any other protocol
used for accessing functions o f social networks may b e used. A
computer program stored on a computer program product may
resemble the method.
The description and drawings merely illustrate the principles
o f the invention. It will thus b e appreciated that those
skilled in the art will be able to devise various arrangements
t s t ZL X1 de x e- or shown herein, embody
the principles o f the invention and are included within its
spirit and scope. Furthermore, all examples recited herein are
pr Z 1 mten-ded j r e l to -b only for e d a g o g c a l
purposes to aid the reader in understanding the principles of
the invention and the concepts contributed by the inventor (s)
to furthering the art, and are to be construed a s being without
limitation to such specifically recited examples and
conditions. Moreover, all statements herein reciting
principles , aspects, and embodiments o f the invention, a s well
a s specific examples thereof, are intended to encompass
equivalents thereof .
The functions o f the various elements shown in the figures,
including any functional blocks labeled a s 'processors' , may b e
provided through the use o f dedicated hardware a s well a s
hardware capable o f executing software in association with
appropriate software. When provided b y a processor, the
functions may b e provided b y a single dedicated processor, b y a
single shared processor, o r b y a plurality o f individual
processors, some o f which may b e shared. Moreover, explicit use
o f the term 'processor' o r 'controller' should not b e construed
to refer exclusively t o hardware capable o f executing software,
and may implicitly include, without limitation, digital signal
processor (DSP) hardware, network processor, application
specific integrated circuit (ASIC) , field programmable gate
array (FPGA) , read only memory (ROM) for storing software,
random access memory (RAM) , and non volatile storage. Other
hardware, conventional and/or custom, may also b e included.
Similarly, any switches shown the figures are conceptual
only. Their function may b e carried out through the operation
o f program logic, through dedicated logic, through the
-X ~ -
. .1 f 1 € p t . . 1 ti j i s 1 . " t
implementer a s more specifically understood from the context.
I t should b e appreciated b y those skilled in the art that any
block diagrams herein represent conceptual views o f
illustrative circuitry embodying the principles o f the
invention. Similarly, i t will b e appreciated that any flow
charts, flow diagrams, state transition diagrams, pseudo code,
and the like represent various processes which may b e
substantially represented in computer readable medium and so
executed b y a computer o r processor, whether o r not such
computer or processor is explicitly shown.
A person of skill in the art would readily recognize that
steps of various above -described methods can be performed by
programmed computers. Herein, some embodiments are also
intended to cover program storage devices, e.g., digital data
storage media, which are machine or computer readable and
encode machine-executable or computer- executable programs of
instructions, wherein said instructions perform some or all of
the steps of said above -described methods. The program storage
such as a magnetic disks and magnetic tapes, hard drives, or
optically readable digital data storage media. The embodiments
are also intended to cover computers programmed to perform said
steps of the above -described methods.
Claims
A first server (101) for accessing a second server (102)
via a computer network (100) , adapted to upon successful
authentication of first credentials of a first user (EU)
registered on said first server (101) by said first server
(101) , provide said first user (EU) access to at least a
subset of functions provided by an interface (API) of said
second server (102) using second credentials of a second
user (HU) registered on said second server (102) for
authentication with said second server (102) .
The first server (101) according to claim 1 , comprising
receiving means adapted to receive a first message (208)
comprising information about said first user (EU) , in
particular a request to access a function of said
interface (API) , from a first client (103) , sending means
adapted to send a second message (212) comprising
information about said second user (HU) , in particular a
J t to c CC S S S .1 3. f C tCOP o S l c S O d
(102) , and processing means, adapted to determine said
information about said second user (HU) .
The first server (101) according to claim 2 , wherein said
information about said second user (HU) is determined from
said information about said first user (EU) .
The first server (101) according to claim 2 , wherein said
first message (208) comprises a piece of information about
said second user (HU) and said information about said
second user (HU) is determined from said piece of
information .
The first server (101) according to claim 2 , wherein
information about said second user (HU) comprises
credentials of said second user (HU) .
6 . The first server (101) according to claim 1 , where S X C
information about said first user (EU) comprises
credentials o f said first user (EU) , wherein said first
server (101) comprises authentication means, adapted to
authenticate said first credentials o f said first user
(EU) and wherein said sending means is adapted to send
said second message (212) only upon successful
authentication o f said first credentials.
7 . The first server (101) according to claim 1 , wherein said
first message (208 ) comprises a request to access a first
£ " t X f X . X t C- £"
. Q
means is adapted to confirm that said first user (EU) is
authorized to request said first function, and wherein
said sending means is adapted to send said second message
(212) only upon successful authorization.
8 method for a p s n om sprvpr ( 0 1 sp nrf
server (102 ) via a computer network (100) , wherein upon
successful authentication o f first credentials o f a first
user (EU) registered on said first server (101) by said
first server (101) , access to a t least a subset o f
functions provided by an interface (API) o f said second
server (102 ) is provided to said first user (EU) using
on
S x sQ co s (10 ) £ o z L j.t h .© it xC xo w xt s x ci
second server (102 ) .
9 . The method according to claim 8 , further comprising the
steps o f receiving a first message (208) comprising
information about said first user (EU) , in particular a
request to access a function o f said interface (API) , from
a first client (103) , sending a second message (212 )
comprising information about said second user (HU) , in
particular a request to access said function, to said
ermine said
information about said second user (HU) .
10. A system for accessing from a first server (101) a second
server (102) via a computer network (100) , wherein said
first server (101) i s adapted to upon successful
"t XXt - L C- t - 5 L S t C * € X -L C5f ZL C XX » ( J
registered on said first server 1 01 ) by said first server
(101) , provide said first user (EU) access to a t least a
subset o f functions provided by a n interface (API) o f said
second server (102) using second credentials o f a second
user (HU) registered on said second server (102) for
authentication with said second server (102) , wherein said
second server (102) is adapted to provide said functions
via said interface (API) .
11. The system according to claim 10, further comprising a
first client (103) , adapted to send a first message (208)
particular a request to access a function o f said
interface (API) .
12. The system according to claim 1 0 o r 11, wherein said
first server (101) comprises receiving means adapted to
receive said first message (208) comprising information
about said first user (EU) , in particular a request to
access a function o f said interface (API) , from said first
client (103) , sending means adapted to send a second
message (212) comprising information about said second
user (HU) , in particular a request to access said
function, to said second server (102) , and processing
means, adapted to determine said information about said
second user (HU) .
13. The system according to claim 10, further comprising a
second client (104) , comprising receiving means adapted to
Q Q X © h .X S 2 10 ) O jp X . irif0 T .t IOP 3 .ib O
said first user (EU) , i particular a request to access a
first function o f said interface (API) , from said first
server (101) , sending means adapted to send a fourth
S S . (210) comprising information about an
authorization o f said first user (SU) to use said first
function and processing means, adapted to determine said
information about said authorization, wherein said
. XI - f d f 0 S t (101) S . 1 to
receive said fourth message (210) wherein said sending
means o f said first server (101) is adapted to send said
third message (210) to said second client (104) and to
send said second message (212) only upon successful
authorization by said second client (104) .
1 . A computer program for accessing from a first server
(101) a second server (102) via a computer network (100) ,
wherein said computer program, when executed on a
computer, causes the computer to upon successful
authentication o f first credentials o f a first user (EU)
registered on said first server (101) by said first server
(101) , provide said first user (EU) access to a t least a
subset of functions provided by an interface (API) o f said
second server (102) using second credentials o f a second
user (HU) registered on said second server (102) for
authentication with said second server (102) .
15 . A computer program product for accessing from a first
server (101) a second server (102) via a computer network
(100) comprising a computer usable medium having a
computer readable program, wherein said computer readable
program, when executed on a computer, causes the computer
to, upon successful authentication o f first credentials o f
a first user (EU) registered on said first server (101) by
said first server (101) , provide said first user (EU)
access to at least a subset of functions provided by an
interface (API) of said second server (102) using second
credentials of a second user (HU) registered on said
second server (102) for authentication with said second
server (102) .