Single sign-on to web applications from mobile devices

US 10,057,240 B2
Filed: 08/25/2014
Issued: 08/21/2018
Est. Priority Date: 08/25/2014
Status: Active Grant

First Claim

Patent Images

1. A mobile device comprising:

a hardware processor;

a data store; and

a single sign-on authenticator application initiated in response to a user selection of an application on the mobile device after authentication of a single Personal Identification Number (PIN) associated with a user profile, the single sign-on authenticator application configured to receive a single entry of the single PIN to provide future access to one or more applications and executed by the hardware processor, causing the hardware processor to;

obtain and store a first secret in the data store, wherein the first secret matches a second secret stored on a database of one or more servers, wherein the second secret or an initial secret from which the second secret is generated by the one or more servers prior to the obtaining of the first secret, and wherein the first secret and the second secret are unique to the mobile device;

responsive to a request for access to the one or more servers by another application on the mobile device, retrieve the first secret from the data store and generate, using a predetermined algorithm, a unique key based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; and

regenerating the unique key responsive to subsequent requests for access to the one or more servers by another application on the mobile device;

wherein the mobile device is registered with the one or more servers during a registration process at the one or more servers,wherein the hardware processor embeds the unique key in a Uniform Resource Locator (URL) communicated to the one or more servers, thereby transmitting the request for access to the one or more servers, andwherein the hardware processor generates a second initial secret and matches the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device may include an authenticator and a processor. The authenticator may store a first secret corresponding to a second secret stored on a server and generating a key based upon the first secret. The processor may embed the key in data communicated to the server to request access from the server.

67 Citations

View as Search Results

20 Claims

1. A mobile device comprising:
- a hardware processor;
  
  a data store; and
  
  a single sign-on authenticator application initiated in response to a user selection of an application on the mobile device after authentication of a single Personal Identification Number (PIN) associated with a user profile, the single sign-on authenticator application configured to receive a single entry of the single PIN to provide future access to one or more applications and executed by the hardware processor, causing the hardware processor to;
  
  obtain and store a first secret in the data store, wherein the first secret matches a second secret stored on a database of one or more servers, wherein the second secret or an initial secret from which the second secret is generated by the one or more servers prior to the obtaining of the first secret, and wherein the first secret and the second secret are unique to the mobile device;
  
  responsive to a request for access to the one or more servers by another application on the mobile device, retrieve the first secret from the data store and generate, using a predetermined algorithm, a unique key based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; and
  
  regenerating the unique key responsive to subsequent requests for access to the one or more servers by another application on the mobile device;
  
  wherein the mobile device is registered with the one or more servers during a registration process at the one or more servers,wherein the hardware processor embeds the unique key in a Uniform Resource Locator (URL) communicated to the one or more servers, thereby transmitting the request for access to the one or more servers, andwherein the hardware processor generates a second initial secret and matches the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The mobile device of claim 1, wherein the second secret is generated based on at least a pseudo-random number.
  - 3. The mobile device of claim 1, wherein the second secret is generated based on at least a unique mobile device serial number associated with the mobile device.
  - 4. The mobile device of claim 1, wherein the hardware processor obtains the first secret by processing a Quick Response (QR) code on which the second secret is encoded.
  - 5. The mobile device of claim 1, wherein the one or more servers generates the initial secret.
  - 6. The mobile device of claim 1, wherein the predetermined algorithm comprises a symmetric key algorithm, an RSA algorithm, an AES algorithm or a DES algorithm.

7. A server comprising:
- a register storing, within a database of the register, a user profile corresponding to a mobile device registered with the server during a registration process at the server and a second secret corresponding to a first secret stored on a mobile device, wherein the first secret and the second secret are unique to the mobile device; and
  
  a hardware processor configured to;
  
  generate the second secret or an initial secret from which the second secret is derived; and
  
  authenticate a request for access from the mobile device initiated in response to a user selection of an application on the mobile device after an authentication of a single Personal Identification (PIN) associated with the registered user profile, wherein a single entry of the single PIN provides future access to one or more applications by;
  
  extracting a first key embedded in a Uniform Resource Locator (URL) of the request for access, wherein the first key is generated, at the mobile device using a predetermined algorithm, based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number;
  
  generating a second key using the second secret;
  
  compare the first key to the second key;
  
  grant access to the server if the first key matches the second key;
  
  regenerating the first key and the second key responsive to subsequent requests for access from the mobile device initiated in response to another user selection of another application on the mobile device;
  
  generating a second initial secret; and
  
  matching the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The server of claim 7, wherein the second secret is generated based on at least a pseudo-random number.
  - 9. The server of claim 7, wherein the first secret is same as the second secret if the first key matches the second key.
  - 10. The server of claim 7, wherein the second secret is generated based on at least a unique mobile device serial number associated with the mobile device provided during the registration process.
  - 11. The server of claim 7, wherein the second key is generated based on the second secret and at least one of a session ID number and a time stamp associated with the request for access.
  - 12. The server of claim 7, wherein the predetermined algorithm comprises a symmetric key algorithm, an RSA algorithm, an AES algorithm or a DES algorithm.

13. A method of a mobile device comprising:
- obtaining and storing, by a hardware processor based on instructions of a single sign-on authenticator application initiated in response to a user selection of an application on the mobile device after an authentication of a single Personal Identification Number (PIN) associated with a user profile, the single sign-on authenticator application configured to receive a single entry of the single PIN to provide future access to one or more applications, a first secret matching a second secret stored on a database of one or more servers, wherein the second secret or an initial secret from which the second secret is generated by the one or more servers prior to the obtaining of the first secret and the first secret and the second secret are unique to the mobile device, and wherein the mobile device is registered with the one or more servers during a registration process at the one or more servers;
  
  responsive to a request for access to the one or more servers by another application on the mobile device, retrieving, by the hardware processor, the first secret from the data store and generating, using a predetermined algorithm, a unique key based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number;
  
  embedding, by the hardware processor, the unique key in a Uniform Resource Locator (URL) communicated to the one or more servers, thereby transmitting the request for access to the one or more servers;
  
  regenerating the unique key responsive to subsequent requests for access to the one or more servers by another application on the mobile device;
  
  generating a second initial secret; and
  
  matching the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the second secret is generated based on at least a pseudo-random number.
  - 15. The method of claim 13, wherein the second secret is generated based on at least a unique mobile device serial number associated with the mobile device.

16. A method comprising:
- storing, by a register to a database within the register, a user profile corresponding to a mobile device registered with one or more servers during a registration process at the one or more servers and a second secret corresponding to a first secret stored on a mobile device, wherein the first secret and the second secret are unique to the mobile device; and
  
  at a hardware processor of the one or more servers;
  
  generating the second secret or an initial secret from which the second secret is derived;
  
  authenticating, via a single sign-on, a request for access from the mobile device initiated in response to a user selection of an application on the mobile device after authentication of a single Personal Identification Number (PIN) associated with a user profile, wherein a single entry of the single PIN provides future access to one or more applications by;
  
  extracting a first key embedded in a Uniform Resource Locator (URL) of the request for access, wherein the first key is generated, at the mobile device using a predetermined algorithm, based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number;
  
  generating a second key using the second secret;
  
  comparing the first key to the second key;
  
  granting access to the one or more servers if the first key matches the second key;
  
  regenerating the first key and the second key responsive to subsequent requests for access from the mobile device initiated in response to another user selection of another application on the mobile device;
  
  generating a second initial secret; and
  
  matching the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the second secret is generated based on at least a pseudo-random number.
  - 18. The method of claim 16, wherein the first secret is the same as the second secret if the first key matches the second key.
  - 19. The method of claim 16, wherein the second secret is generated based on at least a unique mobile device serial number associated with the mobile device provided during the registration process.
  - 20. The method of claim 16, wherein the second key is generated based on the second secret and at least one of a session ID number and a time stamp associated with the request for access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Mihaylov, Dimitar
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/467,672
Publication Number

US 20160057130A1
Time in Patent Office

1,457 Days
Field of Search

726 4
US Class Current
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0815   providing single-sign-on or...

H04L 9/0869   involving random numbers or...

H04L 9/0872   using geo-location informat...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/71   Hardware identity

Single sign-on to web applications from mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on to web applications from mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links