Single sign-on to web applications from mobile devices
First Claim
Patent Images
1. A mobile device comprising:
- a hardware processor;
a data store; and
a single sign-on authenticator application initiated in response to a user selection of an application on the mobile device after authentication of a single Personal Identification Number (PIN) associated with a user profile, the single sign-on authenticator application configured to receive a single entry of the single PIN to provide future access to one or more applications and executed by the hardware processor, causing the hardware processor to;
obtain and store a first secret in the data store, wherein the first secret matches a second secret stored on a database of one or more servers, wherein the second secret or an initial secret from which the second secret is generated by the one or more servers prior to the obtaining of the first secret, and wherein the first secret and the second secret are unique to the mobile device;
responsive to a request for access to the one or more servers by another application on the mobile device, retrieve the first secret from the data store and generate, using a predetermined algorithm, a unique key based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; and
regenerating the unique key responsive to subsequent requests for access to the one or more servers by another application on the mobile device;
wherein the mobile device is registered with the one or more servers during a registration process at the one or more servers,wherein the hardware processor embeds the unique key in a Uniform Resource Locator (URL) communicated to the one or more servers, thereby transmitting the request for access to the one or more servers, andwherein the hardware processor generates a second initial secret and matches the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret.
1 Assignment
0 Petitions
Accused Products
Abstract
A mobile device may include an authenticator and a processor. The authenticator may store a first secret corresponding to a second secret stored on a server and generating a key based upon the first secret. The processor may embed the key in data communicated to the server to request access from the server.
67 Citations
20 Claims
-
1. A mobile device comprising:
-
a hardware processor; a data store; and a single sign-on authenticator application initiated in response to a user selection of an application on the mobile device after authentication of a single Personal Identification Number (PIN) associated with a user profile, the single sign-on authenticator application configured to receive a single entry of the single PIN to provide future access to one or more applications and executed by the hardware processor, causing the hardware processor to; obtain and store a first secret in the data store, wherein the first secret matches a second secret stored on a database of one or more servers, wherein the second secret or an initial secret from which the second secret is generated by the one or more servers prior to the obtaining of the first secret, and wherein the first secret and the second secret are unique to the mobile device; responsive to a request for access to the one or more servers by another application on the mobile device, retrieve the first secret from the data store and generate, using a predetermined algorithm, a unique key based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; and regenerating the unique key responsive to subsequent requests for access to the one or more servers by another application on the mobile device; wherein the mobile device is registered with the one or more servers during a registration process at the one or more servers, wherein the hardware processor embeds the unique key in a Uniform Resource Locator (URL) communicated to the one or more servers, thereby transmitting the request for access to the one or more servers, and wherein the hardware processor generates a second initial secret and matches the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A server comprising:
-
a register storing, within a database of the register, a user profile corresponding to a mobile device registered with the server during a registration process at the server and a second secret corresponding to a first secret stored on a mobile device, wherein the first secret and the second secret are unique to the mobile device; and a hardware processor configured to; generate the second secret or an initial secret from which the second secret is derived; and authenticate a request for access from the mobile device initiated in response to a user selection of an application on the mobile device after an authentication of a single Personal Identification (PIN) associated with the registered user profile, wherein a single entry of the single PIN provides future access to one or more applications by; extracting a first key embedded in a Uniform Resource Locator (URL) of the request for access, wherein the first key is generated, at the mobile device using a predetermined algorithm, based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; generating a second key using the second secret; compare the first key to the second key; grant access to the server if the first key matches the second key; regenerating the first key and the second key responsive to subsequent requests for access from the mobile device initiated in response to another user selection of another application on the mobile device; generating a second initial secret; and matching the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of a mobile device comprising:
-
obtaining and storing, by a hardware processor based on instructions of a single sign-on authenticator application initiated in response to a user selection of an application on the mobile device after an authentication of a single Personal Identification Number (PIN) associated with a user profile, the single sign-on authenticator application configured to receive a single entry of the single PIN to provide future access to one or more applications, a first secret matching a second secret stored on a database of one or more servers, wherein the second secret or an initial secret from which the second secret is generated by the one or more servers prior to the obtaining of the first secret and the first secret and the second secret are unique to the mobile device, and wherein the mobile device is registered with the one or more servers during a registration process at the one or more servers; responsive to a request for access to the one or more servers by another application on the mobile device, retrieving, by the hardware processor, the first secret from the data store and generating, using a predetermined algorithm, a unique key based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; embedding, by the hardware processor, the unique key in a Uniform Resource Locator (URL) communicated to the one or more servers, thereby transmitting the request for access to the one or more servers; regenerating the unique key responsive to subsequent requests for access to the one or more servers by another application on the mobile device; generating a second initial secret; and matching the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret. - View Dependent Claims (14, 15)
-
-
16. A method comprising:
-
storing, by a register to a database within the register, a user profile corresponding to a mobile device registered with one or more servers during a registration process at the one or more servers and a second secret corresponding to a first secret stored on a mobile device, wherein the first secret and the second secret are unique to the mobile device; and at a hardware processor of the one or more servers; generating the second secret or an initial secret from which the second secret is derived; authenticating, via a single sign-on, a request for access from the mobile device initiated in response to a user selection of an application on the mobile device after authentication of a single Personal Identification Number (PIN) associated with a user profile, wherein a single entry of the single PIN provides future access to one or more applications by; extracting a first key embedded in a Uniform Resource Locator (URL) of the request for access, wherein the first key is generated, at the mobile device using a predetermined algorithm, based upon a multiplicative combination of the first secret and a session ID number associated with the request for access, wherein the first secret is unique from the session ID number; generating a second key using the second secret; comparing the first key to the second key; granting access to the one or more servers if the first key matches the second key; regenerating the first key and the second key responsive to subsequent requests for access from the mobile device initiated in response to another user selection of another application on the mobile device; generating a second initial secret; and matching the initial secret with the second secret such that the second secret is generated as a combination of the initial secret and the second initial secret. - View Dependent Claims (17, 18, 19, 20)
-
Specification