Passporting credentials between a mobile app and a web browser

US 10,122,698 B2
Filed: 08/14/2017
Issued: 11/06/2018
Est. Priority Date: 06/17/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a non-transitory memory; and

one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;

in response to receiving authentication credentials associated with a user via a user interface (UI) of a native application, transmitting the authentication credentials to a server to request for a session token;

in response to receiving the session token from the server, initiating a device session between the native application and the server based on the session token;

launching an embedded web browser to provide a web UI within the native application by providing the session token and a web address to the embedded web browser;

transmitting the session token and the web address from the embedded web browser to the server to automatically authenticate the user in a web session between the embedded web browser and the server without requiring the authentication credentials, wherein the session token authorizes the server to share at least a portion of session data associated with the device session with the web session;

in response to intercepting a first communication between the embedded web browser and the server, resuming the device session based on the session token; and

displaying the UI of the native application for the resumed device session.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider'"'"'s core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.

18 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a non-transitory memory; and
  
  one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  in response to receiving authentication credentials associated with a user via a user interface (UI) of a native application, transmitting the authentication credentials to a server to request for a session token;
  
  in response to receiving the session token from the server, initiating a device session between the native application and the server based on the session token;
  
  launching an embedded web browser to provide a web UI within the native application by providing the session token and a web address to the embedded web browser;
  
  transmitting the session token and the web address from the embedded web browser to the server to automatically authenticate the user in a web session between the embedded web browser and the server without requiring the authentication credentials, wherein the session token authorizes the server to share at least a portion of session data associated with the device session with the web session;
  
  in response to intercepting a first communication between the embedded web browser and the server, resuming the device session based on the session token; and
  
  displaying the UI of the native application for the resumed device session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the first communication comprises a first uniform resource locator (URL) request.
  - 3. The system of claim 1, wherein the session token and the web address is transmitted from the embedded web browser to a Common Gateway Interface (CGI) of the server.
  - 4. The system of claim 1, wherein the operations further comprise in response to intercepting a second communication between the embedded web browser and the server, refreshing the device session token.
  - 5. The system of claim 4, wherein refreshing the device session token comprises transmitting an application programming interface (API) call from the native application to the server.
  - 6. The system of claim 2, wherein the operations further comprise in response to intercepting a second communication between the embedded web browser and the server, refreshing the device session token, wherein the second communication comprises a second URL request.
  - 7. The system of claim 4, wherein refreshing the device session token is based on a determination that the second communication is intercepted within a token expiration time of the session token.
  - 8. The system of claim 1, wherein the embedded web browser receives a web flow authorization token from the server based on the user being authenticated in the web session, wherein the server shares at least the portion of the session data with the embedded web browser based on the web flow authorization token.
  - 9. The system of claim 1, wherein the authentication credentials comprise login information of the user.
  - 10. The system of claim 1, wherein the operations further comprise:
    - receiving a user input via the UI of the native application during the device session;
      
      transmitting an application programming interface (API) call and the session token from the native application to the server, wherein the API call is authenticated based on the session token; and
      
      refreshing the session token based on transmitting the API call.
  - 11. The system of claim 1, wherein the operations further comprise closing the embedded web browser in response to intercepting the first communication.

12. A method, comprising:
- in response to receiving authentication credentials associated with a user via a user interface (UI) of a native application, transmitting, by one or more hardware processors, the authentication credentials to a server to request for a session token;
  
  in response to receiving the session token from the server, initiating, by the one or more hardware processors, a device session between the native application and the server based on the session token;
  
  launching, by the one or more hardware processors, an embedded web browser to provide a web UI within the native application by providing the session token and a web address to the embedded web browser;
  
  transmitting, by the one or more hardware processors, the session token and the web address from the embedded web browser to the server to automatically authenticate the user in a web session between the embedded web browser and the server without requiring the authentication credentials, wherein the session token authorizes the server to share at least a portion of session data associated with the device session with the web session;
  
  in response to intercepting a first communication between the embedded web browser and the server, resuming, by the one or more hardware processors, the device session based on the session token; and
  
  displaying, by the one or more hardware processors, the UI of the native application for the resumed device session.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein the first communication comprises a first uniform resource locator (URL) request.
  - 14. The method of claim 12, further comprising in response to intercepting a second communication between the embedded web browser and the server, refreshing the device session token.
  - 15. The method of claim 14, wherein refreshing the device session token comprises transmitting an application programming interface (API) call from the native application to the server.
  - 16. The method of claim 13, further comprising in response to intercepting a second communication between the embedded web browser and the server, refreshing the device session token, wherein the second communication comprises a second URL request.
  - 17. The method of claim 14, wherein refreshing the device session token is based on a determination that the second communication is intercepted within a token expiration time of the session token.
  - 18. The method of claim 12, further comprising:
    - receiving a user input via the UI of the native application during the device session;
      
      transmitting an application programming interface (API) call and the session token from the native application to the server, wherein the API call is authenticated based on the session token; and
      
      refreshing the session token based on transmitting the API call.

19. A non-transitory machine readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
- in response to receiving authentication credentials associated with a user via a user interface (UI) of a native application, transmitting the authentication credentials to a server to request for a session token;
  
  in response to receiving the session token from the server, initiating a device session between the native application and the server based on the session token;
  
  launching an embedded web browser to provide a web UI within the native application by providing the session token and a web address to the embedded web browser;
  
  transmitting the session token and the web address from the embedded web browser to the server to automatically authenticate the user in a web session between the embedded web browser and the server without requiring the authentication credentials, wherein the session token authorizes the server to share at least a portion of session data associated with the device session with the web session;
  
  in response to intercepting a first communication between the embedded web browser and the server, resuming the device session based on the session token; and
  
  displaying the UI of the native application for the resumed device session.
- View Dependent Claims (20)
- - 20. The non-transitory machine readable medium of claim 19, wherein the operations further comprise in response to intercepting a second communication between the embedded web browser and the server, refreshing the device session token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Yefimov, Igor, Atwood, Scott
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US15/676,779
Publication Number

US 20180054430A1
Time in Patent Office

449 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 67/00   Network arrangements or pro...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/04   specially adapted for termi...

H04L 67/146   Markers for unambiguous ide...

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

H04W 12/062   Pre-authentication

H04W 4/00   Services specially adapted ...

Passporting credentials between a mobile app and a web browser

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Passporting credentials between a mobile app and a web browser

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links