Single sign-on processing for associated mobile applications

US 10,142,321 B2
Filed: 09/08/2017
Issued: 11/27/2018
Est. Priority Date: 03/07/2013
Status: Active Grant

First Claim

Patent Images

1. A method for leveraging an initial server interaction session on behalf of a first mobile app for a continued server interaction session on behalf of a second mobile app, the method comprising:

receiving, by a first mobile app executing on a mobile device and on behalf of a user of the mobile device, a first indication to launch the first mobile app;

receiving, by the first mobile app on behalf of the user, first authentication credentials for authenticating the user with a back-end server associated with the first mobile app;

generating, by the first mobile app, a sign-in request comprising i) information identifying the back-end server and ii) the first authentication credentials;

transmitting, by the first mobile app, the sign-in request to an application linking server;

receiving, by the first mobile app, a sign-in response comprising a session identifier indicative of an initial interaction session established with the back-end server on behalf of the user;

storing, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the session identifier;

subsequent to storing the session identifier, receiving a second indication to launch a second mobile app;

determining, by the second mobile app executing on the mobile device based at least in part on the session identifier, that the initial interaction session with the back-end server exists and is active; and

initiating, by the second mobile app on behalf of the user, a continued interaction session with the back-end server leveraging the initial interaction session without obtaining, by the second mobile app from the user, second authentication credentials for authenticating the user with the back-end server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.

115 Citations

24 Claims

1. A method for leveraging an initial server interaction session on behalf of a first mobile app for a continued server interaction session on behalf of a second mobile app, the method comprising:
- receiving, by a first mobile app executing on a mobile device and on behalf of a user of the mobile device, a first indication to launch the first mobile app;
  
  receiving, by the first mobile app on behalf of the user, first authentication credentials for authenticating the user with a back-end server associated with the first mobile app;
  
  generating, by the first mobile app, a sign-in request comprising i) information identifying the back-end server and ii) the first authentication credentials;
  
  transmitting, by the first mobile app, the sign-in request to an application linking server;
  
  receiving, by the first mobile app, a sign-in response comprising a session identifier indicative of an initial interaction session established with the back-end server on behalf of the user;
  
  storing, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the session identifier;
  
  subsequent to storing the session identifier, receiving a second indication to launch a second mobile app;
  
  determining, by the second mobile app executing on the mobile device based at least in part on the session identifier, that the initial interaction session with the back-end server exists and is active; and
  
  initiating, by the second mobile app on behalf of the user, a continued interaction session with the back-end server leveraging the initial interaction session without obtaining, by the second mobile app from the user, second authentication credentials for authenticating the user with the back-end server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the sign-in response further comprises application association information comprising information identifying a set of associated mobile apps, including the first mobile app and the second mobile app, the sign-in response originating from the application linking server.
  - 3. The method of claim 2 further comprising generating, by the first mobile app, a presentation of the set of associated mobile apps for display via an interface.
  - 4. The method of claim 3 further comprising determining that the second mobile app was not launched by one of the set of associated mobile apps.
  - 5. The method of claim 1, wherein the session identifier is associated with a time to live (TTL) value indicative of a duration that the initial interaction session will remain active.
  - 6. The method of claim 1, wherein i) the sign-in response further comprises an application linking server session identifier, and ii) the application linking server session identifier further comprises a time to live (TTL) value indicative of a duration that an application linking server session will remain active.
  - 7. The method of claim 1, wherein the second mobile app is launched from a mobile device interface that is independent of a first mobile app interface.
  - 8. The method of claim 1, wherein i) the back-end server is a first back-end server, ii) the second mobile app is associated with a second back-end server, iii) the sign-in request is a first sign-in request, iv) the sign-in response is a first sign-in response, v) the session identifier is a first session identifier, vi) the interaction session is a first interaction session, and vii) the method further comprisesreceiving, by the second mobile app on behalf of the user, third authentication credentials for authenticating the user with the second back-end server;
    - generating, by the second mobile app, a second sign-in request comprising i) information identifying the second back-end server and ii) the second authentication credentials;
      
      transmitting, by the second mobile app, the second sign-in request to the application linking server;
      
      receiving, by the second mobile app, a second sign-in response comprising a second session identifier indicative of a second interaction session established with the second back-end server on behalf of the user; and
      
      storing, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the second session identifier.

9. A mobile device for leveraging an initial server interaction session on behalf of a first mobile app for a continued server interaction session on behalf of a second mobile app, the mobile device comprising at least one processor and at least one memory including program code, the at least one memory and the program code configured to, with the processor, cause the mobile device to at least:
- receive, by a first mobile app executing on the mobile device and on behalf of a user of the mobile device, a first indication to launch the first mobile app;
  
  receive, by the first mobile app on behalf of the user, first authentication credentials for authenticating the user with a back-end server associated with the first mobile app;
  
  generate, by the first mobile app, a sign-in request comprising i) information identifying the back-end server and ii) the first authentication credentials;
  
  transmit, by the first mobile app, the sign-in request to an application linking server;
  
  receive, by the first mobile app, a sign-in response comprising a session identifier indicative of an initial interaction session established with the back-end server on behalf of the user;
  
  store, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the session identifier;
  
  subsequent to storing the session identifier, receive a second indication to launch a second mobile app;
  
  determine, by the second mobile app executing on the mobile device based at least in part on the session identifier, that the initial interaction session with the back-end server exists and is active; and
  
  initiate, by the second mobile app on behalf of the user, a continued interaction session with the back-end server leveraging the initial interaction session without obtaining, by the second mobile app from the user, second authentication credentials for authenticating the user with the back-end server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The mobile device of claim 9, wherein the sign-in response further comprises application association information comprising information identifying a set of associated mobile apps, including the first mobile app and the second mobile app, the sign-in response originating from the application linking server.
  - 11. The mobile device of claim 10, wherein the memory and program code are further configured to, with the processor, cause the mobile device to generate, by the first mobile app, a presentation of the set of associated mobile apps for display via an interface.
  - 12. The mobile device of claim 11, wherein the memory and program code are further configured to, with the processor, cause the mobile device to determine that the second mobile app was not launched by one of the set of associated mobile apps.
  - 13. The mobile device of claim 9, wherein the session identifier is associated with a time to live (TTL) value indicative of a duration that the initial interaction session will remain active.
  - 14. The mobile device of claim 9, wherein i) the sign-in response further comprises an application linking server session identifier, and ii) the application linking server session identifier further comprises a time to live (TTL) value indicative of a duration that an application linking server session will remain active.
  - 15. The mobile device of claim 9, wherein the second mobile app is launched from a mobile device interface that is independent of a first mobile app interface.
  - 16. The mobile device of claim 9, wherein i) the back-end server is a first back-end server, ii) the second mobile app is associated with a second back-end server, iii) the sign-in request is a first sign-in request, iv) the sign-in response is a first sign-in response, v) the session identifier is a first session identifier, vi) the interaction session is a first interaction session, and vii) the memory and program code are further configured to, with the processor, cause the mobile device to:
    - receive, by the second mobile app on behalf of the user, third authentication credentials for authenticating the user with the second back-end server;
      
      generate, by the second mobile app, a second sign-in request comprising i) information identifying the second back-end server and ii) the second authentication credentials;
      
      transmit, by the second mobile app, the second sign-in request to the application linking server;
      
      receive, by the second mobile app, a second sign-in response comprising a second session identifier indicative of a second interaction session established with the second back-end server on behalf of the user; and
      
      store, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the second session identifier.

17. A computer program product for leveraging an initial server interaction session on behalf of a first mobile app for a continued server interaction session on behalf of a second mobile app, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- an executable portion configured to receive, by a first mobile app executing on a mobile device and on behalf of a user of the mobile device, a first indication to launch the first mobile app;
  
  an executable portion configured to receive, by the first mobile app on behalf of the user, first authentication credentials for authenticating the user with a back-end server associated with the first mobile app;
  
  an executable portion configured to generate, by the first mobile app, a sign-in request comprising i) information identifying the back-end server and ii) the first authentication credentials;
  
  an executable portion configured to transmit, by the first mobile app, the sign-in request to an application linking server;
  
  an executable portion configured to receive, by the first mobile app, a sign-in response comprising a session identifier indicative of an initial interaction session established with the back-end server on behalf of the user;
  
  an executable portion configured to store, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the session identifier;
  
  an executable portion configured to, subsequent to storing the session identifier, receive a second indication to launch a second mobile app;
  
  an executable portion configured to determine, by the second mobile app executing on the mobile device based at least in part on the session identifier, that the initial interaction session with the back-end server exists and is active; and
  
  an executable portion configured to initiate, by the second mobile app on behalf of the user, a continued interaction session with the back-end server leveraging the initial interaction session without obtaining, by the second mobile app from the user, second authentication credentials for authenticating the user with the back-end server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, wherein the sign-in response further comprises application association information comprising information identifying a set of associated mobile apps, including the first mobile app and the second mobile app, the sign-in response originating from the application linking server.
  - 19. The computer program product of claim 18, wherein the computer-readable program code portions further comprise an executable instruction configured to generate, by the first mobile app, a presentation of the set of associated mobile apps for display via an interface.
  - 20. The computer program product of claim 19, wherein the computer-readable program code portions further comprise an executable instruction configured to determine that the second mobile app was not launched by one of the set of associated mobile apps.
  - 21. The computer program product of claim 17, wherein the session identifier is associated with a time to live (TTL) value indicative of a duration that the initial interaction session will remain active.
  - 22. The computer program product of claim 17, wherein i) the sign-in response further comprises an application linking server session identifier, and ii) the application linking server session identifier further comprises a time to live (TTL) value indicative of a duration that an application linking server session will remain active.
  - 23. The computer program product of claim 17, wherein the second mobile app is launched from a mobile device interface that is independent of a first mobile app interface.
  - 24. The computer program product of claim 17, wherein i) the back-end server is a first back-end server, ii) the second mobile app is associated with a second back-end server, iii) the sign-in request is a first sign-in request, iv) the sign-in response is a first sign-in response, v) the session identifier is a first session identifier, vi) the interaction session is a first interaction session, and vii) wherein the computer-readable program code portions further comprise:
    - an executable instruction configured to receive, by the second mobile app on behalf of the user, third authentication credentials for authenticating the user with the second back-end server;
      
      an executable instruction configured to generate, by the second mobile app, a second sign-in request comprising i) information identifying the second back-end server and ii) the second authentication credentials;
      
      an executable instruction configured to transmit, by the second mobile app, the second sign-in request to the application linking server;
      
      an executable instruction configured to receive, by the second mobile app, a second sign-in response comprising a second session identifier indicative of a second interaction session established with the second back-end server on behalf of the user; and
      
      an executable instruction configured to store, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the second session identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fiserv Incorporated
Original Assignee
Fiserv Incorporated
Inventors
Scavo, David Francis, Whiteside, Barbara Wilson
Primary Examiner(s)
Meky, Moustafa M

Application Number

US15/698,704
Publication Number

US 20170374056A1
Time in Patent Office

445 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 9/40   Network security protocols

H04W 12/06   Authentication

Single sign-on processing for associated mobile applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

115 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on processing for associated mobile applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links