System and method for mobile single sign-on integration
First Claim
1. A service provider computer system for providing web services to mobile devices using single sign-on (SSO) credentials managed by a client-side computer system, the system comprising:
- non-transitory computer memory storing executable computer instructions;
a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following;
selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from a mobile device, an authentication token, and an attribute of the mobile device;
validating the authentication token in accordance with the selected authentication protocol;
generating an authorization access token;
processing a service request received from the mobile device, the service request containing the authorization access token; and
servicing the service request in response to the authorization access token.
1 Assignment
0 Petitions
Accused Products
Abstract
Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.
-
Citations
37 Claims
-
1. A service provider computer system for providing web services to mobile devices using single sign-on (SSO) credentials managed by a client-side computer system, the system comprising:
-
non-transitory computer memory storing executable computer instructions; a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following; selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from a mobile device, an authentication token, and an attribute of the mobile device; validating the authentication token in accordance with the selected authentication protocol; generating an authorization access token; processing a service request received from the mobile device, the service request containing the authorization access token; and servicing the service request in response to the authorization access token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 24, 25, 26, 27, 28)
-
-
16. A client-side web-identification authentication computer system for providing web services to mobile devices using single sign-on (SSO) credentials, the system comprising:
-
non-transitory computer memory; a processor, the processor executing at least a portion of stored executable computer instructions to perform at least the following; receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user; authenticating the identity of the user; generating an authentication token based on the step of authenticating; communicating the authentication token; wherein the authentication token causes the service provider system to perform at least the following; select an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device; validate the authentication token in accordance with the selected authentication protocol; generate an authorization access token; process a service request received from the mobile device, the service request containing the authorization access token; and service the service request in response to the authorization access token. - View Dependent Claims (17, 18, 19, 20, 21, 22, 29, 30, 31, 32, 33)
-
-
23. A mobile device for providing web services using single sign-on (SSO) credentials, the mobile device comprising:
-
a non-transitory computer memory; a processor, the processor executing at least a portion of stored executable computer instructions to perform at least the following; receiving, at the mobile device, a request to access at least one service at a service provider computer system; communicating the request to the service provider computer system; verifying the identity of a user associated with the mobile device; receiving, in response to the step of verifying, an authentication token from a client-side web-identification authentication computer system; automatically communicating the authentication token to the service provider computer system; and wherein the authentication token causes the service provider computer system to perform at least the following; select an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, and the authentication token, and an attribute of the mobile device; validate the authentication token in accordance with the selected authentication protocol; generate an authorization access token; process a service request received from the mobile device, the service request containing the authorization access token; and service the service request in response to the authorization access token. - View Dependent Claims (34, 35, 36)
-
-
37. A service provider computer system for providing web services to mobile devices using single sign-on (SSO) credentials managed by a client-side computer system, the system comprising:
-
non-transitory computer memory storing executable computer instructions; a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following; receiving, at the service provider system, a request to access web services using a mobile device; redirecting the mobile device to a web-identification authentication service at the client-side computer system to authenticate the identity of the user, wherein the step of redirecting causes the client-side computer system to generate an authentication token and communicate to the mobile device a message containing the authentication token and a redirect function call that, when processed by a processor at the mobile device, causes the mobile device to automatically communicate the authentication token the service provider system; selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of the authentication token, a client identifier, and an attribute of the mobile device; validating the authentication token in accordance with the selected authentication protocol; generating an authorization access token; processing a service request received from the mobile device, the service request containing the authorization access token; and servicing the service request in response to the authorization access token.
-
Specification