Mobile device user authentication for accessing protected network resources
First Claim
1. A method, comprising:
- receiving, by a processor of a client device, an authentication token, wherein the authentication token is provided by one of;
a short-lived certificate or a one-time password;
transmitting, by the processor, an authentication request comprising a value generated by applying a pre-defined function to the authentication token, wherein no long-term authentication keys are stored by the client device;
receiving, in response to the authentication request, a single sign-on token authorizing access to a plurality of computing resources of an enterprise network;
transmitting, by the processor, a resource access token request using the single sign-on token;
receiving, in response to the resource access token request, a resource access token; and
transmitting, using the resource access token, a request to access a computing resource of the plurality of computing resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for user authentication for accessing protected applications by computing devices includes receiving, by a processor of a mobile computing device, a first authentication token. The method further includes transmitting an authentication request using the first authentication token. The method further includes receiving, in response to the authentication request, a second authentication token. The method further includes transmitting a resource access token request using the second authentication token. The method further includes receiving, in response to the resource access token request, a resource access token. The method further includes transmitting a computing resource access request using the resource access token.
23 Citations
17 Claims
-
1. A method, comprising:
-
receiving, by a processor of a client device, an authentication token, wherein the authentication token is provided by one of;
a short-lived certificate or a one-time password;transmitting, by the processor, an authentication request comprising a value generated by applying a pre-defined function to the authentication token, wherein no long-term authentication keys are stored by the client device; receiving, in response to the authentication request, a single sign-on token authorizing access to a plurality of computing resources of an enterprise network; transmitting, by the processor, a resource access token request using the single sign-on token; receiving, in response to the resource access token request, a resource access token; and transmitting, using the resource access token, a request to access a computing resource of the plurality of computing resources. - View Dependent Claims (2, 3, 4, 5, 6, 16, 17)
-
-
7. A system, comprising:
-
a memory; and a processor, operatively coupled to the memory, to; receive an authentication token, wherein the authentication token is provided by one of;
a short-lived certificate or a one-time password;transmit an authentication request comprising a value generated by applying a pre-defined function to the authentication token, wherein no long-term authentication keys are stored by the system; receive, in response to the authentication request, a single sign-on token authorizing access to a plurality of computing resources of an enterprise network; transmit a resource access token request using the single sign-on token; receive, in response to the resource access token request, a resource access token; and transmit, using the resource access token, a request to access a computing resource of the plurality of computing resources. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable non-transitory storage medium comprising executable instructions that, when executed by a processor of a computing device, cause the processor to:
-
receive an authentication token, wherein the authentication token is provided by one of;
a short-lived certificate or a one-time password;transmit an authentication request comprising a value generated by applying a pre-defined function to the authentication token, wherein no long-term authentication keys are stored by the computing device; receive, in response to the authentication request, a single sign-on token authorizing access to a plurality of computing resources of an enterprise network; transmit, by the processor, a resource access token request using the single sign-on token; receive, in response to the resource access token request, a resource access token; and transmit, using the resource access token, a request to access a computing resource of the plurality of computing resources. - View Dependent Claims (14, 15)
-
Specification