Providing a single session experience across multiple applications

US 10,298,561 B2
Filed: 08/10/2015
Issued: 05/21/2019
Est. Priority Date: 06/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at an application programming interface (API) proxy, a user'"'"'s login credentials from a client device, the API proxy being an application configured to initiate sessions on behalf of the user with each application in a predetermined set of applications that are hosted on one or more remote servers;

authenticating the user at the API proxy based on the received login credentials and initiating a user session between the client device and the API proxy;

conveying the user'"'"'s login credentials for a first application in the predetermined set of applications from the API proxy to an API of the first application to authenticate the user and initiate a first session between the API proxy and the first application on behalf of the client device;

enabling interaction with the first application on the client device via the API proxy by;

receiving at the API proxy a request from the client device, the request being targeted to the API of the first application;

conveying the request from the API proxy to the API of the first application and receiving a response to the request at the API proxy;

forwarding the response to the client device;

wherein the API proxy is configured to send dummy calls to prevent idle expiration of applications that provide a state-full session experience, and to not send dummy calls to applications that do not provide a state-full session experience, wherein an application provides a state-full session experience if it associates additional user data with a session, which user data is lost if the session is logged out;

wherein initiating the session between the client device and the API proxy further comprises, in exchange for the login credentials received at the API proxy, receiving an API proxy session key at the client device from the API proxy, wherein the API proxy session key is an alphanumeric sequence, and wherein the API proxy session key is included in calls from the client device to the API proxy to authenticate the calls; and

wherein initiating the first session between the API proxy and the first application further comprises, in exchange for the login credentials received at the API of the first application, receiving at the API proxy a corresponding application session key from the first application, wherein the corresponding application session key is an alphanumeric sequence, and wherein the corresponding application session key is included in calls from the API proxy to the API of the first application to authenticate the calls.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is described allowing a user to log into an API proxy by supplying login credentials and to have the API proxy log into the APIs of various web-based applications on behalf of the user by using the user'"'"'s login credentials, without the user needing to separately log into each application. Calls made by the user to an application and application replies are routed through the API proxy. Further, the API proxy manages session expirations, e.g., by sending dummy calls to applications that exhibit idle expiration.

Citations

17 Claims

1. A method, comprising:
- receiving, at an application programming interface (API) proxy, a user'"'"'s login credentials from a client device, the API proxy being an application configured to initiate sessions on behalf of the user with each application in a predetermined set of applications that are hosted on one or more remote servers;
  
  authenticating the user at the API proxy based on the received login credentials and initiating a user session between the client device and the API proxy;
  
  conveying the user'"'"'s login credentials for a first application in the predetermined set of applications from the API proxy to an API of the first application to authenticate the user and initiate a first session between the API proxy and the first application on behalf of the client device;
  
  enabling interaction with the first application on the client device via the API proxy by;
  
  receiving at the API proxy a request from the client device, the request being targeted to the API of the first application;
  
  conveying the request from the API proxy to the API of the first application and receiving a response to the request at the API proxy;
  
  forwarding the response to the client device;
  
  wherein the API proxy is configured to send dummy calls to prevent idle expiration of applications that provide a state-full session experience, and to not send dummy calls to applications that do not provide a state-full session experience, wherein an application provides a state-full session experience if it associates additional user data with a session, which user data is lost if the session is logged out;
  
  wherein initiating the session between the client device and the API proxy further comprises, in exchange for the login credentials received at the API proxy, receiving an API proxy session key at the client device from the API proxy, wherein the API proxy session key is an alphanumeric sequence, and wherein the API proxy session key is included in calls from the client device to the API proxy to authenticate the calls; and
  
  wherein initiating the first session between the API proxy and the first application further comprises, in exchange for the login credentials received at the API of the first application, receiving at the API proxy a corresponding application session key from the first application, wherein the corresponding application session key is an alphanumeric sequence, and wherein the corresponding application session key is included in calls from the API proxy to the API of the first application to authenticate the calls.
- View Dependent Claims (2, 3, 4, 5, 15)
- - 2. The method of claim 1, wherein the first application employs a first session expiration policy, further comprising:
    - establishing a second session between the API proxy and a second application in the predetermined set of applications, wherein the second application employs a second session expiration policy that is different from the first session expiration policy; and
      
      maintaining the first session according to the first expiration policy and the second session according to the second expiration policy by the API proxy on behalf of the client device.
  - 3. The method of claim 1, further comprising, prior to conveying the login credentials from the API proxy to the API of the first application, transforming the login credentials to allow the API proxy to authenticate the session on behalf of the client device.
  - 4. The method of claim 1, wherein the login credentials received from the client device is a Security Assertion Markup Language (SAML) Holder of Key token.
  - 5. The method of claim 1, further comprising:
    - in response to the request conveyed from the API proxy to the API of the first application, receiving an error due to the session with the first application being terminated; and
      
      re-establishing the session by conveying the login credentials to the API of the first application.
  - 15. The method of claim 1, wherein the additional user data associated with a session comprises at least one of:
    - partially created objects, or contents of a shopping cart in an online store application.

6. A computing device, comprising:
- at least one processor; and
  
  memory including instructions that, when executed by the at least one processor, cause the computing device to;
  
  receive, at an application programming interface (API) proxy, a user'"'"'s login credentials from a client device, the API proxy being an application configured to initiate sessions on behalf of the user with each application in a predetermined set of applications that are hosted on one or more remote servers;
  
  authenticate the user at the API proxy based on the received login credentials and initiate a user session between the client device and the API proxy;
  
  convey the user'"'"'s login credentials for a first application in the predetermined set of applications from the API proxy to an API of the first application to authenticate the user and initiate a first session between the API proxy and the first application on behalf of the client device;
  
  enable interaction with the first application on the client device via the API proxy by;
  
  receiving at the API proxy a request from the client device, the request being targeted to the API of the first application;
  
  conveying the request from the API proxy to the API of the first application and receiving a response to the request at the API proxy;
  
  forwarding the response to the client device;
  
  wherein the API proxy is configured to send dummy calls to prevent idle expiration of applications that provide a state-full session experience, and to not send dummy calls to applications that do not provide a state-full session experience, wherein an application provides a state-full session experience if it associates additional user data with a session, which user data is lost if the session is logged out;
  
  wherein initiating the session between the client device and the API proxy further comprises, in exchange for the login credentials received at the API proxy, receiving an API proxy session key at the client device from the API proxy, wherein the API proxy session key is an alphanumeric sequence, and wherein the API proxy session key is included in calls from the client device to the API proxy to authenticate the calls; and
  
  wherein initiating the first session between the API proxy and the first application further comprises, in exchange for the login credentials received at the API of the first application, receiving at the API proxy a corresponding application session key from the first application, wherein the corresponding application session key is an alphanumeric sequence, and wherein the corresponding application session key is included in calls from the API proxy to the API of the first application to authenticate the calls.
- View Dependent Claims (7, 8, 9, 10, 16)
- - 7. The computing device of claim 6, wherein the first application employs a first session expiration policy, and wherein the memory further includes instructions that when executed by the at least one processor, cause the computing device to:
    - establish a second session between the API proxy and a second application in the predetermined set of applications, wherein the second application employs a second session expiration policy that is different from the first session expiration policy; and
      
      maintain the first session according to the first expiration policy and the second session according to the second expiration policy by the API proxy on behalf of the client device.
  - 8. The computing device of claim 6, wherein the memory further includes instructions that when executed by the at least one processor, cause the computing device to:
    - prior to conveying the login credentials from the API proxy to the API of the first application, transform the login credentials to allow the API proxy to authenticate the session on behalf of the original client device.
  - 9. The computing device of claim 6, wherein the login credentials received from the client device is a Security Assertion Markup Language (SAML) Holder of Key token.
  - 10. The computing device of claim 6, wherein the memory further includes instructions that when executed by the at least one processor, cause the computing device to:
    - in response to the request conveyed from the API proxy to the API of the first application, receive an error due to the session with the first application being terminated; and
      
      re-establish the session by conveying the login credentials to the API of the first application.
  - 16. The computing device of claim 6, wherein the additional user data associated with a session comprises at least one of:
    - partially created objects, or contents of a shopping cart in an online store application.

11. A non-transitory computer readable storage medium comprising one or more sequences of instructions, the instructions when executed by one or more processors causing the one or more processors to execute the operations of:
- receiving, at an application programming interface (API) proxy, a user'"'"'s login credentials from a client device, the API proxy being an application configured to initiate sessions on behalf of the user with each application in a predetermined set of applications that are hosted on one or more remote servers;
  
  authenticating the user at the API proxy based on the received login credentials and initiating a user session between the client device and the API proxy;
  
  conveying the user'"'"'s login credentials for a first application in the predetermined set of applications from the API proxy to an API of the first application to authenticate the user and initiate a first session between the API proxy and the first application on behalf of the client device;
  
  enabling interaction with the first application on the client device via the API proxy by;
  
  receiving at the API proxy a request from the client device, the request being targeted to the API of the first application;
  
  conveying the request from the API proxy to the API of the first application and receiving a response to the request at the API proxy;
  
  forwarding the response to the client device;
  
  wherein the API proxy is configured to send dummy calls to prevent idle expiration of applications that provide a state-full session experience, and to not send dummy calls to applications that do not provide a state-full session experience, wherein an application provides a state-full session experience if it associates only to applications that associate additional user data with a session, which user data is lost if the session is logged out;
  
  wherein initiating the session between the client device and the API proxy further comprises, in exchange for the login credentials received at the API proxy, receiving an API proxy session key at the client device from the API proxy, wherein the API proxy session key is an alphanumeric sequence, and wherein the API proxy session key is included in calls from the client device to the API proxy to authenticate the calls; and
  
  wherein initiating the first session between the API proxy and the first application further comprises, in exchange for the login credentials received at the API of the first application, receiving at the API proxy a corresponding application session key from the first application, wherein the corresponding application session key is an alphanumeric sequence, and wherein the corresponding application session key is included in calls from the API proxy to the API of the first application to authenticate the calls.
- View Dependent Claims (12, 13, 14, 17)
- - 12. The non-transitory computer readable storage medium of claim 11, wherein the first application employs a first session expiration policy, further comprising instructions to cause the one or more processors to execute the operations of:
    - establishing a second session between the API proxy and a second application in the predetermined set of applications, wherein the second application employs a second session expiration policy that is different from the first session expiration policy; and
      
      maintaining the first session according to the first expiration policy and the second session according to the second expiration policy by the API proxy on behalf of the client device.
  - 13. The non-transitory computer readable storage medium of claim 11, further comprising instructions to cause the one or more processors to execute the operations of:
    - prior to conveying the login credentials from the API proxy to the API of the first application, transforming the login credentials to allow the API proxy to authenticate the session on behalf of the client device.
  - 14. The non-transitory computer readable storage medium of claim 11, wherein the login credentials received from the client device is a Security Assertion Markup Language (SAML) Holder of Key token.
  - 17. The non-transitory computer readable storage medium of claim 11, wherein the additional user data associated with a session comprises at least one of:
    - partially created objects, or contents of a shopping cart in an online store application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Karaatanassov, Kiril, Harbaliev, Grigor, Valeva, Mariana, Nikolov, Radoslav
Primary Examiner(s)
Zarrineh, Shahriar

Application Number

US14/822,306
Publication Number

US 20170006021A1
Time in Patent Office

1,380 Days
Field of Search

726 8
US Class Current
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/0815 providing single-sign-on or...

Providing a single session experience across multiple applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Providing a single session experience across multiple applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links