Systems and methods for facilitating single sign-on for multiple devices

US 10,326,733 B2
Filed: 02/11/2016
Issued: 06/18/2019
Est. Priority Date: 12/30/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for facilitating single sign-on for multiple devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

establishing a login session for a user account, wherein establishing the login session comprises;

determining that a device associated with the user account is connected to a client via a proximity channel; and

authenticating a user of the client on the associated device;

in response to establishing the login session, providing, to the associated device, a session token for the user account;

receiving, from the client, a request to access resources associated with the user account, wherein the client has not received the session token for the user account;

determining that the associated device possesses the session token for the user account; and

in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account, wherein providing access to the resources associated with the user account comprises authenticating the client to at least one service by using an agent on the associated device as a proxy for the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for facilitating single sign-on for multiple devices may include (1) establishing a login session for a user account, (2) in response to establishing the login session, providing, to a device associated with the user account, a session token for the user account, (3) receiving, from at least one client, a request to access resources associated with the user account, (4) determining that the associated device possesses the session token for the user account, and (5) in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account. Various other methods, systems, and computer-readable media are also disclosed.

140 Citations

20 Claims

1. A computer-implemented method for facilitating single sign-on for multiple devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- establishing a login session for a user account, wherein establishing the login session comprises;
  
  determining that a device associated with the user account is connected to a client via a proximity channel; and
  
  authenticating a user of the client on the associated device;
  
  in response to establishing the login session, providing, to the associated device, a session token for the user account;
  
  receiving, from the client, a request to access resources associated with the user account, wherein the client has not received the session token for the user account;
  
  determining that the associated device possesses the session token for the user account; and
  
  in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account, wherein providing access to the resources associated with the user account comprises authenticating the client to at least one service by using an agent on the associated device as a proxy for the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein establishing the login session for the user account occurs in response to receiving a request to access the resources associated with the user account.
  - 3. The computer-implemented method of claim 1, further comprising applying an authentication policy before providing access to the resources associated with the user account, wherein the authentication policy comprises at least one of:
    - displaying, on the associated device, a notification that the request to access the resources associated with the user account has been received;
      
      displaying, on the associated device, information identifying the client requesting access to the resources associated with the user account;
      
      obtaining, via the associated device, permission to access the resources associated with the user account;
      
      orauthenticating the user account using authentication factors obtained via the associated device.
  - 4. The computer-implemented method of claim 1, further comprising:
    - receiving, from the client, a request to terminate the login session for the user account; and
      
      in response to receiving the request to terminate the login session, terminating the login session by removing the session token for the user account from the associated device.
  - 5. The computer-implemented method of claim 1, wherein:
    - receiving, from the client, the request to access resources associated with the user account comprises;
      
      receiving the request at the associated device; and
      
      issuing, by the agent, a corresponding request to a web server; and
      
      authenticating the client to the at least one service comprises;
      
      responding, using the agent, to challenges from the web server.
  - 6. The computer-implemented method of claim 1, wherein the proximity channel is at least one of:
    - a Bluetooth connection;
      
      a near field communication connection;
      
      a local network;
      
      ora personal area network.
  - 7. The computer-implemented method of claim 1, further comprising:
    - determining that the associated device is no longer connected to the client; and
      
      in response to determining that the associated device is no longer connected to the client, terminating the login session by removing the session token for the user account from the associated device.

8. A system for facilitating single sign-on for multiple devices, the system comprising:
- a sign-on module, stored in memory, that establishes a login session for a user account wherein establishing the login session comprises;
  
  determining that a device associated with the user account is connected to a client via a proximity channel; and
  
  authenticating a user of the client on the associated device;
  
  a session module, stored in memory, that, in response to establishing the login session, provides, to the associated device, a session token for the user account;
  
  a communication module, stored in memory, that receives, from the client, a request to access resources associated with the user account, wherein the client has not received the session token for the user account;
  
  a verification module, stored in memory, thatdetermines that the associated device possesses the session token for the user account;
  
  an access module, stored in memory, that, in response to determining that the associated device possesses the session token, provides, to the client, access to the resources associated with the user account, wherein providing access to the resources associated with the user account comprises authenticating the client to at least one service by using an agent on the associated device as a proxy for the client; and
  
  at least one physical processor configured to execute the sign-on module, the session module, the communication module, the verification module, and the access module.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the sign-on module establishes the login session for the user account in response to receiving a request to access the resources associated with the user account.
  - 10. The system of claim 8, wherein the verification module applies an authentication policy before providing access to the resources associated with the user account, by at least one of:
    - displaying, on the associated device, a notification that the request to access the resources associated with the user account has been received;
      
      displaying, on the associated device, information identifying the client requesting access to the resources associated with the user account;
      
      obtaining, via the associated device, permission to access the resources associated with the user account;
      
      orauthenticating the user account using authentication factors obtained via the associated device.
  - 11. The system of claim 8, wherein:
    - the communication module receives, from the client, a request to terminate the login session for the user account; and
      
      in response to receiving the request to terminate the login session, the session module terminates the login session by removing the session token for the user account from the associated device.
  - 12. The system of claim 8, wherein:
    - the communication module receives, from the client, the request to access resources associated with the user account by;
      
      receiving the request at the associated device; and
      
      issuing, by the agent, a corresponding request to a web server; and
      
      the access module authenticates the client to the at least one service by;
      
      responding, using the agent, to challenges from the web server.
  - 13. The system of claim 8, wherein the proximity channel is at least one of:
    - a Bluetooth connection;
      
      a near field communication connection;
      
      a local network;
      
      ora personal area network.
  - 14. The system of claim 8, wherein:
    - the sign-on module determines that the associated device is no longer connected to the client; and
      
      the session module, in response to determining that the associated device is no longer connected to the client, terminates the login session by removing the session token for the user account from the associated device.

15. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- establish a login session for a user account, wherein establishing the login session comprises;
  
  determining that a device associated with the user account is connected to a client via a proximity channel; and
  
  authenticating a user of the client on the associated device;
  
  in response to establishing the login session, provide, to the associated device, a session token for the user account;
  
  receive, from the client, a request to access resources associated with the user account, wherein the client has not received the session token for the user account;
  
  determine that the associated device possesses the session token for the user account; and
  
  in response to determining that the associated device possesses the session token, provide, to the client, access to the resources associated with the user account, wherein providing access to the resources associated with the user account comprises authenticating the client to at least one service by using an agent on the associated device as a proxy for the client.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the one or more computer-readable instructions cause the computing device to establish the login session for the user account in response to receiving a request to access the resources associated with the user account.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the one or more computer-readable instructions cause the computing device to apply an authentication policy before providing access to the resources associated with the user account, by at least one of:
    - displaying, on the associated device, a notification that the request to access the resources associated with the user account has been received;
      
      displaying, on the associated device, information identifying the client requesting access to the resources associated with the user account;
      
      obtaining, via the associated device, permission to access the resources associated with the user account;
      
      orauthenticating the user account using authentication factors obtained via the associated device.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the one or more computer-readable instructions cause the computing device to:
    - receive, from the client, a request to terminate the login session for the user account; and
      
      in response to receiving the request to terminate the login session, terminate the login session by removing the session token for the user account from the associated device.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the one or more computer-readable instructions cause the computing device to:
    - receiving, from the client, the request to access resources associated with the user account comprises;
      
      receiving the request at the associated device; and
      
      issuing, by the agent, a corresponding request to a web server; and
      
      authenticating the client to the at least one service comprises;
      
      responding, using the agent, to challenges from the web server.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the proximity channel is at least one of:
    - a Bluetooth connection;
      
      a near field communication connection;
      
      a local network;
      
      ora personal area network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bokare, Prasad, Krall, Gary, Popp, Nicolas, Agarwal, Kunal, Goyal, Tushar, Venkataramani, Srinath
Primary Examiner(s)
Nguyen, Phuoc H

Application Number

US15/041,040
Publication Number

US 20170195429A1
Time in Patent Office

1,223 Days
Field of Search

709227
US Class Current
CPC Class Codes

H04L 63/00   Network architectures or ne...

H04L 63/0815   providing single-sign-on or...

H04L 67/12   specially adapted for propr...

Systems and methods for facilitating single sign-on for multiple devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for facilitating single sign-on for multiple devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links