Inter-application delegated authentication
First Claim
Patent Images
1. A method comprising:
- launching a first application at a client device;
transmitting, by the first application using a first instance of an authentication engine, a primary authentication request of the first application to an authentication server, the primary authentication request including an application identifier of the first application and a device identifier of the client device;
receiving, from the server, an instruction to use a particular second application on the client device to continue authentication, the instruction including a first cryptographic nonce;
in response to the instruction, transmitting an inter-application authentication request to the second application using the first instance of the authentication engine;
transmitting, by the second application using a second instance of the authentication engine, a verification request to the authentication server;
receiving, from the server, an instruction to authorize the first application, the instruction including a second cryptographic nonce;
transmitting, by the first application, a secondary authentication request using the second cryptographic nonce; and
receiving, from the server, an access token and keys for the first application.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.
24 Citations
27 Claims
-
1. A method comprising:
-
launching a first application at a client device; transmitting, by the first application using a first instance of an authentication engine, a primary authentication request of the first application to an authentication server, the primary authentication request including an application identifier of the first application and a device identifier of the client device; receiving, from the server, an instruction to use a particular second application on the client device to continue authentication, the instruction including a first cryptographic nonce; in response to the instruction, transmitting an inter-application authentication request to the second application using the first instance of the authentication engine; transmitting, by the second application using a second instance of the authentication engine, a verification request to the authentication server; receiving, from the server, an instruction to authorize the first application, the instruction including a second cryptographic nonce; transmitting, by the first application, a secondary authentication request using the second cryptographic nonce; and receiving, from the server, an access token and keys for the first application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising one or more computers having one or more processors and one or more computer readable storage media, the one or more computer readable storage media storing instructions that when executed by the one or more processors cause the one or more computers to perform operations comprising:
-
launching a first application at a client device; transmitting, by the first application using a first instance of an authentication engine, a primary authentication request of the first application to an authentication server, the primary authentication request including an application identifier of the first application and a device identifier of the client device; receiving, from the server, an instruction to use a particular second application on the client device to continue authentication, the instruction including a first cryptographic nonce; in response to the instruction, transmitting an inter-application authentication request to the second application using the first instance of the authentication engine; transmitting, by the second application using a second instance of the authentication engine, a verification request to the authentication server; receiving, from the server, an instruction to authorize the first application, the instruction including a second cryptographic nonce; transmitting, by the first application, a secondary authentication request using the second cryptographic nonce; and receiving, from the server, an access token and keys for the first application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more non-transitory computer readable storage media, the one or more computer readable storage media storing instructions that when executed by one or more processors cause the one or more processors to perform operations comprising:
-
launching a first application at a client device; transmitting, by the first application using a first instance of an authentication engine, a primary authentication request of the first application to an authentication server, the primary authentication request including an application identifier of the first application and a device identifier of the client device; receiving, from the server, an instruction to use a particular second application on the client device to continue authentication, the instruction including a first cryptographic nonce; in response to the instruction, transmitting an inter-application authentication request to the second application using the first instance of the authentication engine; transmitting, by the second application using a second instance of the authentication engine, a verification request to the authentication server; receiving, from the server, an instruction to authorize the first application, the instruction including a second cryptographic nonce; transmitting, by the first application, a secondary authentication request using the second cryptographic nonce; and receiving, from the server, an access token and for the first application. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification