×

Two-token based authenticated session management

  • US 10,541,992 B2
  • Filed: 12/30/2016
  • Issued: 01/21/2020
  • Est. Priority Date: 12/30/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method of maintaining a web session for a user:

  • by a first user agent of a first electronic device that is being used by a user, the first user agent being a first software application;

    transmitting a first authentication request to a login endpoint of a service provider, wherein the first authentication request comprises a request to access a first web resource and includes a login credential for the user at the first web resource;

    receiving, from the login endpoint, a first access token and a grant token in response to the first authentication request, wherein the first access token has a life that is shorter than a life of the grant token such that the grant token is relatively long-lived and the first access token is relatively short-lived;

    receiving, from the login endpoint further in response to the first authentication request, addresses of a plurality of re-authentication endpoints, wherein each of the plurality of re-authentication endpoints serves a respective top-level domain (TLD) of the service provider, the plurality of re-authentication endpoints includes a first re-authentication endpoint serving a first TLD of the first web resource and a second re-authentication endpoint serving a second TLD of a second web resource, and wherein the login endpoint is different from the plurality of re-authentication endpoints;

    storing the first access token in a memory;

    using the first access token to access the first web resource and establish a web session;

    when the first access token expires or is about to expire, transmitting a re-authentication request to the first re-authentication endpoint serving the first TLD, the re-authentication request including the grant token;

    receiving a second access token in response to the re-authentication request from the first re-authentication endpoint, wherein the second access token has a life that is shorter than the life of the grant token;

    using the second access token to access the first web resource and maintain the web session;

    generating a second authentication request that comprises a request to access the second web resource on the second TLD, the second authentication request including the grant token;

    transmitting the second authentication request to the second re-authentication endpoint serving the second TLD;

    receiving, from the second re-authentication endpoint, a third access token in response to the second authentication request; and

    using the third access token to access the second web resource and maintain the web session.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×