System and method for mobile single sign-on integration
First Claim
1. A client-side computer system for managing single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the client-side computer system comprising:
- non-transitory computer memory storing executable computer instructions;
a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following;
receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user;
generating an authentication token upon authenticating the identity of the user;
communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following;
selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device,validating the authentication token in accordance with the selected authentication protocol, andgenerating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request.
1 Assignment
0 Petitions
Accused Products
Abstract
Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.
2 Citations
23 Claims
-
1. A client-side computer system for managing single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the client-side computer system comprising:
-
non-transitory computer memory storing executable computer instructions; a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following; receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user; generating an authentication token upon authenticating the identity of the user; communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following; selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device, validating the authentication token in accordance with the selected authentication protocol, and generating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for a client-side computer system to manage single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the method comprising:
-
receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user; generating an authentication token upon authenticating the identity of the user; communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following; selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device, validating the authentication token in accordance with the selected authentication protocol, and generating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable medium having computer readable code for causing a client-side computer system to manage single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the computer readable code causing the client-side computer system to perform:
-
receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user; generating an authentication token upon authenticating the identity of the user; communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following; selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device, validating the authentication token in accordance with the selected authentication protocol, and generating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request.
-
Specification