System and method for mobile single sign-on integration

US 10,728,235 B2
Filed: 01/24/2019
Issued: 07/28/2020
Est. Priority Date: 04/12/2013
Status: Active Grant

First Claim

Patent Images

1. A client-side computer system for managing single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the client-side computer system comprising:

non-transitory computer memory storing executable computer instructions;

a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following;

receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user;

generating an authentication token upon authenticating the identity of the user;

communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following;

selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device,validating the authentication token in accordance with the selected authentication protocol, andgenerating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.

2 Citations

23 Claims

1. A client-side computer system for managing single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the client-side computer system comprising:
- non-transitory computer memory storing executable computer instructions;
  
  a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following;
  
  receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user;
  
  generating an authentication token upon authenticating the identity of the user;
  
  communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following;
  
  selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device,validating the authentication token in accordance with the selected authentication protocol, andgenerating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The client-side computer system of claim 1, wherein the authentication token is generated based on an SSO protocol supported by the client-side computer system.
  - 3. The client-side computer system of claim 1, wherein the mobile device is redirected to a web-identification authentication service at the client-side computer system to authenticate the identity of the user after the mobile device submits, to the service provider system, a request to access web services.
  - 4. The client-side computer system of claim 3, wherein the mobile device is redirected in response to receiving the identification of a specified client associated with the user.
  - 5. The client-side computer system of claim 4, wherein the web-identification authentication service or the client-side computer system is selected based on the specified client.
  - 6. The client-side computer system of claim 3, wherein the request is received from an application executing on the mobile device.
  - 7. The client-side computer system of claim 6, wherein the application is not a web browser application.
  - 8. The client-side computer system of claim 1, further configured to communicate to the mobile device a message containing the authentication token and a redirect function call that, when processed by a processor at the mobile device, causes the mobile device to automatically communicate the authentication token to the service provider system.
  - 9. The client-side computer system of claim 1, wherein the authorization access code, when processed by a processor at the mobile device, causes the mobile device to communicate the authorization access code to the service provider system to request the authorization access token.
  - 10. The client-side computer system of claim 1, wherein the authorization access token is generated in accordance with a mobile SSO protocol.
  - 11. The client-side computer system of claim 1, wherein the plurality of supported authentication protocols includes at least one of the following:
    - SAML 1.1;
      
      SAML 2.0; and
      
      a custom authentication protocol supported by the client-side computer system.

12. A method for a client-side computer system to manage single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the method comprising:
- receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user;
  
  generating an authentication token upon authenticating the identity of the user;
  
  communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following;
  
  selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device,validating the authentication token in accordance with the selected authentication protocol, andgenerating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the authentication token is generated based on an SSO protocol supported by the client system.
  - 14. The method of claim 12, wherein the mobile device is redirected to a web-identification authentication service at the client-side computer system to authenticate the identity of the user after the mobile device submits, to the service provider system, a request to access web services.
  - 15. The method of claim 14, wherein the mobile device is redirected in response to receiving the identification of a specified client associated with the user.
  - 16. The method of claim 15, wherein the web-identification authentication service or the client-side computer system is selected based on the specified client.
  - 17. The method of claim 14, wherein the request is received from an application executing on the mobile device.
  - 18. The method of claim 17, wherein the application is not a web browser application.
  - 19. The method of claim 12, further comprising:
    - communicating to the mobile device a message containing the authentication token and a redirect function call that, when processed by a processor at the mobile device, causes the mobile device to automatically communicate the authentication token to the service provider system.
  - 20. The method of claim 12, wherein the authorization access code, when processed by a processor at the mobile device, causes the mobile device to communicate the authorization access code to the service provider system to request the authorization access token.
  - 21. The method of claim 12, wherein the authorization access token is generated in accordance with a mobile SSO protocol.
  - 22. The method of claim 12, wherein the plurality of supported authentication protocols includes at least one of the following:
    - SAML 1.1;
      
      SAML 2.0; and
      
      a custom authentication protocol supported by the client-side computer system.

23. A non-transitory computer readable medium having computer readable code for causing a client-side computer system to manage single sign-on (SSO) credentials between mobile devices and a service provider computer system providing web services to the mobile devices, the computer readable code causing the client-side computer system to perform:
- receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user;
  
  generating an authentication token upon authenticating the identity of the user;
  
  communicating the authentication token to the service provider system directly or through the mobile device, wherein the authentication token causes the service provider system to perform at least the following;
  
  selecting an authentication protocol from a plurality of supported authentication protocols based on at least one of a client identifier communicated from the mobile device, the authentication token, and an attribute of the mobile device,validating the authentication token in accordance with the selected authentication protocol, andgenerating an authorization access code or an authorization access token upon validating the authentication token, wherein a service request received from the mobile device and containing the authorization access code or the authorization access token will cause the service provider system to service the service request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Globoforce Limited (Globoforce Group Plc)
Original Assignee
Globoforce Limited (Globoforce Group Plc)
Inventors
Hyland, Jonathan, Fitzpatrick, Eddie
Primary Examiner(s)
Getachew, Abiy

Application Number

US16/256,054
Publication Number

US 20190190905A1
Time in Patent Office

551 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

System and method for mobile single sign-on integration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

2 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for mobile single sign-on integration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links