USING A TRUSTED TOKEN AND PUSH FOR VALIDATING THE REQUEST FOR SINGLE SIGN ON

US 20110283347A1
Filed: 11/11/2010
Published: 11/17/2011
Est. Priority Date: 11/11/2009
Status: Active Grant

First Claim

Patent Images

1. A distributed computer-implemented method for providing access to an enterprise application from a telecommunications device, the method comprising:

in a client;

requesting an enterprise application token from an intermediate application gateway (IAG) using a dataset comprising a device identifier, a user identifier, or both a device identifier and a user identifier;

in an IAG;

preparing an enterprise application token in response to the request,pushing the prepared token to an e-mail address associated with the telecommunications device via a push technology network element;

in the client;

receiving a pushed token; and

employing the pushed token in communications addressed to an enterprise application via the device server and the IAG;

in the IAG;

replacing the employed token in each communication with identification information called for by the enterprise application; and

sending the communication with the identification information to the enterprise application.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing access to an enterprise application from a telecommunications device via a client, through a device server, and an intermediate application gateway (IAG), is disclosed. The server is communication with the client and the IAG. The IAG and client are in indirect communication via the server. The client is operative to request an enterprise application token from the IAG using a dataset comprising a device identifier and a user identifier, without concurrently prompting a user for the dataset. The IAG is operative to prepare a token in response to the request, and push the token to an e-mail address associated with the telecommunications device via the server'"'"'s push proxy gateway. The client is operative to employ the token in communications addressed to an enterprise application via the server and the IAG. The IAG is operative to replace the token in each communication with identification information called for by the enterprise application.

79 Citations

View as Search Results

18 Claims

1. A distributed computer-implemented method for providing access to an enterprise application from a telecommunications device, the method comprising:
- in a client;
  
  requesting an enterprise application token from an intermediate application gateway (IAG) using a dataset comprising a device identifier, a user identifier, or both a device identifier and a user identifier;
  
  in an IAG;
  
  preparing an enterprise application token in response to the request,pushing the prepared token to an e-mail address associated with the telecommunications device via a push technology network element;
  
  in the client;
  
  receiving a pushed token; and
  
  employing the pushed token in communications addressed to an enterprise application via the device server and the IAG;
  
  in the IAG;
  
  replacing the employed token in each communication with identification information called for by the enterprise application; and
  
  sending the communication with the identification information to the enterprise application.
- View Dependent Claims (2, 3, 4)
- - 2. The distributed computer-implemented method of claim 1, further comprising:
    - in the client;
      
      requesting an enterprise application token from an intermediate application gateway (IAG) using a dataset comprising a device identifier and a user identifier; and
      
      in the IAG;
      
      confirming an association between the device identifier and the user identifier included in the token request.
  - 3. The distributed computer-implemented method of claim 1, wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address.
  - 4. The distributed computer-implemented method of claim 1, wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address.

5. A system for providing access to an enterprise application from a telecommunications device, the system comprising:
- a telecommunications device comprising a client application;
  
  a device server comprising a push technology network element; and
  
  an intermediate application gateway (IAG);
  
  wherein;
  
  the device server is in communication with the client and the IAG;
  
  the IAG and client are in indirect communication via the device server;
  
  the client is operative to request an enterprise application token from the IAG using the dataset comprising at least one of;
  
  a device identifier and a user identifier;
  
  the IAG is operative to;
  
  prepare an enterprise application token in response to the request, andpush the prepared token, via the push technology network element, to at least one of;
  
  a user-centered address associated with the device, anda device-centered address of the device;
  
  the client is operative to;
  
  receive the pushed token;
  
  employ the pushed token in communications addressed to an enterprise application via the device server and the IAG; and
  
  the IAG is operative to;
  
  replace the token in each communication with identification information called for by the enterprise application; and
  
  send the communication with the identification information to the enterprise application.
- View Dependent Claims (6, 7, 8, 9, 10, 12, 13, 14)
- - 6. The system of claim 5 wherein:
    - the push destination comprises an e-mail address associated with the device.
  - 7. The system of claim 5 wherein:
    - the IAG is further operative to confirm an association between the device identifier and the user identifier included in the token request.
  - 8. The system of claim 5 wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 9. The system of claim 5 wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 10. The system of claim 5 wherein:
    - the push technology network element comprises one of;
      
      a short message service center and a push proxy gateway.
  - 12. The distributed computer program product of claim 10 wherein:
    - the client programming module is operative to requesting an enterprise application token from an IAG using a dataset comprising a device identifier and a user identifier; and
      
      the IAG programming module is further operative to confirm an association between the device identifier and the user identifier included in the token request.
  - 13. The distributed computer program product of claim 10 wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 14. The distributed computer program product of claim 10 wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address in a domain of the device server.

11. A distributed computer program product for providing access to an enterprise application from a telecommunications device, the computer program product comprising:
- nontransitory computer readable media distributed across a client, a device server comprising a push proxy gateway, and an intermediate application gateway (IAG);
  
  a client programming module;
  
  stored on the media, andoperative to;
  
  request an enterprise application token from the IAG using the dataset comprising at least one of;
  
  a device identifier and a user identifier;
  
  receive a pushed token; and
  
  employ the pushed token in communications addressed to an enterprise application via the device server and the IAG;
  
  an IAG programming module;
  
  stored on the media, andoperative to;
  
  prepare an enterprise application token in response to the request,push the prepared token to an e-mail address associated with the telecommunications device via the push proxy gateway;
  
  replace the token in each communication with identification information called for by the enterprise application; and
  
  send the communication with the identification information to the enterprise application; and
  
  a device server programming module;
  
  stored on the media, andoperative to communicate between a plurality of devices and an IAG.

15. identification informationidentification informationA system for providing access to an enterprise application from a telecommunications device, the system comprising:
- a telecommunications device comprising a client application;
  
  a device server comprising a push proxy gateway and an HTTP gateway; and
  
  an intermediate application gateway (IAG);
  
  wherein;
  
  the device server is communication with the client and the IAG;
  
  the IAG and client are in indirect communication via the device server;
  
  the client is operative to request an enterprise application token from the IAG using the dataset comprising at least one of;
  
  a device identifier and a user identifier;
  
  the IAG is operative to;
  
  prepare an enterprise application token in response to the request,push a first portion of the prepared token to a user-centered address associated with the telecommunications device via the push proxy gateway;
  
  push a second portion of the prepared token to a device-centered address associated with the telecommunications device via the push proxy gatewaythe client is operative to;
  
  receive the first portion and second portion;
  
  assemble the first portion and second portion into a tokenemploy the assembled token in communications addressed to an enterprise application via the device server and the IAG; and
  
  the IAG is operative to;
  
  replace the token in each communication with identification information called for by the enterprise application; and
  
  send the communication with the identification information to the enterprise application.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15 wherein:
    - the client programming module is operative to requesting an enterprise application token from an IAG using a dataset comprising a device identifier and a user identifier; and
      
      the IAG programming module is further operative to confirm an association between the device identifier and the user identifier included in the token request.
  - 17. The system of claim 15 wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 18. The system of claim 15 wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address in a domain of the device server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Guerrero, Fernando, Bhuta, Mahesh Babubhai, Russell, Graham, Godfrey, James Andrew

Granted Patent

US 8,544,076 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/168   above the transport layer

H04L 63/18   using different networks or...

H04L 67/561   Adding application-function...

USING A TRUSTED TOKEN AND PUSH FOR VALIDATING THE REQUEST FOR SINGLE SIGN ON

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

USING A TRUSTED TOKEN AND PUSH FOR VALIDATING THE REQUEST FOR SINGLE SIGN ON

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others