Method and apparatus to auto-login to a browser application launched from an authenticated client application

US 20120260321A1
Filed: 04/07/2011
Published: 10/11/2012
Est. Priority Date: 04/07/2011
Status: Active Grant

First Claim

Patent Images

1. A method to facilitate access to a target resource from a non-browser based client application having an associated server application, wherein a credential is associated with the client application, comprising:

receiving a first request, the request including the credential;

caching the credential at a location identified by a one-time-use key;

returning a response to the first request that includes a data string that includes the one-time-use key;

receiving a second request directed to the target resource, the second request having been generated by a browser launched by the client application;

retrieving the credential from the location identified by the one-time-use key; and

setting the retrieved credential in a cookie and returning a response to the second request that includes the cookie and a redirect to the target resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for automated login to a browser application from an authenticated client application begins upon the end user taking an action to access a target resource. A credential is associated with the client application as a result of a prior login operation. The technique is implemented in a server application associated with the client application. In response to the end user taking the action, the server application receives a first request that includes the credential. The credential is cached at a location identified by a one-time-key that is generated by at the server in response to receipt of the first request. The server application then returns a response to the first request that includes a data string (e.g., a URL-template) that includes the one-time-use key. Upon receipt of that response, the client application fills in the URL-template with the target resource URL and launches the browser. The resulting second request is received at the server application, which retrieves the credential from the location identified by the one-time use key. The server application sets the retrieved credential in a cookie and returns a response to the second request. That response includes the cookie and a redirect to the target resource. In this manner, the browser is redirected to the target resource (e.g., a secure page) without requiring an extra login.

34 Citations

View as Search Results

26 Claims

1. A method to facilitate access to a target resource from a non-browser based client application having an associated server application, wherein a credential is associated with the client application, comprising:
- receiving a first request, the request including the credential;
  
  caching the credential at a location identified by a one-time-use key;
  
  returning a response to the first request that includes a data string that includes the one-time-use key;
  
  receiving a second request directed to the target resource, the second request having been generated by a browser launched by the client application;
  
  retrieving the credential from the location identified by the one-time-use key; and
  
  setting the retrieved credential in a cookie and returning a response to the second request that includes the cookie and a redirect to the target resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as described in claim 1 wherein the first request is a request for a one-time-use URL.
  - 3. The method as described in claim 1 wherein the one-time-use key is generated as a function of the credential and an address associated with the client application.
  - 4. The method as described in claim 1 wherein the data string is a URL-template.
  - 5. The method as described in claim 1 further including using information in the second request to re-generate the one-time-use key;
  - 6. The method as described in claim 1 wherein the second response is an HTML snippet that includes an HTTP 302 as the redirect.
  - 7. The method as described in claim 1 further including removing the credential from the location identified by the one-time-use key following the step of retrieving the credential.
  - 8. The method as described in claim 1 further including invalidating the one-time-use key if the second request is not received within a specific time period, or upon receiving a third request prior to the setting step, the third request including the credential and seeking access to another target resource.

9. Apparatus to facilitate access to a target resource from a non-browser based client application having an associated server application, wherein a credential is associated with the client application, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a method comprising;
  
  receiving a first request, the request including the credential;
  
  caching the credential at a location identified by a one-time-use key;
  
  returning a response to the first request that includes a data string that includes the one-time-use key;
  
  receiving a second request directed to the target resource, the second request having been generated by a browser launched by the client application;
  
  retrieving the credential from the location identified by the one-time-use key; and
  
  setting the retrieved credential in a cookie and returning a response to the second request that includes the cookie and a redirect to the target resource.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus as described in claim 9 wherein the first request is a request for a one-time-use URL.
  - 11. The apparatus as described in claim 9 wherein the one-time-use key is generated as a function of the credential and an address associated with the client application.
  - 12. The apparatus as described in claim 9 wherein the data string is a URL-template.
  - 13. The apparatus as described in claim 9 wherein the method further includes using information in the second request to re-generate the one-time-use key;
  - 14. The apparatus as described in claim 9 wherein the second response is an HTML snippet that includes an HTTP 302 as the redirect.
  - 15. The apparatus as described in claim 9 wherein the method further includes removing the credential from the location identified by the one-time-use key following the step of retrieving the credential.
  - 16. The apparatus as described in claim 9 wherein the method further includes invalidating the one-time-use key if the second request is not received within a specific time period, or upon receiving a third request prior to the setting step, the third request including the credential and seeking access to another target resource.

17. A computer program product in a computer readable medium for use in a data processing system to facilitate access to a target resource from a non-browser based client application having an associated server application, wherein a credential is associated with the client application, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
- receiving a first request, the request including the credential;
  
  caching the credential at a location identified by a one-time-use key;
  
  returning a response to the first request that includes a data string that includes the one-time-use key;
  
  receiving a second request directed to the target resource, the second request having been generated by a browser launched by the client application;
  
  retrieving the credential from the location identified by the one-time-use key; and
  
  setting the retrieved credential in a cookie and returning a response to the second request that includes the cookie and a redirect to the target resource.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product as described in claim 17 wherein the first request is a request for a one-time-use URL.
  - 19. The computer program product as described in claim 17 wherein the one-time-use key is generated as a function of the credential and an address associated with the client application.
  - 20. The computer program product as described in claim 17 wherein the data string is a URL-template.
  - 21. The computer program product as described in claim 17 wherein the method further includes using information in the second request to re-generate the one-time-use key;
  - 22. The computer program product as described in claim 17 wherein the second response is an HTML snippet that includes an HTTP 302 as the redirect.
  - 23. The computer program product as described in claim 17 wherein the method further includes removing the credential from the location identified by the one-time-use key following the step of retrieving the credential.
  - 24. The computer program product as described in claim 17 wherein the method further includes invalidating the one-time-use key if the second request is not received within a specific time period, or upon receiving a third request prior to the setting step, the third request including the credential and seeking access to another target resource.

25. A method to facilitate access to a target resource from a non-browser based client application having an associated server application, wherein a credential is associated with the client application, comprising:
- generating a first request for a one-time-use URL;
  
  forwarding the first request, together with the credential, to the server application;
  
  upon receipt from the server application of a data string that includes a one-time-use key, launching a browser;
  
  directing a second request from the browser to the server application, the second request including data from which the one-time-use key can be re-generated; and
  
  upon receipt from the server application of a response to the second request, setting a cookie that includes the credential and redirecting the browser to target resource.
- View Dependent Claims (26)
- - 26. The method as described in claim 25 wherein the second request includes the credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wendt, David Mark, Kubik, Joseph

Granted Patent

US 8,863,248 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 9/0863   involving passwords or one-...

Method and apparatus to auto-login to a browser application launched from an authenticated client application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to auto-login to a browser application launched from an authenticated client application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links