SYSTEMS AND METHODS FOR PUSH NOTIFICATION BASED APPLICATION AUTHENTICATION AND AUTHORIZATION
First Claim
1. A system, comprising:
- a web service engine, which in operation, hosts and provides a web service on a remote server;
an app engine, which in operation,enables an application running on a computing/mobile device to register with a third-party push notification service, wherein the third-party push notification service generates and provides a device token for the application;
receives a first verification token from a push notification and constructs a second verification token from the first verification token;
accepts and provides credentials to access the application together with the second verification token;
an application authentication and authorization engine, which in operation,accepts the device token and generates said first verification token upon receiving the device token;
generates and provides said push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token;
accepts and verifies the second verification token and the credentials;
provides an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A new approach is proposed that contemplates systems and methods to support authentication and authorization of an application running on a computing device or a mobile device to a web-based service provided by a remote server using a third-party push notification service available to the computing and/or mobile device. The application is only allowed to access and interact with the remote service after the application has been authenticated and authorized by the service provider. Unlike previous approaches, the proposed approach does not rely on any application-specific secrets associated with the application and stored on the computing or mobile device. Instead it utilizes the generic third-party push notification service security mechanisms that are available to the computing and/or mobile device.
-
Citations
33 Claims
-
1. A system, comprising:
-
a web service engine, which in operation, hosts and provides a web service on a remote server; an app engine, which in operation, enables an application running on a computing/mobile device to register with a third-party push notification service, wherein the third-party push notification service generates and provides a device token for the application; receives a first verification token from a push notification and constructs a second verification token from the first verification token; accepts and provides credentials to access the application together with the second verification token; an application authentication and authorization engine, which in operation, accepts the device token and generates said first verification token upon receiving the device token; generates and provides said push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token; accepts and verifies the second verification token and the credentials; provides an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
registering an application running on a computing/mobile device with a third-party push notification service, which generates and provides a device token to the application; accepting the device token and generating a first verification token by a remote service upon receiving the device token; generating and providing a push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token; receiving the first verification token from the push notification and constructing a second verification token from the first verification token; accepting and providing credentials to access the application to the remote service together with the second verification token; accepting and verifying the second verification token and the credentials by the remote service; providing an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A machine readable medium having software instructions stored thereon that when executed cause a system to:
-
register an application running on a computing/mobile device with a third-party push notification service, which generates and provides a device token to the application; accept the device token and generate a first verification token by a remote service upon receiving the device token; generate and provide a push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token; receive the first verification token from the push notification and construct a second verification token from the first verification token; accept and provide credentials to access the application to the remote service together with the second verification token; accept and second verify the verification token and the credentials by the remote service; provide an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid.
-
Specification