SYSTEMS AND METHODS FOR PUSH NOTIFICATION BASED APPLICATION AUTHENTICATION AND AUTHORIZATION

US 20140007213A1
Filed: 06/11/2013
Published: 01/02/2014
Est. Priority Date: 06/29/2012
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising:

a web service engine, which in operation, hosts and provides a web service on a remote server;

an app engine, which in operation,enables an application running on a computing/mobile device to register with a third-party push notification service, wherein the third-party push notification service generates and provides a device token for the application;

receives a first verification token from a push notification and constructs a second verification token from the first verification token;

accepts and provides credentials to access the application together with the second verification token;

an application authentication and authorization engine, which in operation,accepts the device token and generates said first verification token upon receiving the device token;

generates and provides said push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token;

accepts and verifies the second verification token and the credentials;

provides an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new approach is proposed that contemplates systems and methods to support authentication and authorization of an application running on a computing device or a mobile device to a web-based service provided by a remote server using a third-party push notification service available to the computing and/or mobile device. The application is only allowed to access and interact with the remote service after the application has been authenticated and authorized by the service provider. Unlike previous approaches, the proposed approach does not rely on any application-specific secrets associated with the application and stored on the computing or mobile device. Instead it utilizes the generic third-party push notification service security mechanisms that are available to the computing and/or mobile device.

Citations

33 Claims

1. A system, comprising:
- a web service engine, which in operation, hosts and provides a web service on a remote server;
  
  an app engine, which in operation,enables an application running on a computing/mobile device to register with a third-party push notification service, wherein the third-party push notification service generates and provides a device token for the application;
  
  receives a first verification token from a push notification and constructs a second verification token from the first verification token;
  
  accepts and provides credentials to access the application together with the second verification token;
  
  an application authentication and authorization engine, which in operation,accepts the device token and generates said first verification token upon receiving the device token;
  
  generates and provides said push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token;
  
  accepts and verifies the second verification token and the credentials;
  
  provides an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein:
    - the app engine enables a user to access, launch, and interact with the application on the computing and/or mobile device.
  - 3. The system of claim 2, wherein:
    - the app engine accepts input from the user in the form of plain text commands and/or hand/finger gestures on a touchscreen of the computing and/or mobile device.
  - 4. The system of claim 2, wherein:
    - the app engine presents status and/or execution results of commands and/or instructions to the user.
  - 5. The system of claim 1, wherein:
    - the push notification is delivered only to the application designated to access the web service.
  - 6. The system of claim 1, wherein:
    - the push notification is always delivered to the computing and/or mobile device to which the device token is generated for.
  - 7. The system of claim 1, wherein:
    - the push notification is encrypted when it is being transmitted over a network.
  - 8. The system of claim 1, wherein:
    - the device token is associated with the computing and/or mobile device on which the application is running and is used by the push notification service to determine which computing/mobile device to send the push notification to.
  - 9. The system of claim 1, wherein:
    - the app engine provides the device token received from the push notification service to the remote server.
  - 10. The system of claim 9, wherein:
    - the app engine goes into a waiting state after sending the device token until the push notification is received.
  - 11. The system of claim 1, wherein:
    - the second verification token is the same as the first verification token received from the push notification.
  - 12. The system of claim 1, wherein:
    - the application authentication and authorization engine utilizes the second verification token in addition to the credentials to authenticate and authorize the application/app for accessing the web service.
  - 13. The system of claim 1, wherein:
    - the application authentication and authorization engine authorizes the application to access the web service only after the application has been authenticated as valid.
  - 14. The system of claim 1, wherein:
    - the first and the second verification tokens are for one-time-use only and have a time-limited lifespan.
  - 15. The system of claim 14, wherein:
    - the application authentication and authorization engine converts the one-time-use only secondary verification into a multi-use and persistent access token for subsequent calls from the application/app to access the web service.
  - 16. The system of claim 1, wherein:
    - the application authentication and authorization engine provides an API as the access token for the application to access the web service once the credentials and the second verification token are both verified to be authentic.
  - 17. The system of claim 16, wherein:
    - the app engine enables the application to access the web service using the API access token.

18. A method, comprising:
- registering an application running on a computing/mobile device with a third-party push notification service, which generates and provides a device token to the application;
  
  accepting the device token and generating a first verification token by a remote service upon receiving the device token;
  
  generating and providing a push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token;
  
  receiving the first verification token from the push notification and constructing a second verification token from the first verification token;
  
  accepting and providing credentials to access the application to the remote service together with the second verification token;
  
  accepting and verifying the second verification token and the credentials by the remote service;
  
  providing an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 19. The method of claim 18, further comprising:
    - enabling a user to access, launch, and interact with the application on the computing and/or mobile device.
  - 20. The method of claim 19, further comprising:
    - accepting input from the user in the form of plain text commands and/or hand/finger gestures on a touchscreen of the computing and/or mobile device.
  - 21. The method of claim 19, further comprising:
    - presenting status and/or execution results of commands and/or instructions to the user.
  - 22. The method of claim 18, further comprising:
    - delivering the push notification only to the application designated to access the web service.
  - 23. The method of claim 18, further comprising:
    - delivering the push notification to the computing and/or mobile device to which the device token is generated for.
  - 24. The method of claim 18, further comprising:
    - encrypting the push notification when it is being transmitted over a network.
  - 25. The method of claim 18, further comprising:
    - using the device token to determine which computing/mobile device to send the push notification to.
  - 26. The method of claim 18, further comprising:
    - providing the device token received from the push notification service to the remote server.
  - 27. The method of claim 26, further comprising:
    - going into a waiting state after sending the device token until the push notification is received.
  - 28. The method of claim 18, further comprising:
    - utilizing the second verification token in addition to the credentials to authenticate and authorize the application/app for accessing the web service.
  - 29. The method of claim 18, further comprising:
    - authorizing the application to access the web service only after the application has been authenticated as valid.
  - 30. The method of claim 18, further comprising:
    - converting the one-time-use only second verification token into a multi-use and persistent access token for subsequent calls from the application/app to access the web service.
  - 31. The method of claim 18, further comprising:
    - providing an API as the access token for the application to access the web service once the credentials and the second verification token are both verified to be authentic.
  - 32. The method of claim 31, further comprising:
    - enabling the application to access the web service using the API access token.

33. A machine readable medium having software instructions stored thereon that when executed cause a system to:
- register an application running on a computing/mobile device with a third-party push notification service, which generates and provides a device token to the application;
  
  accept the device token and generate a first verification token by a remote service upon receiving the device token;
  
  generate and provide a push notification to the application via the third-party push notification service, wherein the push notification includes the first verification token;
  
  receive the first verification token from the push notification and construct a second verification token from the first verification token;
  
  accept and provide credentials to access the application to the remote service together with the second verification token;
  
  accept and second verify the verification token and the credentials by the remote service;
  
  provide an access token to the application for subsequent access to the remote service by the application if the second verification token and the credentials are verified to be valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WePay, Inc. (JP Morgan Chase & Co)
Original Assignee
WePay, Inc. (JP Morgan Chase & Co)
Inventors
Sanin, Aleksey, Ricketson, Matt, Newlman, Ryan, LeBlanc, Andrew, Stern, Eric

Application Number

US13/915,475
Publication Number

US 20140007213A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2115   Third party

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04W 12/068   using credential vaults, e....

SYSTEMS AND METHODS FOR PUSH NOTIFICATION BASED APPLICATION AUTHENTICATION AND AUTHORIZATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PUSH NOTIFICATION BASED APPLICATION AUTHENTICATION AND AUTHORIZATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links