DEVICE TOKEN PROTOCOL FOR AUTHORIZATION AND PERSISTENT AUTHENTICATION SHARED ACROSS APPLICATIONS

US 20140075513A1
Filed: 09/10/2012
Published: 03/13/2014
Est. Priority Date: 09/10/2012
Status: Active Grant

First Claim

Patent Images

1. A system for authentication and authorization for a plurality of applications, comprising:

a processor configured to;

send user credentials to a remote server to authenticate a user on a device for a plurality of applications; and

receive a device token from the remote server for the user to authenticate the user for the plurality of applications on the device, wherein the device token is a persistent device token for securely persisting authentication and authorization of the user for each of the plurality of applications on the device; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various techniques for providing a device token protocol for authorization and persistent authentication shared across applications are disclosed. In some embodiments, a device token protocol for authorization and persistent authentication shared across applications includes sending user credentials to a remote server to authenticate a user on a device for a plurality of applications; and receiving a device token from the remote server for the user to authenticate the user for the plurality of applications on the device, in which the device token facilitates authentication and authorization.

126 Citations

20 Claims

1. A system for authentication and authorization for a plurality of applications, comprising:
- a processor configured to;
  
  send user credentials to a remote server to authenticate a user on a device for a plurality of applications; and
  
  receive a device token from the remote server for the user to authenticate the user for the plurality of applications on the device, wherein the device token is a persistent device token for securely persisting authentication and authorization of the user for each of the plurality of applications on the device; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system recited in claim 1, wherein the device token is uniquely associated with the user to verify authentication, and wherein the device identifier is associated with a profile identifier to provide for the authorization for access to a resource.
  - 3. The system recited in claim 1, wherein the device token is stored in persistent storage without an expiration.
  - 4. The system recited in claim 1, wherein the device token is a persistent, non-transferrable device token, and wherein the device token is uniquely associated with the user and with the device.
  - 5. The system recited in claim 1, wherein the device token includes authorization information to authorize the user on the device to access a resource.
  - 6. The system recited in claim 1, wherein the device token is associated with a device identifier (ID) that is uniquely associated with the device, and wherein the device token is associated with a user identifier (ID).
  - 7. The system recited in claim 1, wherein the device token includes an authentication token.
  - 8. The system recited in claim 1, wherein the device token includes an access token.
  - 9. The system recited in claim 1, wherein the user authorization credentials are not stored locally on the device.
  - 10. The system recited in claim 1, wherein the processor is further configured to:
    - send an access token request to the remote server, wherein the access token request includes the device token and a client identifier, wherein the client identifier uniquely identifies a client application, and wherein the client application is one of the plurality of applications; and
      
      receive an access token from the remote server, wherein the access token grants access to the client application.
  - 11. The system recited in claim 1, wherein the processor is further configured to:
    - receive a deauthorization message from the remote server, wherein the deauthorization message invalidates the device token.
  - 12. The system recited in claim 1, wherein the processor is further configured to:
    - execute an application manager that communicates with the plurality of applications on the device to implement the device token based authentication and authorization, wherein the device token is uniquely associated with a user identifier and a device identifier to verify is authentication, and wherein the device identifier is associated with a profile identifier to provide for the authorization for access to a resource.

13. A method for authentication and authorization for a plurality of applications, comprising:
- sending user credentials to a remote server to authenticate a user on a device for a plurality of applications; and
  
  receiving a device token from the remote server for the user to authenticate the user for the plurality of applications on the device, wherein the device token is a persistent device token for securely persisting authentication and authorization of the user for each of the plurality of applications on the device.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the device token uniquely associated with the user to verify authentication, and wherein the device identifier is associated with a profile identifier to provide for the authorization for access to a resource.
  - 15. The method of claim 13, further comprising:
    - receiving a deauthorization message from the remote server, wherein the deauthorization message invalidates the device token.

16. A system for authentication and authorization for a plurality of applications, comprising:
- a processor configured to;
  
  receive user credentials at an authentication server from a device to authenticate a user on the device for the plurality of applications;
  
  generate a persistent device token based on a user identifier and a device identifier, wherein the persistent device identifier is uniquely associated with the user and the device; and
  
  send the persistent device token to the device for the user to persistently authenticate the user for the plurality of applications on the device, wherein the device token facilitates authentication and authorization; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (17, 18, 19)
- - 17. The system recited in claim 16, wherein the processor is further configured to:
    - receive a first access token request, wherein the first access token request includes the is device token and a first client identifier, wherein the first client identifier uniquely identifies a first client application, and wherein the first client application is one of the plurality of applications; and
      
      send a first access token to the device, wherein the first access token grants access to the first client application.
  - 18. The system recited in claim 17, wherein the processor is further configured to:
    - receive a second access token request, wherein the second access token request includes the device token and a second client identifier, wherein the second client identifier uniquely identifies a second client application, and, wherein the second client application is one of the plurality of applications; and
      
      send a second access token to the device, wherein the second access token grants access to the second client application.
  - 19. The system recited in claim 16, wherein the processor is further configured to:
    - send a deauthorization message to the device, wherein the deauthorization message invalidates the device token.

20. A method for authentication and authorization for a plurality of applications, comprising:
- receiving user credentials at an authentication server from a device to authenticate a user on the device for the plurality of applications;
  
  generating a persistent device token based on a user identifier and a device identifier, wherein the persistent device identifier is uniquely associated with the user and the device; and
  
  sending the persistent device token to the device for the user to persistently authenticate the user for the plurality of applications on the device, wherein the device token facilitates authentication and authorization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Systems Incorporated (Adobe Inc.)
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Brotsky, Daniel Carl, Trammel, John, Kalfas, Andrei, Yalcinalp, Lutfiye Umit, Boag, James Thomas

Granted Patent

US 9,038,138 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0876   based on the identity of th...

H04L 9/3213   using tickets or tokens, e....

DEVICE TOKEN PROTOCOL FOR AUTHORIZATION AND PERSISTENT AUTHENTICATION SHARED ACROSS APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

126 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE TOKEN PROTOCOL FOR AUTHORIZATION AND PERSISTENT AUTHENTICATION SHARED ACROSS APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links