System and Method for Mobile Single Sign-On Integration

US 20140310792A1
Filed: 04/12/2013
Published: 10/16/2014
Est. Priority Date: 04/12/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing access to mobile web services provided by a service provider system using a single sign-on (SSO) credential managed by a client-side computer system, the method comprising:

receiving an authentication token from the mobile device, the authentication token generated by the client-side computer system upon authenticating the identity of a user at the mobile device using the user'"'"'s single sign on credential;

processing the authentication token to validate the authentication token;

generating an authorization access token;

providing the authorization access token to the mobile device;

processing a service request received from the mobile device, the service request containing the authorization access token;

processing the authorization access token to validate authority to receive the service request; and

servicing the service request in response to the step of processing the authorization access token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.

Citations

26 Claims

1. A method for providing access to mobile web services provided by a service provider system using a single sign-on (SSO) credential managed by a client-side computer system, the method comprising:
- receiving an authentication token from the mobile device, the authentication token generated by the client-side computer system upon authenticating the identity of a user at the mobile device using the user'"'"'s single sign on credential;
  
  processing the authentication token to validate the authentication token;
  
  generating an authorization access token;
  
  providing the authorization access token to the mobile device;
  
  processing a service request received from the mobile device, the service request containing the authorization access token;
  
  processing the authorization access token to validate authority to receive the service request; and
  
  servicing the service request in response to the step of processing the authorization access token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising the steps of:
    - receiving, at the service provider system, a request to access web services using the mobile device; and
      
      redirecting the mobile device to a web-identification authentication service at the client-side computer system to authenticate the identity of the user.
  - 3. The method of claim 2, wherein the step of redirecting causes the client-side computer system to generate the authentication token and communicate to the mobile device a message containing the authentication token and a redirect function call that, when processed by a processor at the mobile device, causes the mobile device to automatically communicate the authentication token the service provider system.
  - 4. The method of claim 1, further comprising the steps of:
    - generating an authorization code in response to the step of processing the authentication token; and
      
      communicating the authorization code to the mobile device.
  - 5. The method of claim 4, wherein the authorization code, when processed by a processor at the mobile device, causes the mobile device to communicate the authorization code to the service provider system to request the authorization access token.
  - 6. The method of claim 5, further comprising the step of:
    - receiving the authorization code; and
      
      validating the authorization code;
      
      wherein the step of generating the authorization access token is in response to validating the authorization code.
  - 7. The method of claim 1, wherein the authentication token is generated in accordance with a web SSO protocol.
  - 8. The method of claim 7, wherein the web SSO protocol comprises at least one of:
    - MD5;
      
      HMAC MD;
      
      TripleDES;
      
      Security Assertion Markup Language (SAML) version 1.1; and
      
      SML 2.0.
  - 9. The method of claim 1, wherein the authorization access token is generated in accordance with a mobile SSO protocol.
  - 10. The method of claim 9, wherein the mobile SSO protocol is OAuth.
  - 11. The method of claim 1, wherein the service provider system services mobile service requests from a plurality of users associated with a plurality of client-side computer systems.
  - 12. The method of claim 1, further comprising the steps ofgenerating and communicating to the mobile device a refresh token;
    - receiving a request for a second authorization access token after the expiration of the authorization access token, the request containing the refresh token; and
      
      generating a second authorization access token.

13. A service provider computer system for providing web services to mobile devices using single sign-on (SSO) credentials managed by a client-side computer system, the system comprising:
- a web authentication engine for receiving an authentication token generated by the client-side computer system upon authenticating an identity of a user at the mobile device using the user'"'"'s single sign on credential and processing the authentication token to validate the authentication token;
  
  a token engine for generating an authorization access token and providing the authorization access token to the mobile device;
  
  a web services engine for processing a service request received from the mobile device, the service request containing the authorization access token, processing the authorization access token to validate authority to receive the service request, and servicing the service request in response to the step of processing the authorization access token.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein the web services engine further performs the steps of receiving a request to access web services using the mobile device and redirecting the mobile device to an web-identification authentication service at the client-side computer system to authenticate the identity of the user.
  - 15. The system of claim 14, wherein said redirecting causes the client-side computer system to generate the authentication token and communicate to the mobile device a message containing the authentication token and a redirect function call that, when processed by a processor at the mobile device, causes the mobile device to automatically communicate the authentication token the service provider system.
  - 16. The system of claim 13, wherein the system further comprises an authorization engine for generating an authorization code in response to the step processing the authentication token and communicating the authorization code to the mobile device.
  - 17. The system of claim 16, wherein the authorization code, when processed by a processor at the mobile device, causes the mobile device to communicate the authorization code to the service provider system to request the authorization access token.
  - 18. The system of claim 16, wherein the token engine receives the authorization code and validates the authorization code to generate the authorization access token.
  - 19. The system of claim 13, wherein the authentication token is generated in accordance with a web SSO protocol.
  - 20. The system of claim 19, wherein the web SSO protocol comprises at least one of:
    - MD5;
      
      HMAC MD;
      
      TripleDES;
      
      Security Assertion Markup Language (SAML) version 1.1; and
      
      SML 2.0.
  - 21. The system of claim 13, wherein the authorization access token is generated in accordance with a mobile SSO protocol.
  - 22. The system of claim 21, wherein the mobile SSO protocol is OAuth.
  - 23. The system of claim 13, wherein the service provider system services mobile service requests from a plurality of users associated with a plurality of client-side computer systems.
  - 24. The system of claim 13, wherein the token engine further generates a refresh token that is communicated to the mobile device and generates a second authorization access token in response to a request for the second authorization access token after the expiration of the authorization access token, the request containing the refresh token.

25. A method for providing seamless access to mobile web services provided by a service provider system using a single sign-on (SSO) credential managed by a client-side computer system, the method comprising:
- receiving, at the service provider system, a request to access web services using the mobile deviceredirecting the mobile device to an web-identification authentication service at the client-side computer system to authenticate the identity of the user using the user'"'"'s single sign on credential, said redirect causing the client-side computer system to generate an authentication token and communicate to the mobile device a message containing the authentication token and a redirect function call that, when processed by a processor at the mobile device, causes the mobile device to automatically communicate the authentication token the service provider system;
  
  receiving an authentication token from the mobile device, the authentication token being generated by the client-side computer system upon authenticating the identity of the user and in accordance with a web SSO protocol;
  
  processing the authentication token to validate the authentication token;
  
  generating an authorization code in response to the step of processing the authentication token;
  
  communicating the authorization code to the mobile device, the authorization code, when processed by a processor at the mobile device, causes the mobile device to communicate the authorization code to the service provider system to request the authorization access token;
  
  receiving the authorization code from the mobile device;
  
  validating the authorization code;
  
  generating the authorization access token in response to validating the authorization code; and
  
  providing the authorization access token to the mobile device.
- View Dependent Claims (26)
- - 26. The method of claim 25, further comprising the steps of:
    - processing a service request received from the mobile device, the service request containing the authorization access token;
      
      processing the authorization access token to validate authority to receive the service request; and
      
      servicing the service request in response to the step of processing the authorization access token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Globoforce Limited (Globoforce Group Plc)
Original Assignee
Globoforce Limited (Globoforce Group Plc)
Inventors
Hyland, Jonathan, Fitzpatrick, Eddie

Granted Patent

US 9,009,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

System and Method for Mobile Single Sign-On Integration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Mobile Single Sign-On Integration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links