SINGLE SIGN ON (SSO) AUTHORIZATION AND AUTHENTICATION FOR MOBILE COMMUNICATION DEVICES

US 20150180858A1
Filed: 12/23/2013
Published: 06/25/2015
Est. Priority Date: 12/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, from the mobile communication device to an application server associated with one application among a native application executing on the mobile communication device and a hybrid application executing in a native application container on the mobile communication device, authentication credentials for a user of the mobile device and a single sign on (SSO) token for authenticating the mobile communication device in communications with application servers;

in response to transmitting the authentication credentials and the SSO token to the application server associated with the one application, receiving services reserved for authenticated users of the one application from the application server associated with the one application;

following the transmitting of the authentication credentials and the SSO token to the application server associated with the one application, transmitting, from the mobile communication device to an application server associated with another application among the native application executing on the mobile communication device and the hybrid application executing in the native application container on the mobile communication device, the SSO token without the authentication credentials; and

in response to transmitting the SSO token without the authentication credentials to the application server associated with the other application, receiving services reserved for authenticated users of the other application from the application server associated with the other application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Single sign on (SSO) functionality is provided across native and hybrid applications executing on a mobile communication device, such that both native and hybrid applications can access authenticated services offered through respective application servers without repeatedly providing authentication credentials. In operation, the mobile device obtains an SSO token from an SSO server providing the SSO functionality, and native applications executing on the mobile device retrieve the SSO token from memory for use in accessing authenticated services. In the case of hybrid applications, an alias is assigned to the mobile device in response to receiving a page request received from the hybrid application. The alias is associated with SSO token of the mobile device in the SSO server, and is used to provide the SSO token directly to the hybrid application from the SSO server such that the hybrid application can use the SSO token for authentication.

Citations

20 Claims

1. A method comprising:
- transmitting, from the mobile communication device to an application server associated with one application among a native application executing on the mobile communication device and a hybrid application executing in a native application container on the mobile communication device, authentication credentials for a user of the mobile device and a single sign on (SSO) token for authenticating the mobile communication device in communications with application servers;
  
  in response to transmitting the authentication credentials and the SSO token to the application server associated with the one application, receiving services reserved for authenticated users of the one application from the application server associated with the one application;
  
  following the transmitting of the authentication credentials and the SSO token to the application server associated with the one application, transmitting, from the mobile communication device to an application server associated with another application among the native application executing on the mobile communication device and the hybrid application executing in the native application container on the mobile communication device, the SSO token without the authentication credentials; and
  
  in response to transmitting the SSO token without the authentication credentials to the application server associated with the other application, receiving services reserved for authenticated users of the other application from the application server associated with the other application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving user input of the authentication credentials in a user interface of the one application among the native application and the hybrid application executing on the mobile communication device,wherein the authentication credentials received as user input are transmitted to the application server associated with the one application.
  - 3. The method of claim 1, further comprising:
    - receiving, in the mobile communication device from the application server associated with the hybrid application, an alias assigned to the mobile communication device; and
      
      in response to requesting a token associated with the alias from an SSO server in communication with the application servers, receiving in the hybrid application the SSO token from the SSO server.
  - 4. The method of claim 3, wherein the native application is configured to retrieve the SSO token from a memory of the mobile communication device, and the hybrid application executing in the native application container on the mobile communication device is not configured to retrieve the SSO token from the memory of the mobile communication device.
  - 5. The method of claim 3, further comprising:
    - in response to receiving the alias assigned to the mobile communication device, automatically causing an SSO service running on the mobile communication device to transmit an alias registration request to the SSO server to associate the alias with the SSO token of the mobile device in the SSO server,wherein the alias registration request includes the alias.
  - 6. The method of claim 5, wherein the alias registration request further includes the SSO token of the mobile device.
  - 7. The method of claim 1, wherein the transmitting the authentication credentials and the SSO token comprises:
    - transmitting a first page request including the SSO token from the one application to the application server associated with the one application;
      
      responsive to transmitting the first page request, receiving from the application server associated with the one application a request for authentication credentials of the user of the mobile device;
      
      obtaining from the user, in the one application among the native application and the hybrid application, the authentication credentials; and
      
      transmitting the obtained authentication credentials to the application server associated with the one application.
  - 8. The method of claim 1, further comprising:
    - receiving in the mobile communication device, in response to a request from the mobile communication device to an SSO server for the SSO token, the SSO token for authenticating the mobile communication device in communications with application servers.

9. A mobile communication device comprising:
- a processor;
  
  a user interface for receiving commands from a user and displaying information to the user;
  
  a mobile wireless communication interface for communicating across a mobile wireless communication network with a plurality of application servers; and
  
  a memory storing instructions for execution on the processor, wherein execution of the instructions causes the processor to;
  
  transmit, to an application server associated with one application among a native application executing on the mobile communication device and a hybrid application executing in a native application container on the mobile communication device, authentication credentials for the user of the mobile device and a single sign on (SSO) token for authenticating the mobile communication device;
  
  in response to transmitting the authentication credentials and the SSO token to the application server associated with the one application, receive services reserved for authenticated users of the one application from the application server associated with the one application;
  
  following the transmitting of the authentication credentials and the SSO token to the application server associated with the one application, transmit, to an application server associated with another application among the native application executing on the mobile communication device and the hybrid application executing in the native application container on the mobile communication device, the SSO token without the authentication credentials; and
  
  in response to transmitting the SSO token without the authentication credentials to the application server associated with the other application, receive services reserved for authenticated users of the other application from the application server associated with the other application.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The mobile communication device of claim 9, wherein execution of the instructions further causes the processor to:
    - receive, through the user interface, user input of the authentication credentials in a user interface of the one application among the native application and the hybrid application executing on the mobile communication device,wherein the authentication credentials received as user input are transmitted to the application server associated with the one application.
  - 11. The mobile communication device of claim 9, wherein execution of the instructions further causes the processor to:
    - receive, from the application server associated with the hybrid application, an alias assigned to the mobile communication device; and
      
      in response to requesting a token associated with the alias from an SSO server in communication with the application servers, receive in the hybrid application the SSO token from the SSO server.
  - 12. The mobile communication device of claim 11, wherein the native application is configured to retrieve the SSO token from a memory of the mobile communication device, and the hybrid application executing in the native application container on the mobile communication device is not configured to retrieve the SSO token from the memory of the mobile communication device.
  - 13. The mobile communication device of claim 11, wherein execution of the instructions further causes the processor to:
    - in response to receiving the alias assigned to the mobile communication device, automatically cause an SSO service running on the mobile communication device to transmit an alias registration request to the SSO server to associate the alias with the SSO token of the mobile device in the SSO server,wherein the alias registration request includes the alias.
  - 14. The mobile communication device of claim 9, wherein the transmitting the authentication credentials and the SSO token comprises:
    - transmitting a first page request including the SSO token from the one application to the application server associated with the one application;
      
      responsive to transmitting the first page request, receiving from the application server associated with the one application a request for authentication credentials of the user of the mobile device;
      
      obtaining from the user, in the one application among the native application and the hybrid application, the authentication credentials; and
      
      transmitting the obtained authentication credentials to the application server associated with the one application.

15. A method comprising:
- generating, in a single sign on (SSO) server communicatively coupled to a plurality of mobile devices and a plurality of application servers, an SSO token for use in authenticating one of the plurality of mobile devices;
  
  providing the generated SSO token to the one mobile device for use in authenticating the mobile device with application servers associated with native applications executing on the one mobile device;
  
  generating in the SSO server, in response to receiving a request from an application server associated with a hybrid application configured for execution in native application containers of mobile devices, an alias for uniquely identifying a mobile device having transmitted a request to the application server associated with the hybrid application;
  
  associating the generated alias with the generated SSO token of the one mobile device in response to receiving a registration request including the generated alias from the one mobile device; and
  
  providing the generated SSO token to the hybrid application on the one mobile device, for use in authenticating the mobile device with the application server associated with the hybrid application, in response to receiving a request for the token from the hybrid application on the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - receiving, from one of the plurality of application servers, an authentication request including an SSO token for authentication;
      
      transmitting an authentication failure message to the one application server in response to determining based on a database of SSO tokens that the SSO token for authentication has not been authenticated.
  - 17. The method of claim 15, further comprising:
    - receiving, from the one application server, an authentication request including an SSO token for authentication and authentication credentials;
      
      updating a database of SSO tokens to indicate that the SSO token for authentication is authenticated upon validating the authentication credentials; and
      
      transmitting an authentication success message to the one application server upon validating the authentication credentials.
  - 18. The method of claim 17, further comprising:
    - receiving, from another of the plurality of application servers, an authentication request including the SSO token for authentication without authentication credentials;
      
      transmitting an authentication success message to the other application server in response to determining based on the database of SSO tokens that the SSO token for authentication has been authenticated.
  - 19. The method of claim 18, wherein the one application server is an application server associated with a native application executing on the one mobile device, and the other application server is an application server associated with the hybrid application configured for execution in a native application container on the mobile device.
  - 20. The method of claim 18, wherein the one application server is an application server associated with the hybrid application configured for execution in a native application container on the mobile device, and the other application server is an application server associated with a native application executing on the one mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
SHANMUGAM, Sankar, VIRKKULA, Petri, LU, Zhidong, OLACHERY, Shan

Granted Patent

US 9,065,819 B1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04W 12/06   Authentication

SINGLE SIGN ON (SSO) AUTHORIZATION AND AUTHENTICATION FOR MOBILE COMMUNICATION DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE SIGN ON (SSO) AUTHORIZATION AND AUTHENTICATION FOR MOBILE COMMUNICATION DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links