System and Method for Mobile Single Sign-On Integration
1 Assignment
0 Petitions
Accused Products
Abstract
Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.
21 Citations
49 Claims
-
1-26. -26. (canceled)
-
27. A service provider computer system for providing web services to mobile devices using single sign-on (SSO) credentials managed by a client-side computer system, the system comprising:
-
non-transitory computer memory storing executable computer instructions; a programmable processor, the programmable processor executing at least a portion of the stored executable computer instructions to perform at least the following; selecting an authentication protocol from a plurality of supported authentication protocols based on an authentication token received from a mobile device; validating the authentication token using the selected authentication protocol; generating an authorization access token based on the mobile device; processing a service request received from the mobile device, the service request containing the authorization access token; and servicing the service request in response to the authorization access token. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A client-side web-identification authentication computer system for providing web services to mobile devices using single sign-on (SSO) credentials, the system comprising:
-
non-transitory computer memory; a processor, the processor executing at least a portion of stored executable computer instructions to perform at least the following; receiving, from the service provider system or from a mobile device, a request to authenticate an identity of a user; authenticating the identity of the user; generating an authentication token based on the step of authenticating; communicating the authentication token; wherein the authentication token causes the service provider system to perform at least the following; select an authentication protocol from a plurality of supported authentication protocols based on an authentication token received from the mobile device; validate the authentication token using with the selected authentication protocol; generate an authorization access token; process a service request received from the mobile device, the service request containing an authorization access token; and service the service request in response to the authorization access token. - View Dependent Claims (43, 44, 45, 46, 47, 48)
-
-
49. A mobile device for providing web services using single sign-on (SSO) credentials, the system comprising:
-
a non-transitory computer memory; a processor, the processor executing at least a portion of stored executable computer instructions to perform at least the following; receiving, at the mobile device, a request to access at least one service at a service provider computer system; communicating the request to the service provider computer system; verifying the identity of a user associated with the mobile device; receiving, in response to the step of verifying, an authentication token from a client-side web-identification authentication computer system; automatically communicating the authentication token to the service provider computer system; and wherein the authentication token causes the service provider computer system to perform at least the following; select an authentication protocol from a plurality of supported authentication protocols based on an authentication token received from the mobile device; validate the authentication token using with the selected authentication protocol; generate an authorization access token; process a service request received from the mobile device, the service request containing an authorization access token; and service the service request in response to the authorization access token.
-
Specification