CROSS-NATIVE APPLICATION AUTHENTICATION APPLICATION

US 20160006719A1
Filed: 07/03/2014
Published: 01/07/2016
Est. Priority Date: 07/03/2014
Status: Active Grant

First Claim

Patent Images

1. A user device, comprising:

a memory to store;

first authentication information,the first authentication information being used to grant access to a resource associated with a first application,configuration information relating to the second application,the second application being different than the first application,the first application and the second application operating on the user device; and

one or more processors to;

receive an authentication request, from the second application, requesting second authentication information,determine, based on the authentication request, that the memory stores the configuration information relating to the second application,determine, based on the configuration information, whether the first authentication information contains some or all of the second authentication information,generate an authentication response, to the authentication request, using the first authentication information based on determining that the first authentication information contains some or all of the second authentication information, andsend the authentication response, to the second application, to permit access to a resource associated with the second application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user device stores first authentication information used to grant access to a resource associated with a first application, and configuration information relating to a second application. The user device receives an authentication request from the second application requesting second authentication information. Based on the configuration information relating to the second application, the user device determines whether the first authentication information contains some or all of the requested second authentication information. The user device generates an authentication response to the authentication request, using the first authentication information, and sends the authentication response to the second application in order to permit access to a resource associated with the second application.

19 Citations

20 Claims

1. A user device, comprising:
- a memory to store;
  
  first authentication information,the first authentication information being used to grant access to a resource associated with a first application,configuration information relating to the second application,the second application being different than the first application,the first application and the second application operating on the user device; and
  
  one or more processors to;
  
  receive an authentication request, from the second application, requesting second authentication information,determine, based on the authentication request, that the memory stores the configuration information relating to the second application,determine, based on the configuration information, whether the first authentication information contains some or all of the second authentication information,generate an authentication response, to the authentication request, using the first authentication information based on determining that the first authentication information contains some or all of the second authentication information, andsend the authentication response, to the second application, to permit access to a resource associated with the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The user device of claim 1, where the one of more processors are further to:
    - send a configuration request to a configuration server,receive, based on the configuration request, a configuration response from the configuration server, andupdate, based on the configuration response, the configuration information.
  - 3. The user device of claim 2, where the one of more processors are further to:
    - encrypt the configuration request sent to the configuration server, anddecrypt the configuration response received from the configuration server.
  - 4. The user device of claim 1, where the configuration information stored in the memory further includes:
    - expiration information for the first authentication information; and
      
      the one or more processors are further to;
      
      determine whether some or all of the first authentication information is expired based on the expiration information, andsend a server authentication request to an authentication server based on determining that some or all of the first authentication information is expired.
  - 5. The user device of claim 1, where the memory is further to store:
    - user credential information; and
      
      the one or more processors are further to;
      
      send a server authentication request, based on the user credential information and the authentication request, to an authentication server.
  - 6. The user device of claim 1, where the configuration information stored in the memory further includes:
    - at least one of a white-list or a black-list; and
      
      the one or more processors, when determining that the memory stores the configuration information relating to the second application, are further to;
      
      determine at least one of;
      
      that the second application is identified in the white-list, orthat the second application is not identified in the black-list.
  - 7. The user device of claim 1, where the one or more processors are further to:
    - encrypt the authentication response, using a key included with the authentication request, before sending the authentication response.

8. A computer-readable medium storing instructions, the instructions comprising:
- a plurality of instructions that, when executed by a processor of a device, cause the processor to;
  
  receive an authentication request, from a first application, requesting first authentication information;
  
  determine, based on the authentication request, that configuration information relates to the first application;
  
  determine, based on the configuration information, whether the device stores second authentication information, that relates to the first authentication information,the second authentication information being used to grant access to a resource associated with a second application;
  
  generate an authentication response, to the authentication request, using the second authentication information based on determining that the second authentication information relates to the first authentication information; and
  
  send the authentication response, to the first application, to permit access to a resource associated with the first application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor, when sending the authentication response, to:
    - send the authentication response via one or more deep-links.
  - 10. The computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor, when sending the authentication response, to:
    - send the authentication response via one or more application extensions.
  - 11. The computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor, when sending the authentication response, to:
    - send the authentication response by storing the authentication response in one or more locations in a memory accessible to the first application.
  - 12. The computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor to:
    - determine, based on the configuration information, whether the second authentication information does not relate to the first authentication information, andbased on determining that the second authentication information does not relate to the first authentication information;
      
      obtain user credential information,send, based on the authentication request and the user credential information, a server authentication request, to an authentication server, requesting some or all of the first authentication information not contained in the second authentication information,receive, based on the server authentication request, a server authentication response, from the authentication server, including some or all of the first authentication information requested in the server authentication request,update the second authentication information, as updated authentication information, to include the first authentication information received in the server authentication response,update the configuration information using the updated authentication information, andgenerate the authentication response based on the updated authentication information.
  - 13. The computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor, when sending the authentication response to the first application, to:
    - set an expiration for the authentication response that is sooner than an expiration for the second authentication information.
  - 14. The computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor to:
    - verify, based on cryptographic information contained in the authentication request, an identity of the first application,identify, based on the verified identity, the configuration information relating to the first application, andidentify, based on the identified configuration information, the first authentication information requested by the authentication request.

15. A method, comprising:
- receiving, by a device, an authentication request from a first application, the authentication request corresponding to a request for access to a resource associated with the first application;
  
  determining, by the device and based on the authentication request, that configuration information relates to the first application;
  
  determining, by the device and based on the configuration information, whether authentication information satisfies the authentication request,the authentication information being used by a second application to access to a resource associated with the second application;
  
  generating, by the device, an authentication response, to the authentication request, using the authentication information based on determining that the authentication information satisfies the authentication request; and
  
  sending, by the device, the authentication response, to the first application, to permit access to the resource associated with the first application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - based on determining that the authentication information does not satisfy the authentication request;
      
      generating, based on the authentication request, a server authentication request;
      
      encrypting the server authentication request;
      
      sending the encrypted server authentication request to an authentication server;
      
      receiving, based on the encrypted server authentication request, an encrypted server authentication response, from the authentication server;
      
      decrypting the encrypted server authentication response; and
      
      generating, based on the decrypted server authentication response, the authentication response.
  - 17. The method of claim 16, where generating the server authentication request further includes:
    - determining whether the authentication information contains a first portion of information that at least partially satisfies the authentication request; and
      
      requesting a second portion of information, not contained in the authentication information and that at least partially satisfies the authentication request, in the server authentication request.
  - 18. The method of claim 15, further comprising:
    - updating the configuration information according to an update schedule.
  - 19. The method of claim 15, further comprising:
    - updating the configuration information based on receiving the authentication request.
  - 20. The method of claim 15, further comprising:
    - determining, based on permission information for the authentication information and the configuration information, whether the first application is permitted to receive some or all of the authentication information; and
      
      generating the authentication response, to the authentication request, based on some or all of the authentication information that the first application is permitted to receive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
KHALIL, Manah M., LAMISON, Michael R., XIAO, Bo, ABOU-KHAMIS, Omar A.

Granted Patent

US 9,374,361 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/101   Access control lists [ACL]

CROSS-NATIVE APPLICATION AUTHENTICATION APPLICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CROSS-NATIVE APPLICATION AUTHENTICATION APPLICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links