AUTHENTICATING MOBILE APPLICATIONS USING POLICY FILES

US 20160164851A1
Filed: 12/04/2014
Published: 06/09/2016
Est. Priority Date: 12/04/2014
Status: Active Grant

First Claim

Patent Images

1-7. -7. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.

15 Citations

View as Search Results

20 Claims

1-7. -7. (canceled)

8. A system, comprising a processor to:
- receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication;
  
  distribute the key pair and the policy file;
  
  receive an authentication request from a mobile application;
  
  authenticate the mobile application based in part on the key pair and the policy file;
  
  generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair;
  
  authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope;
  
  send the doubly-authenticated scope token to a security gateway for user authentication;
  
  receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope;
  
  receive the grant token from the mobile application; and
  
  generate and send an access token to the mobile application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising a service server accessible by the mobile application using the access token.
  - 10. The system of claim 8, wherein the key pair comprises a private key and a public key.
  - 11. The system of claim 10, wherein the policy file comprises instructions defining types of security checks associated with a service, an order in which the authentications are to be executed, and a device responsible for each authentication.
  - 12. The system of claim 8, wherein the application scope, the user scope, and the device scope comprise an expiration time.
  - 13. The system of claim 8, further comprising a mobile enterprise application platform (MEAP) executable by the processor to validate the access token.
  - 14. The system of claim 8, wherein the scope token further comprises a device identification and a user name.

15. A computer program product for authenticating mobile applications, the computer program product comprising a computer-readable storage medium having program code embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program code executable by a processor to cause the processor to:
- receive a key pair and a policy file associated with a mobile service;
  
  receive a service request from a mobile application at a security gateway;
  
  detect the service request comprising an invalid or missing access token;
  
  redirect the mobile application to request a grant token from an authorization end point on a server; and
  
  receive a grant token request from the mobile application and forward the grant token request to the server based on a policy file, the policy file comprising a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising program code executable by the processor to send an authentication challenge to the mobile application with a response based on the policy file.
  - 17. The computer program product of claim 15, further comprising program code executable by the processor to receive a second request from the mobile application with a correct authentication response and forward the second request to the server to generate a grant token.
  - 18. The computer program product of claim 15, further comprising program code executable by the processor to forward the service request to the server and return a service response to the mobile application if the service request includes a valid access token.
  - 19. The computer program product of claim 15, wherein the access token comprises:
    - a user authentication scope, a device authentication scope, and an application authenticity scope;
      
      a device identification number; and
      
      a user identification.
  - 20. The computer program product of claim 16, wherein the authentication challenge comprises a user authentication challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Borovoy, Ishai, LEVIN, Iddo, Schneider, Haim, Shachor, Gal, Spector, Artem

Granted Patent

US 9,736,126 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

H04L 12/06   Answer-back mechanisms or c...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

AUTHENTICATING MOBILE APPLICATIONS USING POLICY FILES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATING MOBILE APPLICATIONS USING POLICY FILES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links