AUTHENTICATING MOBILE APPLICATIONS USING POLICY FILES
1 Assignment
0 Petitions
Accused Products
Abstract
Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.
15 Citations
20 Claims
-
1-7. -7. (canceled)
-
8. A system, comprising a processor to:
-
receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication; distribute the key pair and the policy file; receive an authentication request from a mobile application; authenticate the mobile application based in part on the key pair and the policy file; generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair; authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope; send the doubly-authenticated scope token to a security gateway for user authentication; receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope; receive the grant token from the mobile application; and generate and send an access token to the mobile application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for authenticating mobile applications, the computer program product comprising a computer-readable storage medium having program code embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program code executable by a processor to cause the processor to:
-
receive a key pair and a policy file associated with a mobile service; receive a service request from a mobile application at a security gateway; detect the service request comprising an invalid or missing access token; redirect the mobile application to request a grant token from an authorization end point on a server; and receive a grant token request from the mobile application and forward the grant token request to the server based on a policy file, the policy file comprising a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification