System and Method for a Generic Single Sign-On Function

US 20160255075A1
Filed: 12/22/2015
Published: 09/01/2016
Est. Priority Date: 02/27/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing generic single sign-on in an electronic device, the method comprising:

receiving information identifying one or more applications and associated identity authenticators;

creating a whitelist of the identified applications and associated identity authenticators;

receiving from a first requesting application a first request for an access token;

if the first requesting application is listed in the whitelist,determining an identity of an identity authenticator associated with the first requesting application;

sending a second request for an access token to the identity authenticator;

in response to the second request, receiving a first access token from the identity authenticator; and

sending the first access token to the first requesting application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are presented for providing generic single sign-on in an electronic device. Information is received that identifies one or more applications and associated identity authenticators and a whitelist of the identified applications and authenticators is created. A request for an access token is received from a requesting application. If the requesting application is listed in the whitelist, an authenticator associated with the requesting application is determined and a request for an access token is sent to the associated authenticator. In response to the request, an access token is received from the authenticator and the access token is sent to the requesting application. If the requesting application is not listed in the whitelist, a predefined response message is sent to the requesting application

7 Citations

View as Search Results

20 Claims

1. A method for providing generic single sign-on in an electronic device, the method comprising:
- receiving information identifying one or more applications and associated identity authenticators;
  
  creating a whitelist of the identified applications and associated identity authenticators;
  
  receiving from a first requesting application a first request for an access token;
  
  if the first requesting application is listed in the whitelist,determining an identity of an identity authenticator associated with the first requesting application;
  
  sending a second request for an access token to the identity authenticator;
  
  in response to the second request, receiving a first access token from the identity authenticator; and
  
  sending the first access token to the first requesting application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
- - 2. The method of claim 1, further comprising storing the first access token in secure storage.
  - 3. The method of claim 2, further comprising:
    - receiving information identifying an application and an new associated authenticator;
      
      determining that the application is listed in the whitelist and associated with a previous authenticator;
      
      in response to so determining;
      
      in the whitelist, associating the application with the new authenticator;
      
      removing from the secure storage any access token issued to the application by the previous authenticator.
  - 4. The method of claim 1, further comprising providing a standard protocol for use by a plurality of requesting applications in requesting access tokens.
  - 5. The method of claim 1, further comprising, if the first requesting application is not listed in the whitelist, sending a predefined response to the first requesting application.
  - 6. The method of claim 1, further comprising:
    - receiving information identifying an additional application and associated identity authenticator; and
      
      adding the additional application and associated identity authenticator to the whitelist.
  - 7. The method of claim 1, wherein the one or more identity authenticators are implemented as independent applications.
  - 8. The method of claim 1, further comprising:
    - receiving from the identity authenticator a request to store user credential information relating to a user of the electronic device; and
      
      storing the user information in secure storage.
  - 9. The method of claim 8, further comprising:
    - receiving from a second requesting application a third request for an access token;
      
      if the second requesting application is found in the whitelist,determining that the identity authenticator is associated with the second requesting application;
      
      sending a fourth request to the identity authenticator;
      
      in response to a user credential information request from the identity authenticator, sending the stored user credential information to the identity authenticator;
      
      in response to the fourth request, receiving a second access token from the identity authenticator; and
      
      sending the second access token to the second requesting application.
  - 10. The method of claim 8, further comprising providing a standard procedure call protocol for use by the plurality of identity authenticators in at least one of sending the request for an access token to the identity authenticator and receiving from the identity authenticator the request to store user information.
  - 20. A non-transitory computer readable medium configured to control a processor to the method of claim 1 for providing generic single sign-on in an electronic device.

11. An electronic device providing generic single sign-on functionality, the electronic device comprising:
- a memory comprising a plurality of applications, the applications comprising an application interface, an agent interface, an authenticator interface, and a system service module; and
  
  a processor configured to execute one or more of the plurality of applications in the memory,wherein;
  
  the application interface is configured to exchange one or more messages with a plurality of applications;
  
  the agent interface is configured to receive one or more messages from an agent;
  
  the authenticator interface is configured to exchange one or more messages with a plurality of identity authenticators; and
  
  the system service module is configured to;
  
  receive one or more messages via the agent interface, each message identifying one or more applications and associated identity authenticators;
  
  create a whitelist of the one or more identified applications and associated identity authenticators;
  
  receive a first access token request message from a first requesting application via the application interface;
  
  determine whether the first requesting application is listed in the whitelist; and
  
  if the first requesting application is not listed in the whitelist, send a predefined response message to the first requesting application via the application interface.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the system service module is further configured to:
    - if the first requesting application is listed in the whitelist,determine an identity of an identity authenticator associated with the first requesting application;
      
      send a second access token request message to the identity authenticator via the authenticator interface;
      
      receive a first access token from the identity authenticator via the authenticator interface; and
      
      send the first access token to the first requesting application via the application interface.
  - 13. The system of claim 12, wherein the system service module is further configured to store the first access token in secure storage.
  - 14. The system of claim 13, wherein the system service module is further configured to:
    - receive a message via the agent interface, the message identifying an application and an new associated authenticator;
      
      determine whether the application is listed in the whitelist and associated with a previous authenticator;
      
      if the application is so listed in the whitelist;
      
      in the whitelist, associate the application with the new authenticator;
      
      remove from the secure storage any access token issued to the application by the previous authenticator.
  - 15. The system of claim 12, wherein the application interface is configured to provide a standard protocol for use by a plurality of requesting applications in requesting access tokens.
  - 16. The system of claim 12, wherein the system service module is further configured to:
    - receive a message via the agent interface, the message identifying an additional application and associated identity authenticator; and
      
      add the additional application and associated identity authenticator to the whitelist.
  - 17. The system of claim 12, wherein the one or more identity authenticators are implemented as independent applications.
  - 18. The system of claim 12, wherein the system service module is further configured to:
    - receive a message from the identity authenticator via the authenticator interface, the message comprising a request to store user credential information relating to a user of the electronic device; and
      
      store the user credential information in secure storage.
  - 19. The system of claim 18, wherein the system service module is further configured to:
    - receive a third access token request from a second requesting application via the application interface;
      
      if the second requesting application is listed in the whitelist,determine that the identity authenticator is associated with the second requesting application;
      
      send a fourth access token request to the identity authenticator via the authenticator interface;
      
      in response to receiving a user credential information request from the identity authenticator via the authenticator interface, send the stored user credential information to the identity authenticator via the authenticator interface;
      
      receive a second access token from the identity authenticator via the authenticator interface; and
      
      send the second access token to the second requesting application via the application interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Jiang, Haiqing, Prakash, Varun Shimoga, Liu, Xiao, Emani, Pavan Kumar, Zhang, Xiao, Zhang, Xinwen

Granted Patent

US 10,158,622 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/101   Access control lists [ACL]

System and Method for a Generic Single Sign-On Function

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for a Generic Single Sign-On Function

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links