MOBILE MULTIFACTOR SINGLE-SIGN-ON AUTHENTICATION
First Claim
1. A non-transitory computer storage medium which stores a client application comprising executable code that directs a mobile computing device to perform a process comprising:
- directing, by an authentication module, an independent browser, executable on the mobile computing device, to access a uniform resource locator (URL) associated with an authentication appliance configured to verify, with an identity database, authentication information received from the browser and configured to transmit a browser-accessible token to the browser,wherein the authentication information is associated with a user of the mobile device, andwherein the authentication appliance is configured to provide single-sign-on (SSO) services that comprise accepting, for purposes of authentication, in lieu of the authentication information, a previously created valid browser-accessible token that was the result of a previous authentication between the authentication appliance and one of;
a mobile client application or the independent browser;
receiving, at the authentication module, from the authentication appliance, a client application identity that indicates the user of the mobile device and that the user of the mobile device has been authenticated by the authentication appliance; and
using the client application identity obtain access to a network-based application service.
3 Assignments
0 Petitions
Accused Products
Abstract
Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device'"'"'s native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information.
69 Citations
2 Claims
-
1. A non-transitory computer storage medium which stores a client application comprising executable code that directs a mobile computing device to perform a process comprising:
-
directing, by an authentication module, an independent browser, executable on the mobile computing device, to access a uniform resource locator (URL) associated with an authentication appliance configured to verify, with an identity database, authentication information received from the browser and configured to transmit a browser-accessible token to the browser, wherein the authentication information is associated with a user of the mobile device, and wherein the authentication appliance is configured to provide single-sign-on (SSO) services that comprise accepting, for purposes of authentication, in lieu of the authentication information, a previously created valid browser-accessible token that was the result of a previous authentication between the authentication appliance and one of;
a mobile client application or the independent browser;receiving, at the authentication module, from the authentication appliance, a client application identity that indicates the user of the mobile device and that the user of the mobile device has been authenticated by the authentication appliance; and using the client application identity obtain access to a network-based application service.
-
-
2-30. -30. (canceled)
Specification
-
- Resources
-
Current AssigneeSecureAuth Incorporated
-
Original AssigneeSecureAuth Incorporated
-
InventorsPhillips, Robert Jason, Grajek, Garret Florian, Lo, Jeff Chiwai, Tung, Shu Jen
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesG06F 16/955 using information identifie...G06F 21/31 User authenticationG06F 21/41 where a single sign-on prov...H04L 2463/082 applying multi-factor authe...H04L 63/08 for authentication of entit...H04L 63/0815 providing single-sign-on or...H04L 63/0823 using certificates cryptogr...H04L 63/083 using passwords cryptograph...H04L 63/0853 using an additional device,...H04L 63/168 above the transport layerH04W 12/068 using credential vaults, e....H04W 12/069 using certificates or pre-s...
