MOBILE MULTIFACTOR SINGLE-SIGN-ON AUTHENTICATION
First Claim
1. A non-transitory computer storage medium which stores a client application comprising executable code that directs a mobile computing device to perform a process comprising:
- directing, by an authentication module, an independent browser, executable on the mobile computing device, to access a uniform resource locator (URL) associated with an authentication appliance configured to verify, with an identity database, authentication information received from the browser and configured to transmit a browser-accessible token to the browser,wherein the authentication information is associated with a user of the mobile device, andwherein the authentication appliance is configured to provide single-sign-on (SSO) services that comprise accepting, for purposes of authentication, in lieu of the authentication information, a previously created valid browser-accessible token that was the result of a previous authentication between the authentication appliance and one of;
a mobile client application or the independent browser;
receiving, at the authentication module, from the authentication appliance, a client application identity that indicates the user of the mobile device and that the user of the mobile device has been authenticated by the authentication appliance; and
using the client application identity obtain access to a network-based application service.
3 Assignments
0 Petitions
Accused Products
Abstract
Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device'"'"'s native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information.
69 Citations
2 Claims
-
1. A non-transitory computer storage medium which stores a client application comprising executable code that directs a mobile computing device to perform a process comprising:
-
directing, by an authentication module, an independent browser, executable on the mobile computing device, to access a uniform resource locator (URL) associated with an authentication appliance configured to verify, with an identity database, authentication information received from the browser and configured to transmit a browser-accessible token to the browser, wherein the authentication information is associated with a user of the mobile device, and wherein the authentication appliance is configured to provide single-sign-on (SSO) services that comprise accepting, for purposes of authentication, in lieu of the authentication information, a previously created valid browser-accessible token that was the result of a previous authentication between the authentication appliance and one of;
a mobile client application or the independent browser;receiving, at the authentication module, from the authentication appliance, a client application identity that indicates the user of the mobile device and that the user of the mobile device has been authenticated by the authentication appliance; and using the client application identity obtain access to a network-based application service.
-
-
2-30. -30. (canceled)
Specification