SINGLE SIGN-ON FRAMEWORK FOR BROWSER-BASED APPLICATIONS AND NATIVE APPLICATIONS

US 20180152439A1
Filed: 11/30/2016
Published: 05/31/2018
Est. Priority Date: 11/30/2016
Status: Active Grant

First Claim

Patent Images

1. A system for providing a single sign-on capability to a browser-based application accessed by a browser:

a client device comprising a processor and a memory, the client device executing the browser and configured to at least;

store an authentication key on the client device in response to an initial authentication of credentials associated with a particular user account;

transmit a request to authenticate access to the browser-based application from the client device to an identity provider server;

receive an authentication challenge from the identity provider server in response to the request to authenticate access to the browser-based application;

retrieve the authentication key;

transmit the authentication key and the authentication challenge to the identity provider server; and

obtain an indication that the particular user account is authenticated by the identity provider server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user'"'"'s credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.

21 Citations

View as Search Results

20 Claims

1. A system for providing a single sign-on capability to a browser-based application accessed by a browser:
- a client device comprising a processor and a memory, the client device executing the browser and configured to at least;
  
  store an authentication key on the client device in response to an initial authentication of credentials associated with a particular user account;
  
  transmit a request to authenticate access to the browser-based application from the client device to an identity provider server;
  
  receive an authentication challenge from the identity provider server in response to the request to authenticate access to the browser-based application;
  
  retrieve the authentication key;
  
  transmit the authentication key and the authentication challenge to the identity provider server; and
  
  obtain an indication that the particular user account is authenticated by the identity provider server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the authentication challenge is embedded within a tbauth challenge received from the identity provider server.
  - 3. The system of claim 1, wherein the client device is further configured to at least:
    - obtain a request to perform the initial authentication of the particular user account;
      
      transmit at least one of a username and a password of the particular user account to the identity provider server;
      
      obtain the authentication key from the identity provider server; and
      
      store the authentication key on the client device.
  - 4. The system of claim 1, wherein the client device is further configured to at least redirect to a website that has federated authentication to the identity provider server in response to obtaining the indication that the particular user account is authenticated.
  - 5. The system of claim 1, wherein the indication that the particular user account is authenticated comprises an authentication token or a cookie.
  - 6. The system of claim 5, wherein the client device is further configured to store the authentication token or the cookie in a token store using an application programming interface (API) associated with an operating system executed by the client device.
  - 7. The system of claim 1, wherein the authentication key is retrieved from a token store by an identity provider application, wherein the identity provider application registers as a local identity provider using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for the identity provider server for which the identity provider application is the local identity provider.

8. A method for providing a single sign-on capability to a browser-based application accessed by a browser on a client device, comprising:
- storing an authentication key on the client device in response to an initial authentication of credentials associated with a particular user account;
  
  transmitting a request to authenticate access to the browser-based application from the client device to an identity provider server;
  
  receiving an authentication challenge from the identity provider server in response to the request to authenticate the access to the browser-based application;
  
  retrieving the authentication key; and
  
  transmitting the authentication key and the authentication challenge to the identity provider server; and
  
  obtaining an indication that the particular user account is authenticated by the identity provider server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the authentication challenge is embedded within a tbauth challenge received from the identity provider server.
  - 10. The method of claim 8, further comprising:
    - obtaining a request to perform the initial authentication of the particular user account;
      
      transmitting at least one of a username and a password of the particular user account to the identity provider server;
      
      obtaining the authentication key from the identity provider server; and
      
      storing the authentication key on the client device.
  - 11. The method of claim 8, further comprising redirecting to a website that has federated authentication to the identity provider server in response to obtaining the indication that the particular user account is authenticated.
  - 12. The method of claim 8, wherein the indication that the particular user account is authenticated comprises an authentication token or a cookie.
  - 13. The method of claim 12, further comprising storing the authentication token or the cookie in a token store using an application programming interface (API) associated with an operating system executed by the client device.
  - 14. The method of claim 8, wherein the authentication key is retrieved from a token store by an identity provider application, wherein the identity provider application registers as a local identity provider using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for the identity provider server for which the identity provider application is the local identity provider.

15. A non-transitory computer-readable medium comprising machine-readable instructions providing a single sign-on capability to a browser-based application accessed by a browser on a client device, wherein when executed by a processor of the client device, the machine-readable instructions cause the client device to at least:
- store an authentication key on the client device in response to an initial authentication of credentials associated with a particular user account;
  
  transmit a request to authenticate access to the browser-based application from the client device to an identity provider server;
  
  receive an authentication challenge from the identity provider server in response to the request to authenticate access to the browser-based application;
  
  retrieve the authentication key; and
  
  transmit the authentication key and the authentication challenge to the identity provider server; and
  
  obtain an indication that the particular user account is authenticated by the identity provider server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the authentication challenge is embedded within a tbauth challenge received from the identity provider server.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the instructions further cause the client device to at least:
    - obtain a request to perform the initial authentication of the particular user account;
      
      transmit at least one of a username and a password of the particular user account to the identity provider server;
      
      obtain the authentication key from the identity provider server; and
      
      store the authentication key on the client device.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the indication that the particular user account is authenticated comprises an authentication token or a cookie.
  - 19. The non-transitory computer-readable medium of claim 18, wherein the machine-readable instructions further cause the computing device to at least store the authentication token or the cookie in a token store using an application programming interface (API) associated with an operating system executed by the client device.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the authentication key is retrieved from a token store by an identity provider application, wherein the identity provider application registers as a local identity provider using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for the identity provider server for which the identity provider application is the local identity provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Hande, Yogesh Govind, Shantharam, Shravan, Regula, Kalyan, Murthy, Varun, Sundaram, Bhuvanesh Shanmuga, Deriso, Jonathon

Granted Patent

US 10,320,771 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 67/02   based on web technology, e....

SINGLE SIGN-ON FRAMEWORK FOR BROWSER-BASED APPLICATIONS AND NATIVE APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE SIGN-ON FRAMEWORK FOR BROWSER-BASED APPLICATIONS AND NATIVE APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links