Using a trusted token and push for validating the request for single sign on

US 8,544,076 B2
Filed: 11/11/2010
Issued: 09/24/2013
Est. Priority Date: 11/11/2009
Status: Active Grant

First Claim

Patent Images

1. A distributed computer-implemented method for providing access to an enterprise application from a telecommunications device, the method comprising:

in a client;

requesting an enterprise application token from an intermediate application gateway (IAG) using a dataset comprising a device identifier, a user identifier, or both a device identifier and a user identifier;

in an IAG;

preparing an enterprise application token in response to the request,pushing a first portion of the prepared token to a user-centered address associated with the telecommunications device via a push technology network element;

pushing a second portion of the prepared token to a device-centered address associated with the telecommunications device via the push technology network element;

in the client;

receiving the first portion of the prepared token and second portion of the prepared token;

assembling the first portion and second portion into a token; and

employing the assembled token in communications addressed to an enterprise application stored on one or more application servers via a device server and the IAG with the device server and the IAG interposed between the telecommunications device and the one or more application servers;

in the IAG;

replacing the employed token in each communication with identification information called for by the enterprise application; and

sending the communication with the identification information to the enterprise application.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing access to an enterprise application from a telecommunications device via a client, through a device server, and an intermediate application gateway (IAG), is disclosed. The server is communication with the client and the IAG. The IAG and client are in indirect communication via the server. The client is operative to request an enterprise application token from the IAG using a dataset comprising a device identifier and a user identifier, without concurrently prompting a user for the dataset. The IAG is operative to prepare a token in response to the request, and push the token to an e-mail address associated with the telecommunications device via the server'"'"'s push proxy gateway. The client is operative to employ the token in communications addressed to an enterprise application via the server and the IAG. The IAG is operative to replace the token in each communication with identification information called for by the enterprise application.

13 Citations

18 Claims

1. A distributed computer-implemented method for providing access to an enterprise application from a telecommunications device, the method comprising:
- in a client;
  
  requesting an enterprise application token from an intermediate application gateway (IAG) using a dataset comprising a device identifier, a user identifier, or both a device identifier and a user identifier;
  
  in an IAG;
  
  preparing an enterprise application token in response to the request,pushing a first portion of the prepared token to a user-centered address associated with the telecommunications device via a push technology network element;
  
  pushing a second portion of the prepared token to a device-centered address associated with the telecommunications device via the push technology network element;
  
  in the client;
  
  receiving the first portion of the prepared token and second portion of the prepared token;
  
  assembling the first portion and second portion into a token; and
  
  employing the assembled token in communications addressed to an enterprise application stored on one or more application servers via a device server and the IAG with the device server and the IAG interposed between the telecommunications device and the one or more application servers;
  
  in the IAG;
  
  replacing the employed token in each communication with identification information called for by the enterprise application; and
  
  sending the communication with the identification information to the enterprise application.
- View Dependent Claims (2, 3, 4)
- - 2. The distributed computer-implemented method of claim 1, further comprising:
    - in the client;
      
      requesting an enterprise application token from an intermediate application gateway (IAG) using a dataset comprising a device identifier and a user identifier; and
      
      in the IAG;
      
      confirming an association between the device identifier and the user identifier included in the token request.
  - 3. The distributed computer-implemented method of claim 1, wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address.
  - 4. The distributed computer-implemented method of claim 1, wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address.

5. A system for providing access to an enterprise application from a telecommunications device, the system comprising:
- the telecommunications device comprising a client application;
  
  a device server comprising a push technology network element; and
  
  an intermediate application gateway (IAG);
  
  wherein;
  
  the device server is in communication with the client and the IAG;
  
  the IAG and client are in indirect communication via the device server;
  
  the client is operative to request an enterprise application token from the IAG using the dataset comprising at least one of;
  
  a device identifier and a user identifier;
  
  the IAG is operative to;
  
  prepare an enterprise application token in response to the request, andpush a first portion of the prepared token to a user-centered address associated with the telecommunications device;
  
  push a second portion of the prepared token to a device-centered address associated with the telecommunications device;
  
  the client is operative to;
  
  receive the first portion of the prepared token and second portion of the prepared token;
  
  assemble the first portion and second portion into a token;
  
  employ the assembled token in communications addressed to an enterprise application stored on one or more application servers via the device server and the IAG with the device server and the IAG interposed between the telecommunications device and the one or more application servers; and
  
  the IAG is operative to;
  
  replace the token in each communication with identification information called for by the enterprise application; and
  
  send the communication with the identification information to the enterprise application.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The system of claim 5 wherein:
    - a push destination comprises an e-mail address associated with the communications device.
  - 7. The system of claim 5 wherein:
    - the IAG is further operative to confirm an association between the device identifier and the user identifier included in the token request.
  - 8. The system of claim 5 wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 9. The system of claim 5 wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 10. The system of claim 5 wherein:
    - the push technology network element comprises one of;
      
      a short message service center and a push proxy gateway.

11. A distributed computer program product for providing access to an enterprise application from a telecommunications device, the computer program product comprising:
- non-transitory computer readable media distributed across a client, a device server comprising a push proxy gateway, and an intermediate application gateway (IAG);
  
  a client programming module;
  
  stored on the media, andoperative to;
  
  request an enterprise application token from the IAG using the dataset comprising at least one of;
  
  a device identifier and a user identifier;
  
  receive a first portion of a prepared token and a second portion of the prepared token;
  
  assemble the first portion and second portion into a token;
  
  employ the assembled token in communications addressed to an enterprise application stored on one or more application servers via the device server and the IAG with the device server and the IAG interposed between the telecommunications device and the one or more application servers;
  
  an IAG programming module;
  
  stored on the media, andoperative to;
  
  prepare an enterprise application token in response to the request,push the first portion of the prepared token to a user-centered address associated with the telecommunications device via the push proxy gateway;
  
  push the second portion of the prepared token to a device-centered address associated with the telecommunications device via the push proxy gateway;
  
  replace the token in each communication with identification information called for by the enterprise application; and
  
  send the communication with the identification information to the enterprise application; and
  
  a device server programming module;
  
  stored on the media, andoperative to communicate between a plurality of devices and an IAG.
- View Dependent Claims (12, 13, 14)
- - 12. The distributed computer program product of claim 11 wherein:
    - the client programming module is operative to request an enterprise application token from an IAG using a dataset comprising a device identifier and a user identifier;
      
      andthe IAG programming module is further operative to confirm an association between the device identifier and the user identifier included in the token request.
  - 13. The distributed computer program product of claim 11 wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 14. The distributed computer program product of claim 11 wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address in a domain of the device server.

15. A system for providing access to an enterprise application from a telecommunications device, the system comprising:
- the telecommunications device comprising a client application;
  
  a device server comprising a push proxy gateway and an HTTP gateway; and
  
  an intermediate application gateway (IAG);
  
  wherein;
  
  the device server is communication with the client and the IAG;
  
  the IAG and client are in indirect communication via the device server;
  
  the client is operative to request an enterprise application token from the IAG using the dataset comprising at least one of;
  
  a device identifier and a user identifier;
  
  the IAG is operative to;
  
  prepare an enterprise application token in response to the request,push a first portion of the prepared token to a user-centered address associated with the telecommunications device via the push proxy gateway;
  
  push a second portion of the prepared token to a device-centered address associated with the telecommunications device via the push proxy gatewaythe client is operative to;
  
  receive the first portion and second portion;
  
  assemble the first portion and second portion into a token;
  
  employ the assembled token in communications addressed to an enterprise application stored on one or more application servers via the device server and the IAG with the device server and the IAG interposed between the telecommunications device and the one or more application servers; and
  
  the IAG is operative to;
  
  replace the token in each communication with identification information called for by the enterprise application; and
  
  send the communication with the identification information to the enterprise application.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15 wherein:
    - an client programming module is operative to requesting an enterprise application token from an IAG using a dataset comprising a device identifier and a user identifier; and
      
      an IAG programming module is further operative to confirm an association between the device identifier and the user identifier included in the token request.
  - 17. The system of claim 15 wherein:
    - the device identifier comprises a PIN of the device, andthe user identifier comprises an e-mail address in a domain of the device server.
  - 18. The system of claim 15 wherein:
    - the device identifier comprises a mobile phone number of the device, andthe user identifier comprises an e-mail address in a domain of the device server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bhuta, Mahesh Babubhai, Guerrero, Fernando, Godfrey, James Andrew, Russell, Graham
Primary Examiner(s)
Nguyen, Dustin
Assistant Examiner(s)
NGUYEN, HAO HONG

Application Number

US12/944,155
Publication Number

US 20110283347A1
Time in Patent Office

1,048 Days
Field of Search

726/9, 726/10, 726/8, 726/4, 726/5, 726/20
US Class Current

726/9
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/168   above the transport layer

H04L 63/18   using different networks or...

H04L 67/561   Adding application-function...

Using a trusted token and push for validating the request for single sign on

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Using a trusted token and push for validating the request for single sign on

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links