Establishing a trusted session from a non-web client using adaptive authentication
First Claim
1. A method of launching a client application on an electronic device, the method comprising:
- after the client application is installed on the electronic device, providing input from the electronic device to an adaptive authentication service of a remote authentication server;
receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the electronic device; and
invoking the client application with the credential on the electronic device to establish a trusted session between the client application and an application server;
wherein providing the input from the electronic device to the adaptive authentication service of the remote authentication server includes providing a set of adaptive authentication factors from a web browser of the electronic device as input to a risk-based authentication operation performed by the adaptive authentication service, the risk-based authentication operation outputting a numerical risk score which quantitatively identifies a level of risk;
wherein receiving the credential from the adaptive authentication service includes obtaining the credential in response to a determination, by the adaptive authentication service, that the numerical risk score exceeds a predefined risk score threshold maintained by the adaptive authentication service on behalf of the application server; and
wherein invoking includes;
automatically activating the client application on the electronic device in response to receipt of the credential from the adaptive authentication service.
9 Assignments
0 Petitions
Accused Products
Abstract
A technique controls launching of a client application on an electronic device. The technique involves, after the client application is installed on the electronic device, providing input from the electronic device to an adaptive authentication service of a remote authentication server. The technique further involves receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the electronic device. The technique further involves invoking the client application with the credential on the electronic device to establish a trusted session between the client application and an application server. Such a technique is well suited for use by multi environment clients such as general purpose computers, tablets and smart phones.
57 Citations
19 Claims
-
1. A method of launching a client application on an electronic device, the method comprising:
-
after the client application is installed on the electronic device, providing input from the electronic device to an adaptive authentication service of a remote authentication server; receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the electronic device; and invoking the client application with the credential on the electronic device to establish a trusted session between the client application and an application server; wherein providing the input from the electronic device to the adaptive authentication service of the remote authentication server includes providing a set of adaptive authentication factors from a web browser of the electronic device as input to a risk-based authentication operation performed by the adaptive authentication service, the risk-based authentication operation outputting a numerical risk score which quantitatively identifies a level of risk; wherein receiving the credential from the adaptive authentication service includes obtaining the credential in response to a determination, by the adaptive authentication service, that the numerical risk score exceeds a predefined risk score threshold maintained by the adaptive authentication service on behalf of the application server; and wherein invoking includes; automatically activating the client application on the electronic device in response to receipt of the credential from the adaptive authentication service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An electronic device, comprising:
-
a communications interface; memory which stores a client application; and a controller coupled to the communications interface and the memory, the controller being constructed and arranged to; provide, after the client application is installed on the electronic device, input to an adaptive authentication service of a remote authentication server through the communications interface, receive a credential from the adaptive authentication service of the remote authentication server through the communications interface in response to a successful adaptive authentication result which is based on the input provided from the electronic device, and invoke the client application with the credential on the electronic device to establish a trusted session between the client application and an application server through the communications interface; wherein the controller provides the input from the electronic device to the adaptive authentication service of the remote authentication server including a set of adaptive authentication factors from a web browser of the electronic device as input to a risk-based authentication operation performed by the adaptive authentication service, the risk-based authentication operation outputting a numerical risk score which quantitatively identifies a level of risk; wherein, when the controller receives the credential from the adaptive authentication service, the credential further includes, in response to a determination by the adaptive authentication service, that the numerical risk score exceeds a predefined risk score threshold maintained by the adaptive authentication service on behalf of the application server; and wherein, when the controller invokes the client application, further includes automatically activating the client application on the electronic device in response to receipt of the credential from the adaptive authentication service. - View Dependent Claims (17)
-
-
18. A computer program product having a non-transitory computer readable medium which stores a set of instructions for launching a client application, the set of instructions causing a computerized device to perform a method of:
-
after the client application is installed on the computerized device, providing input from the computerized device to an adaptive authentication service of a remote authentication server; receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the computerized device; and invoking the client application with the credential on the computerized device to establish a trusted session between the client application and an application server; wherein providing the input from the electronic device to the adaptive authentication service of the remote authentication server includes providing a set of adaptive authentication factors from a web browser of the electronic device as input to a risk-based authentication operation performed by the adaptive authentication service, the risk-based authentication operation outputting a numerical risk score which quantitatively identifies a level of risk; wherein receiving the credential from the adaptive authentication service includes obtaining the credential in response to a determination, by the adaptive authentication service, that the numerical risk score exceeds a predefined risk score threshold maintained by the adaptive authentication service on behalf of the application server; and wherein invoking includes automatically activating the client application on the electronic device in response to receipt of the credential from the adaptive authentication service. - View Dependent Claims (19)
-
Specification