Passporting credentials between a mobile app and a web browser

US 8,881,250 B2
Filed: 06/17/2011
Issued: 11/04/2014
Est. Priority Date: 06/17/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a client device executing a native app and an embedded web browser, wherein;

the native app has a device session token that provides a session authentication with a server for an authenticated device session between the native app and the server, wherein the session authentication is based on credentials for authenticating a user;

the native app invokes the embedded web browser, providing the embedded web browser with the device session token based on the credentials, wherein the device session token provides authentication for a web flow session on the embedded web browser, wherein the web flow session continues the authenticated device session from the native app based on the authentication provided from the device session token; and

the native app refreshes the device session token based on communication back from the web flow session to the authenticated device session between the native app and the server, the communication implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser so that the device session between the native app and the server remains active while the web flow session is active.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider'"'"'s core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure.

33 Citations

View as Search Results

20 Claims

1. A system comprising:
- a client device executing a native app and an embedded web browser, wherein;
  
  the native app has a device session token that provides a session authentication with a server for an authenticated device session between the native app and the server, wherein the session authentication is based on credentials for authenticating a user;
  
  the native app invokes the embedded web browser, providing the embedded web browser with the device session token based on the credentials, wherein the device session token provides authentication for a web flow session on the embedded web browser, wherein the web flow session continues the authenticated device session from the native app based on the authentication provided from the device session token; and
  
  the native app refreshes the device session token based on communication back from the web flow session to the authenticated device session between the native app and the server, the communication implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser so that the device session between the native app and the server remains active while the web flow session is active.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein:
    - the native app monitors uniform resource locators (URL) requested by the embedded web browser; and
      
      in response to the embedded web browser'"'"'s requesting one of a set of pre-defined URLs, the native app acts accordingly.
  - 3. The system of claim 1, wherein if the user is currently logged in with the native app, the embedded web browser session continues the device session without requiring the user to re-login.
  - 4. The system of claim 1, whereinthe embedded web browser passes the device session token to a common gateway interface (CGI);
    - andthe CGI uses the device session token to fetch information that allows the CGI to jump to a desired web flow.
  - 5. The system of claim 1, wherein a server stores information for the device session token in a database wherein the information is associated with the credentials for the device session token so that the session on the embedded web browser is continued from the device session.
  - 6. The system of claim 1, wherein the session on the embedded web browser is authenticated by a common gateway interface (CGI) that receives the device session token and uses the device session token to find information stored in a database and associated with the credentials so that the CGI authenticates the session on the embedded web browser based on the credentials on which the session authentication for the device session is based.
  - 7. The system of claim 1, wherein the session on the embedded web browser is rendered and processed according to information received from a database accessed by the CGI using the device session token, wherein the information corresponding to the device session token is stored in the database by a server.
  - 8. The system of claim 1, wherein the device session token is used by a common gateway interface (CGI) to retrieve stored session data related to the device session from a database.

9. A method comprising:
- authenticating a device session from a native app executing on a client device;
  
  producing a device session token from the authenticated device session;
  
  passing the device session token to authenticate a user when entering a web flow; and
  
  entering the web flow on an embedded browser driven by the native app, wherein;
  
  a web flow session continues the authenticated device session from the native app based on the authentication provided from the device session token; and
  
  the native app refreshes the device session token based on communication back from the web flow session to the authenticated device session between the native app and the server, the communication implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser so that the device session between the native app and the server remains active while the web flow session is active.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the native app acts accordingly in response to the embedded browser'"'"'s requesting one of a set of pre-defined URLs being monitored by the native app.
  - 11. The method of claim 9, wherein if a user is currently logged in with the native app, the web flow session on the embedded browser continues the device session without requiring the user to re-login so that the user encounters a single shared session running at least two parallel secure communication interactions with an infrastructure.
  - 12. The method of claim 9, wherein:
    - the embedded browser executing on the client device passes the device session token to a common gateway interface (CGI); and
      
      the CGI uses the device session token to fetch information that allows the CGI to enter a desired web flow.
  - 13. The method of claim 9, wherein:
    - a server stores information for the device session token into a database, wherein the information is associated with the credentials for the device session token so that the web flow on the embedded browser is continued from the device session.
  - 14. The method of claim 9, whereinthe web flow on the embedded browser is rendered and processed according to information received from a database accessed by the CGI using the authorization session token, wherein the information corresponding to the authorization session token is stored in the database by a server.

15. A computer program product comprising a non-transitory computer readable medium having computer readable and executable code for instructing a processor to perform a method, the method comprising:
- authenticating a device session from a native app executing on a client device;
  
  producing a device session token from the authentication;
  
  passing the device session token to authenticate a user when entering a web flow; and
  
  entering the web flow on an embedded browser invoked by the native app, wherein;
  
  a web flow session continues the authenticated device session from the native app based on the authentication provided from the device session token; and
  
  the native app refreshes the device session token based on communication back from the web flow session to the authenticated device session between the native app and the server, the communication implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser so that the device session between the native app and the server remains active while the web flow session is active.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the method further comprises:
    - monitoring uniform resource locators (URL) requested by the embedded browser; and
      
      the native app acts accordingly in response to the embedded browser'"'"'s requesting one of a pre-defined set of URLs.
  - 17. The computer program product of claim 15, wherein if a user is currently logged in to the device session, the web flow session on the embedded browser continues the device session without requiring the user to re-login so that the user encounters a single shared session running at least two parallel secure communication interactions with an infrastructure.
  - 18. The computer program product of claim 15, wherein the method further comprises:
    - the embedded browser passes the device session token to a common gateway interface (CGI); and
      
      the CGI uses the device session token to authenticate the device session and allow the CGI to enter a desired web flow.
  - 19. The computer program product of claim 15, whereininformation pointed to by the device session token is stored into a database;
    - andthe information is associated with the credentials for the device session token so that the web flow on the embedded browser is continued from the device session.
  - 20. The computer program product of claim 15 whereinthe web flow on the embedded browser is rendered and processed according to information received from a database accessed by the CGI using the authorization session token, wherein the information corresponding to the authorization session token is stored in the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Yefimov, Igor, Atwood, Scott
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US13/162,842
Publication Number

US 20120324556A1
Time in Patent Office

1,236 Days
Field of Search

None
US Class Current

726/7
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 67/00   Network arrangements or pro...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/04   specially adapted for termi...

H04L 67/146   Markers for unambiguous ide...

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

H04W 12/062   Pre-authentication

H04W 4/00   Services specially adapted ...

Passporting credentials between a mobile app and a web browser

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Passporting credentials between a mobile app and a web browser

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links