Single sign-on processing for associated mobile applications

US 9,015,328 B2
Filed: 03/07/2013
Issued: 04/21/2015
Est. Priority Date: 03/07/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one memory storing computer-executable instructions; and

at least one processor configured to access the at least one memory and execute the computer-executable instructions to;

receive, from an application executing on a computing device and on behalf of a user, a request to establish an interaction session with a first back-end system;

identify a second back-end system, wherein an active interaction session exists with the second back-end system;

generate a first request for one or more identifiers associated with the user;

transmit, to the second back-end system, the first request;

receive, from the second back-end system and responsive to the first request, a first response comprising the one or more identifiers associated with the user;

generate a second request comprising at least one identifier of the one or more identifiers associated with the user;

transmit, to the first back-end system, the second request;

receive, from the first back-end system and responsive to the second request, a second response comprising a session identifier indicating establishment of the interaction session with the first back-end system;

generate, responsive to the request to establish the interaction session with the first back-end system, a response comprising the session identifier; and

transmit, to the application, the response comprising the session identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.

Citations

24 Claims

1. A system, comprising:
- at least one memory storing computer-executable instructions; and
  
  at least one processor configured to access the at least one memory and execute the computer-executable instructions to;
  
  receive, from an application executing on a computing device and on behalf of a user, a request to establish an interaction session with a first back-end system;
  
  identify a second back-end system, wherein an active interaction session exists with the second back-end system;
  
  generate a first request for one or more identifiers associated with the user;
  
  transmit, to the second back-end system, the first request;
  
  receive, from the second back-end system and responsive to the first request, a first response comprising the one or more identifiers associated with the user;
  
  generate a second request comprising at least one identifier of the one or more identifiers associated with the user;
  
  transmit, to the first back-end system, the second request;
  
  receive, from the first back-end system and responsive to the second request, a second response comprising a session identifier indicating establishment of the interaction session with the first back-end system;
  
  generate, responsive to the request to establish the interaction session with the first back-end system, a response comprising the session identifier; and
  
  transmit, to the application, the response comprising the session identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the session identifier is a first session identifier, and wherein the request to establish the interaction session with the first back-end system comprises:
    - i) an identifier associated with the first back-end system,ii) an identifier associated with the second back-end system,iii) a second session identifier associated with the active interaction session with the second back-end system, andiv) a session identifier associated with an active interaction session with the system.
  - 3. The system of claim 2, wherein, to identify the second back-end system, the at least one processor is configured to execute the computer-executable instructions to:
    - i) identify the second back-end system based at least in part on the second session identifier,ii) identify the second back-end system based at least in part on information that identifies a set of one or more active interaction sessions associated with the user, oriii) identify the second back-end system based at least in part on information that identifies;
      
      i) a set of one or more identifiers associated with the user and the second back-end system and ii) a set of one or more types of identifiers, wherein the user is identifiable to the first back-end system based at least in part on each type of identifier of the one or more types of identifiers.
  - 4. The system of claim 1, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - determine one or more types of candidate identifiers, wherein the user is identifiable to the first back-end system based at least in part on each of the one or more types of candidate identifiers, andwherein, to generate the first request, the at least one processor is configured to execute the computer-executable instructions to;
      
      determine the one or more identifiers associated with the user based at least in part on the one or more types of candidate identifiers, wherein each of the one or more identifiers associated with the user corresponds to a respective one of the one or more types of candidate identifiers.
  - 5. The system of claim 1, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - determine a set of one or more types of candidate identifiers, wherein the user is identifiable to the first back-end system based at least in part on each type of candidate identifier of the set of one or more types of candidate identifiers;
      
      identify a set of one or more candidate identifiers from the one or more identifiers associated with the user, wherein each identifier in the set of one or more candidate identifiers corresponds to a respective one type of identifier of the set of one or more types of candidate identifiers; and
      
      select at least a portion of the set of one or more candidate identifiers as the at least one identifier included in the second request.
  - 6. The system of claim 5, wherein the at least a portion of the set of one or more candidate identifiers is selected based at least in part on one or more prioritization criteria.
  - 7. The system of claim 6, wherein the one or more prioritization criteria comprise a criterion relating to a probability of successfully establishing the interaction session with the first back-end server based at least in part on the at least a portion of the set of the one or more candidate identifiers.
  - 8. The system of claim 1, wherein the one or more identifiers associated with the user is a first set of one or more identifiers associated with the user, and wherein prior to identifying the second back-end system, the at least one processor is further configured to execute the computer-executable instructions to:
    - identify a third back-end system, wherein an active interaction session exists with the third back-end system;
      
      transmit, to the third back-end system, a request for a second set of one or more identifiers associated with the user;
      
      receive, from the third back-end system, a response comprising the second set of one or more identifiers associated with the user;
      
      transmit, to the first back-end system, a request comprising at least a portion of the second set of one or more identifiers associated with the user; and
      
      receive, from the first back-end system and responsive to the request comprising the at least a portion of the second set of identifiers, an indication of failure to establish the interaction session with the first back-end system,wherein the second back-end system is identified responsive to receipt of the indication of failure.
  - 9. The system of claim 1, wherein the application is a first application, and wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - receive, from a second application associated with the session identifier and executing on the computing device, a request for application association information associated with a set of one or more applications associated with the second application, wherein the set of one or more applications comprises the first application; and
      
      transmit, to the second application, the request for application association information,wherein the second application is configured to generate an information presentation associated with the set of one or more applications based at least in part on the application association information.
  - 10. The system of claim 9, wherein the application association information comprises:
    - i) a respective identifier associated with each application of the set of one or more applications,ii) respective back-end identification information identifying a respective set of one or more back-end systems associated with each application of the set of one or more applications, andiii) respective metadata associated with each application of the set of one or more applications.
  - 11. The system of claim 1, wherein at least one of:
    - i) the first back-end system or ii) the second back-end system is associated with the application.
  - 12. The system of claim 1, wherein the application is a mobile application and the computing device is a mobile computing device.

13. A method, comprising:
- receiving, by an application linking system comprising one or more computers and from an application executing on a computing device associated with a user, a request to establish an interaction session with a first back-end system;
  
  identifying, by the application linking system, a second back-end system, wherein an active interaction session exists with the second back-end system;
  
  generating, by the application linking system, a first request for one or more identifiers associated with the user;
  
  transmitting, by the application linking system to the second back-end system, the first request;
  
  receiving, by the application linking system from the second back-end system and responsive to the first request, a first response comprising the one or more identifiers associated with the user;
  
  generating, by the application linking system, a second request comprising at least one identifier of the one or more identifiers associated with the user;
  
  transmitting, by the application linking system to the first back-end system, the second request;
  
  receiving, by the application linking system from the first back-end system and responsive to the second request, a second response comprising a session identifier indicating establishment of the interaction session with the first back-end system;
  
  generating, by the application linking system and responsive to the request to establish the interaction session with the first back-end system, a response comprising the session identifier; and
  
  transmitting, by the application linking system to the application, the response comprising the session identifier.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein the session identifier is a first session identifier, and wherein the request to establish the interaction session with the first back-end system comprises:
    - i) an identifier associated with the first back-end system,ii) an identifier associated with the second back-end system,iii) a second session identifier associated with the active interaction session that is associated with the second back-end system and the user, andiv) a session identifier associated with an active interaction session with the application linking system.
  - 15. The method of claim 14, wherein identifying the second back-end system comprises at least one of:
    - i) identifying the second back-end system based at least in part on the second session identifier,ii) identifying the second back-end system based at least in part on information stored in association with the application linking system that identifies a set of one or more active interaction sessions associated with the user, oriii) identifying the second back-end system based at least in part on information stored in association with the application linking system that identifies;
      
      i) a set of one or more identifiers associated with the user and the second back-end system and ii) a set of one or more types of identifiers, wherein the user is identifiable to the first back-end system based at least in part on each type of identifier of the one or more types of identifiers.
  - 16. The method of claim 13, further comprising:
    - determining, by the application linking system, one or more types of candidate identifiers, wherein the user is identifiable to the first back-end system based at least in part on each of the one or more types of candidate identifiers, andwherein the generating the first request comprises;
      
      determining, by the application linking system, the one or more identifiers associated with the user based at least in part on the one or more types of candidate identifiers, wherein each of the one or more identifiers associated with the user corresponds to a respective one of the one or more types of candidate identifiers.
  - 17. The method of claim 13, further comprising:
    - determining, by the application linking system, a set of one or more types of candidate identifiers, wherein the user is identifiable to the first back-end system based at least in part on each type of candidate identifier of the set of one or more types of candidate identifiers;
      
      identifying, by the application linking system, a set of one or more candidate identifiers, wherein each identifier in the set of one or more candidate identifiers corresponds to a respective one type of identifier of the set of one or more types of candidate identifiers; and
      
      selecting, by the application linking system, at least a portion of the set of candidate identifiers as the at least one identifier included in the second request.
  - 18. The method of claim 17, wherein the at least a portion of the set of one or more candidate identifiers is selected based at least in part on one or more prioritization criteria.
  - 19. The method of claim 18, wherein the one or more prioritization criteria comprise a criterion relating to a probability of successfully establishing the interaction session with the first back-end server based at least in part on the at least a portion of the set of one or more candidate identifiers.
  - 20. The method of claim 13, wherein the one or more identifiers associated with the user is a first set of one or more identifiers associated with the user, and wherein prior to identifying the second back-end system, the method further comprising:
    - identifying, by the application linking system, a third back-end system, wherein an active interaction session exists with the third back-end system;
      
      transmitting, by the application linking system to the third back-end system, a request for a second set of one or more identifiers associated with the user;
      
      receiving, by the application linking system from the third back-end system, a response comprising the second set of one or more identifiers associated with the user;
      
      transmitting, by the application linking system to the first back-end system, a request comprising at least a portion of the second set of one or more identifiers associated with the user; and
      
      receiving, by the application linking system from the first back-end system and responsive to the request comprising the at least a portion of the second set of identifiers, an indication of failure to establish the interaction session with the first back-end system,wherein the second back-end system is identified responsive to receipt of the indication of failure.
  - 21. The method of claim 13, wherein the application is a first application, further comprising:
    - receiving, by the application linking system and from a second application associated with the session identifier and executing on the computing device, a request for application association information associated with a set of one or more applications associated with the second application, wherein the set of one or more applications comprises the first application; and
      
      transmitting, by the application linking system to the second application, the request for application association information,wherein the second application is configured to generate an information presentation associated with the set of one or more applications based at least in part on the application association information.
  - 22. The method of claim 21, wherein the application association information comprises:
    - i) a respective identifier associated with each application of the set of one or more applications,ii) respective back-end identification information identifying a respective set of one or more back-end systems associated with each application of the set of one or more applications, andiii) respective metadata associated with each application of the set of one or more applications.
  - 23. The method of claim 13, wherein at least one of:
    - i) the first back-end system or ii) the second back-end system is associated with the application.
  - 24. The method of claim 13, wherein the application is a mobile application and the computing device is a mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fiserv Incorporated
Original Assignee
Fiserv Incorporated
Inventors
Scavo, David Francis, Whiteside, Barbara Wilson
Primary Examiner(s)
Meky, Moustafa M

Application Number

US13/788,629
Publication Number

US 20140258547A1
Time in Patent Office

775 Days
Field of Search

709200-203, 709217-228, 709/238
US Class Current

709/227
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 9/40   Network security protocols

H04W 12/06   Authentication

Single sign-on processing for associated mobile applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on processing for associated mobile applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links