Transferring an authenticated session between security contexts
First Claim
1. A computerized method for transferring an authenticated session between security contexts, the method comprising:
- establishing, on a mobile computing device, a first authenticated session between a native application and a server computing device via a communications network;
requesting, by the mobile device, transfer of the first authenticated session to a browser application on the mobile device;
receiving, by the mobile device, session transfer parameters from a first Security Assertion Markup Language (SAML) authentication system associated with the first authenticated session after transfer is requested, the session transfer parameters including a web address and a SAML security identifier;
directing, by the mobile device, the browser application to a second SAML authentication system using the session transfer parameters to initialize the browser application;
validating, by the second SAML authentication system, the SAML security identifier to generate an authentication credential for the mobile device, comprisingtransmitting, by the mobile device, the SAML security identifier to the second SAML authentication system;
establishing, by the second SAML authentication system, a connection to the first SAML authentication system;
receiving, by the second SAML authentication system, a SAML identity from the first SAML authentication system;
requesting, by the second SAML authentication system, resolution of the SAML security identifier from the first SAML authentication system based upon the SAML identity;
translating, by the second SAML authentication system, the received SAML identity into an internal identity associated with the server computing device; and
generating, by the second SAML authentication system, the authentication credential based upon the internal identity;
authenticating, by the mobile device, the browser application to the server computing device using the generated authentication credential; and
redirecting, by the mobile device, the browser application to the server computing device to complete transfer of the first authenticated session.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses are described for transferring an authenticated session between security contexts. A mobile device establishes a first authenticated session between a native application and a server computing device via a communications network and requests transfer of the first authenticated session to a browser application. The mobile device receives session transfer parameters from a first Security Assertion Markup Language (SAML) authentication system associated with the first authenticated session after transfer is requested, the session transfer parameters including a web address and a SAML security identifier. The mobile device directs the browser application to a second SAML authentication system using the session transfer parameters to initialize the browser application and validates the SAML identifier at the SAML authentication system to generate an authentication credential. The mobile device authenticates the browser application to the server computing device using the authentication credential and redirects the browser application to the server computing device.
-
Citations
25 Claims
-
1. A computerized method for transferring an authenticated session between security contexts, the method comprising:
-
establishing, on a mobile computing device, a first authenticated session between a native application and a server computing device via a communications network; requesting, by the mobile device, transfer of the first authenticated session to a browser application on the mobile device; receiving, by the mobile device, session transfer parameters from a first Security Assertion Markup Language (SAML) authentication system associated with the first authenticated session after transfer is requested, the session transfer parameters including a web address and a SAML security identifier; directing, by the mobile device, the browser application to a second SAML authentication system using the session transfer parameters to initialize the browser application; validating, by the second SAML authentication system, the SAML security identifier to generate an authentication credential for the mobile device, comprising transmitting, by the mobile device, the SAML security identifier to the second SAML authentication system; establishing, by the second SAML authentication system, a connection to the first SAML authentication system; receiving, by the second SAML authentication system, a SAML identity from the first SAML authentication system; requesting, by the second SAML authentication system, resolution of the SAML security identifier from the first SAML authentication system based upon the SAML identity; translating, by the second SAML authentication system, the received SAML identity into an internal identity associated with the server computing device; and generating, by the second SAML authentication system, the authentication credential based upon the internal identity; authenticating, by the mobile device, the browser application to the server computing device using the generated authentication credential; and redirecting, by the mobile device, the browser application to the server computing device to complete transfer of the first authenticated session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for transferring an authenticated session between security contexts, the system comprising a mobile computing device configured to:
-
establish a first authenticated session between a native application and a server computing device via a communications network; request transfer of the first authenticated session to a browser application on the mobile device; receive session transfer parameters from a first Security Assertion Markup Language (SAML) authentication system associated with the first authenticated session after transfer is requested, the session transfer parameters including a web address and a SAML security identifier; direct the browser application to a second SAML authentication system using the session transfer parameters to initialize the browser application; validate the SAML security identifier at the second SAML authentication system to generate an authentication credential for the mobile device, comprising establishing a connection to the first SAML authentication system; receiving a SAML identity from the first SAML authentication system; requesting resolution of the SAML security identifier from the first SAML authentication system based upon the SAML identity; translating the received SAML identity into an internal identity associated with the server computing device; and generating the authentication credential based upon the internal identity; authenticate the browser application to the server computing device using the generated authentication credential; and redirect the browser application to the server computing device to complete transfer of the first authenticated session. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product, tangibly embodied in a non-transitory computer readable storage device, for transferring an authenticated session between security contexts, the computer program product including instructions operable to cause a mobile computing device to:
-
establish a first authenticated session between a native application and a server computing device via a communications network; request transfer of the first authenticated session to a browser application on the mobile device; receive session transfer parameters from a first Security Assertion Markup Language (SAML) authentication system associated with the first authenticated session after transfer is requested, the session transfer parameters including a web address and a SAML security identifier; direct the browser application to a second SAML authentication system using the session transfer parameters to initialize the browser application; validate the SAML security identifier at the second SAML authentication system to generate an authentication credential for the mobile device, comprising establishing a connection to the first SAML authentication system; receiving a SAML identity from the first SAML authentication system; requesting resolution of the SAML security identifier from the first SAML authentication system based upon the SAML identity; translating the received SAML identity into an internal identity associated with the server computing device; and generating the authentication credential based upon the internal identity; authenticate the browser application to the server computing device using the generated authentication credential; and redirect the browser application to the server computing device to complete transfer of the first authenticated session.
-
Specification