Cross-native application authentication application

US 9,374,361 B2
Filed: 07/03/2014
Issued: 06/21/2016
Est. Priority Date: 07/03/2014
Status: Active Grant

First Claim

Patent Images

1. A user device, comprising:

a memory to store;

first authentication information,the first authentication information being used to grant access to a resource associated with a first application, andconfiguration information relating to a second application,the second application being different than the first application,the first application and the second application operating on the user device; and

one or more processors to;

receive an authentication request, from the second application, requesting second authentication information,determine, based on the authentication request, that the memory stores the configuration information relating to the second application,determine, based on the configuration information, that the first authentication information includes a first portion of the second authentication information and does not include a second portion of the second authentication information,provide, to a server device and based on determining that the first authentication information does not include the second portion of the second authentication information, a request for the second portion of the second authentication information,receive, from the server device and based on the request, the second portion of the second authentication information,store the second portion of the second authentication information in the memory,generate an authentication response, to the authentication request, using the first authentication information and the second portion of the second authentication information, andsend the authentication response, to the second application, to permit access to a resource associated with the second application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user device stores first authentication information used to grant access to a resource associated with a first application, and configuration information relating to a second application. The user device receives an authentication request from the second application requesting second authentication information. Based on the configuration information relating to the second application, the user device determines whether the first authentication information contains some or all of the requested second authentication information. The user device generates an authentication response to the authentication request, using the first authentication information, and sends the authentication response to the second application in order to permit access to a resource associated with the second application.

16 Citations

View as Search Results

20 Claims

1. A user device, comprising:
- a memory to store;
  
  first authentication information,the first authentication information being used to grant access to a resource associated with a first application, andconfiguration information relating to a second application,the second application being different than the first application,the first application and the second application operating on the user device; and
  
  one or more processors to;
  
  receive an authentication request, from the second application, requesting second authentication information,determine, based on the authentication request, that the memory stores the configuration information relating to the second application,determine, based on the configuration information, that the first authentication information includes a first portion of the second authentication information and does not include a second portion of the second authentication information,provide, to a server device and based on determining that the first authentication information does not include the second portion of the second authentication information, a request for the second portion of the second authentication information,receive, from the server device and based on the request, the second portion of the second authentication information,store the second portion of the second authentication information in the memory,generate an authentication response, to the authentication request, using the first authentication information and the second portion of the second authentication information, andsend the authentication response, to the second application, to permit access to a resource associated with the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The user device of claim 1, where the one of more processors are further to:
    - send a configuration request to a configuration server,receive, based on the configuration request, a configuration response from the configuration server, andupdate, based on the configuration response, the configuration information.
  - 3. The user device of claim 2, where the one of more processors are further to:
    - encrypt the configuration request sent to the configuration server, anddecrypt the configuration response received from the configuration server.
  - 4. The user device of claim 1, where the configuration information stored in the memory further includes:
    - expiration information for the first authentication information; and
      
      the one or more processors are further to;
      
      determine whether some or all of the first authentication information is expired based on the expiration information, andsend a server authentication request to an authentication server based on determining that some or all of the first authentication information is expired.
  - 5. The user device of claim 1, where the memory is further to store:
    - user credential information; and
      
      the one or more processors are further to;
      
      send a server authentication request, based on the user credential information and the authentication request, to an authentication server.
  - 6. The user device of claim 1, where the configuration information stored in the memory includes:
    - at least one of a white-list or a black-list; and
      
      the one or more processors, when determining that the memory stores the configuration information relating to the second application, are to;
      
      determine at least one of;
      
      that the second application is identified in the white-list, orthat the second application is not identified in the black-list.
  - 7. The user device of claim 1, where the one or more processors are further to:
    - encrypt the authentication response, using a key included with the authentication request, before sending the authentication response.

8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- a plurality of instructions that, when executed by a processor of a device, cause the processor to;
  
  store, in the device, first authentication information that is used to grant access to a resource associated with a first application;
  
  store, in the device, configuration information relating to a second application,the second application being different than the first application;
  
  receive an authentication request, from the second application, requesting second authentication information;
  
  determine, based on the authentication request, that the device stores the configuration information relating to the second application;
  
  determine, based on the configuration information, that the first authentication information includes a first portion of the second authentication information and does not include a second portion of the second authentication information,the second authentication information being used to grant access to a resource associated with the second application;
  
  provide, to a server device and based on determining that the first authentication information does not include the second portion of the second authentication information, a request for the second portion of the second authentication information;
  
  receive, from the server device and based on the request, the second portion of the second authentication information;
  
  generate an authentication response, to the authentication request, using the first authentication information and the second portion of the second authentication information; and
  
  send the authentication response, to the second application, to permit access to the resource associated with the second application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, cause the processor, when sending the authentication response, to:
    - send the authentication response via one or more deep-links.
  - 10. The non-transitory computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, cause the processor, when sending the authentication response, to:
    - send the authentication response via one or more application extensions.
  - 11. The non-transitory computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, cause the processor, when sending the authentication response, to:
    - send the authentication response by storing the authentication response in one or more locations in a memory accessible to the second application.
  - 12. The non-transitory computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor to:
    - determine, based on the configuration information, whether the second authentication information does not relate to the first authentication information, andbased on determining that the second authentication information does not relate to the first authentication information;
      
      obtain user credential information,send, based on the authentication request and the user credential information, a server authentication request, to an authentication server, requesting some or all of the first authentication information not contained in the second authentication information,receive, based on the server authentication request, a server authentication response, from the authentication server, including some or all of the first authentication information requested in the server authentication request,update the second authentication information, as updated authentication information, to include the first authentication information received in the server authentication response,update the configuration information using the updated authentication information, andgenerate the authentication response based on the updated authentication information.
  - 13. The non-transitory computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, cause the processor, when sending the authentication response to the first application, to:
    - set an expiration for the authentication response that is sooner than an expiration for the second authentication information.
  - 14. The non-transitory computer-readable medium of claim 8, where the plurality of instructions, which when executed by the processor, further cause the processor to:
    - verify, based on cryptographic information contained in the authentication request, an identity of the first application,identify, based on the verified identity, the configuration information relating to the first application, andidentify, based on the identified configuration information, the first authentication information requested by the authentication request.

15. A method, comprising:
- storing, by a device, first authentication information that is used to grant access to a resource associated with a first application;
  
  storing, by the device, configuration information relating to a second application,the second application being different than the first application,the first application and the second application operating on the device;
  
  receiving, by the device, an authentication request from the second application,the authentication request requesting second authentication information and corresponding to a request for access to a resource associated with the second application;
  
  determining, by the device and based on the authentication request, that the device stores the configuration information relating to the second application;
  
  determining, by the device and based on the configuration information, that the first authentication information includes a first portion of the second authentication information and does not include a second portion of the second authentication information,the second authentication information being used by the second application to access to the resource associated with the second application;
  
  providing, by the device, to a server device, and based on determining that the first authentication information does not include the second portion of the second authentication information, a request for the second portion of the second authentication information;
  
  receiving, by the device, from the server device, and based on the request, the second portion of the second authentication information;
  
  generating, by the device, an authentication response, to the authentication request, using the first authentication information and the second portion of the second authentication information; and
  
  sending, by the device, the authentication response, to the second application, to permit access to the resource associated with the second application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - generating, based on the authentication request, a server authentication request;
      
      encrypting the server authentication request;
      
      sending the encrypted server authentication request to the server device;
      
      receiving, based on the encrypted server authentication request, an encrypted server authentication response, from the server device;
      
      decrypting the encrypted server authentication response; and
      
      generating, based on the decrypted server authentication response, the authentication response.
  - 17. The method of claim 16, where generating the server authentication request corresponds to the request for the second portion of the second authentication information.
  - 18. The method of claim 15, further comprising:
    - updating the configuration information according to an update schedule.
  - 19. The method of claim 15, further comprising:
    - updating the configuration information based on receiving the authentication request.
  - 20. The method of claim 15, further comprising:
    - determining, based on permission information for the second authentication information and the configuration information, whether the second application is permitted to receive some or all of the first authentication information; and
      
      generating the authentication response, to the authentication request, based on some or all of the first authentication information that the second application is permitted to receive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Xiao, Bo, Khalil, Manah M., Lamison, Michael R., Abou-Khamis, Omar A.
Primary Examiner(s)
Rahim, Monjour

Application Number

US14/323,403
Publication Number

US 20160006719A1
Time in Patent Office

719 Days
Field of Search

726/8
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/101   Access control lists [ACL]

Cross-native application authentication application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cross-native application authentication application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links