System and method for controlling access

US 9,419,963 B2
Filed: 07/02/2014
Issued: 08/16/2016
Est. Priority Date: 07/02/2013
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a target system, comprising:

at an access device including a hardware processor, receiving a first request over a network from a user device in a first communication session, the first request comprising a request on behalf of a first application on the user device to access a platform, the first request including a device identifier uniquely identifying the user device;

the access device authenticating a user of the user device using a user credential associated with the user;

the access device storing the device identifier in association with a login identifier in response to authentication of the user;

the access device receiving a second request from the user device over the network in a second communication session, the second request comprising a request on behalf of a second application on the user device to access the platform, the second request in the second communication session including the device identifier;

the access device determining that the user has previously authenticated based on a match between the device identifier received in the second request in the second communication session and the device identifier stored in association with the login identifier; and

the access device allowing the second application to access to the platform based on the determination that the user previously authenticated, without requiring a separate user credential verification for the second application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for controlling access to multiple applications on a computing device are provided. One embodiment of a system includes an access device configured to: receive a request to access a first application and a device identifier; authenticate the user using a user credential associated with the user and store the device identifier in association with a login identifier in response to authentication of the user. The access device can be further configured to receive a request to access a second application and the device identifier. The access device can allow access to the second application based on the previous authentication of the user.

6 Citations

View as Search Results

25 Claims

1. A method for controlling access to a target system, comprising:
- at an access device including a hardware processor, receiving a first request over a network from a user device in a first communication session, the first request comprising a request on behalf of a first application on the user device to access a platform, the first request including a device identifier uniquely identifying the user device;
  
  the access device authenticating a user of the user device using a user credential associated with the user;
  
  the access device storing the device identifier in association with a login identifier in response to authentication of the user;
  
  the access device receiving a second request from the user device over the network in a second communication session, the second request comprising a request on behalf of a second application on the user device to access the platform, the second request in the second communication session including the device identifier;
  
  the access device determining that the user has previously authenticated based on a match between the device identifier received in the second request in the second communication session and the device identifier stored in association with the login identifier; and
  
  the access device allowing the second application to access to the platform based on the determination that the user previously authenticated, without requiring a separate user credential verification for the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method in accordance with claim 1, further comprising the access device sending a user credential request and the login identifier to the first application in response to the first request and receiving a response including a user credential and the login identifier from the first application.
  - 3. A method in accordance with claim 2, further comprising the first application on the user device using the login identifier in subsequent accesses to the platform to access application data associated with the first application.
  - 4. A method in accordance with claim 1, further comprising:
    - the access device sending the login identifier to the second application in response to determining that the user previously authenticated; and
      
      the second application on the user device using the login identifier in subsequent accesses to the platform to access application data associated with the second application.
  - 5. A method in accordance with claim 1, wherein allowing the second application to access to the platform comprises the access device logging in to the platform on behalf of the second application.
  - 6. A method in accordance with claim 1, wherein the first application and second application are independent applications.
  - 7. A method in accordance with claim 1, further comprising expiring the login identifier.
  - 8. A method in accordance to claim 1, wherein the platform includes an enterprise system comprising at least one enterprise application and accessing enterprise data, the access device enabling access to the enterprise system based on enterprise security criteria and/or data policies.

9. A system for controlling access to a target system, comprising:
- an access device in communication with a platform, the access device including a hardware processor and configured to;
  
  receive a first request from a user device in a first communication session, the first request comprising a request to access the platform on behalf of a first application on the user device, the first request including a device identifier that uniquely identifies the user device;
  
  authenticate a user of the user device using a user credential associated with the user;
  
  store the device identifier in association with a login identifier in response to authentication of the user;
  
  receive a second request from the user device in a second communication session, the second request comprising a request to access the platform on behalf of a second application on the user device, the second request including the device identifier; and
  
  compare the device identifier stored in association with the login identifier and the device identifier received in the second request in the second communication session and, in response to determining a match exists, allow access to the platform on behalf of the second application without a separate credential verification for the second application.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. A system in accordance with claim 9, wherein the access device is configured to send a user credential request and the login identifier to the first application in response to the first request and receive a response including the user credential and the login identifier from the first application.
  - 11. A system in accordance with claim 9, wherein the access device is configured to send the login identifier to the second application in response to determining that the user previously authenticated.
  - 12. A system in accordance with claim 9, further comprising the user device coupled to the access device by the network, wherein the first application and second application are independent applications on the user device.
  - 13. A system in accordance with claim 12, wherein the first application is configured to receive the login identifier from the access device and use the login identifier in subsequent accesses to the platform to access application data associated with the first application.
  - 14. A system in accordance with claim 12, wherein the second application is configured to receive the login identifier from the access device and use the login identifier in subsequent accesses to the platform to access application data associated with the second application.
  - 15. A system in accordance with claim 9, wherein the access device is configured to log in to the platform on behalf of the second application.
  - 16. A system in accordance with claim 9, wherein the access device is configured to expire the login identifier.
  - 17. A system in accordance with claim 9, wherein the platform includes an enterprise system comprising at least one enterprise application configured to access enterprise data and the access device is configured to enable access to the enterprise system based on enterprise security criteria and/or data policies.

18. A computer program product comprising a non-transitory computer readable medium storing a set of computer instructions executable by a processor to perform a method comprising:
- receiving a first request over a network from a user device in a first communication session, the first request comprising a request on behalf of a first application on the user device to access a platform, the first request including a device identifier that uniquely identifies the user device;
  
  authenticating a user of the user device using a user credential associated with the user;
  
  storing the device identifier in association with a login identifier in response to authentication of the user;
  
  receiving a second request from the user device over the network in a second communication session, the second request comprising a request on behalf of a second application on the user device to access the platform, the second request including the device identifier;
  
  determining that the user has previously authenticated based on a match between the device identifier received in the second request in the second communication session and the device identifier stored in association with the login identifier; and
  
  allowing the second application to access to the platform based on the determination that the user previously authenticated, without requiring a separate user credential verification for the second application.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. A computer program product in accordance with claim 18, wherein the method further comprises sending a user credential request and the login identifier to the first application in response to the first request and receiving a response from the first application including the user credential and the login identifier.
  - 20. A computer program product in accordance with claim 18, wherein the method further comprises sending the login identifier to the second application in response to determining that the user previously authenticated.
  - 21. A computer program product in accordance with claim 18, wherein allowing the second application to access to the platform comprises logging in to the platform on behalf of the second application.
  - 22. A computer program product in accordance with claim 18, wherein the first application and second application are independent applications.
  - 23. A computer program product in accordance with claim 18, wherein the device identifier is based at least in part on an identifier unique to the user device.
  - 24. A computer program product in accordance with claim 18, further comprising expiring the login identifier.
  - 25. A computer program product in accordance with claim 18, wherein the platform includes an enterprise system comprising at least one enterprise application configured to access enterprise data and the method further comprises enabling access to the enterprise system based on enterprise security criteria and/or data policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ip Ot Sub Ulc
Original Assignee
Open TEXT SA (Open Text Corporation)
Inventors
Copsey, Simon Dominic
Primary Examiner(s)
Rahim, Monjour

Application Number

US14/322,614
Publication Number

US 20150012990A1
Time in Patent Office

776 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

H04L 47/803   Application aware

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

System and method for controlling access

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling access

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links