Passporting credentials between a mobile app and a web browser

US 9,438,588 B2
Filed: 10/31/2014
Issued: 09/06/2016
Est. Priority Date: 06/17/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a client device in communication via a network with a server and a common gateway interface;

a native app executing on one or more hardware processors of the client device to receive a device session token from the server for authenticating a device session between the native app and the server, the device session token including credentials authenticating a user for a device session between the server and the native app executing on the client device; and

an embedded web browser executing on one or more hardware processors of the client device, wherein;

the native app invokes the embedded web browser and the native app passes the device session token to the embedded web browser for authentication of a web session between the embedded web browser and the common gateway interface that continues the device session authentication without requiring additional authentication; and

the embedded web browser passes the device session token to the common gateway interface and receives from the common gateway interface a web flow authorization token, converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device, for authenticating the web session as a continuation of the device session authenticated by the device session token so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider'"'"'s core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure.

Citations

20 Claims

1. A system comprising:
- a client device in communication via a network with a server and a common gateway interface;
  
  a native app executing on one or more hardware processors of the client device to receive a device session token from the server for authenticating a device session between the native app and the server, the device session token including credentials authenticating a user for a device session between the server and the native app executing on the client device; and
  
  an embedded web browser executing on one or more hardware processors of the client device, wherein;
  
  the native app invokes the embedded web browser and the native app passes the device session token to the embedded web browser for authentication of a web session between the embedded web browser and the common gateway interface that continues the device session authentication without requiring additional authentication; and
  
  the embedded web browser passes the device session token to the common gateway interface and receives from the common gateway interface a web flow authorization token, converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device, for authenticating the web session as a continuation of the device session authenticated by the device session token so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the device session token remains valid for returning a flow of execution to the native app from the embedded web browser to continue the device session between the native app and the server from the web session between the embedded web browser and the common gateway interface.
  - 3. The system of claim 1, wherein the native app refreshes the device session token based on communication back from the embedded web browser during the web session to the native app.
  - 4. The system of claim 1, wherein the native app monitors one or more uniform resource locators (URL) requested by the embedded web browser and keeps the device session between the native app and the server active so long as the web session is active.
  - 5. The system of claim 1, wherein:
    - the native app monitors one or more uniform resource locators (URL) requested by the embedded web browser; and
      
      the native app calls an appropriate process, in response to the embedded web browser requesting a new URL, to ensure the device session token remains current while the web session is active.
  - 6. The system of claim 1, wherein communication back from the authenticated web session continuation of the device session to the device session is implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser.
  - 7. The system of claim 1, wherein:
    - communication back from the authenticated web session continuation of the device session to the device session is implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser; and
      
      the authenticated web session continuation of the device session signals an error condition event to the native app by requesting a pre-defined URL.
  - 8. The system of claim 1, wherein:
    - communication back from the authenticated web session continuation of the device session to the device session is implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser; and
      
      the authenticated web session continuation of the device session refreshes the device session token for the native app by requesting a pre-defined URL.

9. A system comprising:
- a server executing on one or more of a plurality of hardware processors for communication with a client device via a network,the server receiving login credentials for a user from the client device for a device session between the server and a native app executing on the client device, andthe server returning a device session token including credentials authenticating the user for the device session between the server and the native app;
  
  a database in communication with the server and to which the sever has access;
  
  a common gateway interface (CGI) executing on one or more of the plurality of hardware processors for communication with the client device via the network,the CGI having access to the database,the CGI receiving the device session token from an embedded browser executing, on the client device, a web flow session between the embedded browser and the CGI;
  
  the CGI accessing the database according to the device session token received from the client device and the credentials to retrieve a stored session data, including an authorization object;
  
  the CGI determining, based on the device session token received from the client device, the credentials, the stored session data, and the authorization object, whether the device session is active or the device session has expired; and
  
  the CGI converting, based on determining the device session is active, the authorization object to a web flow session authorization token to be transmitted to the embedded browser to authenticate the web flow session between the embedded browser and the CGI to continue the device session between the server and the native app with the user already logged in.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, further comprising:
    - based on determining the device session has expired, the CGI directs the web flow session between the embedded browser and the CGI to dispatch the user into a web login sub-flow.
  - 11. The system of claim 9, wherein:
    - the device session token provides a CGI parameter that includes information for the CGI to find a correct flow entry point for a desired web flow to be continued from a point in the execution of the native app executing on the client device.
  - 12. The system of claim 9, wherein the CGI converting the authorization object to a web flow session authorization token further comprises:
    - extracting the credentials from the authorization object to add to the web flow session authorization token.
  - 13. The system of claim 9, wherein the CGI converting the authorization object to a web flow session authorization token further comprises:
    - adding key information for accessing the database to find information associated with the device session between the server and the native app.

14. A method comprising:
- receiving a device session token by a client device from a server in communication via a network with the client device, the device session token authenticating a device session between the server and a native app executing on the client device, the device session token including credentials authenticating a user for the device session between the server and the native app executing on the client device;
  
  invoking an embedded web browser, by the native app, to execute on the client device;
  
  passing by the native app the device session token to the embedded web browser for authentication of a web session that continues the device session with the device session authentication and without requiring additional authentication for the web session between the embedded web browser and a common gateway interface in communication via the network with the client device;
  
  passing the device session token by the embedded web browser executing on the client device via the network to the common gateway interface;
  
  receiving from the common gateway interface a web flow authorization token converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device;
  
  authenticating the web session as a continuation of the device session authenticated by the device session token; and
  
  communicating back from the web session to the native app so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, further comprising refreshing the device session token based on the communicating back from the embedded web browser during the web session to the native app.
  - 16. The method of claim 14, wherein the communicating back further comprises the native app monitoring uniform resource locators (URL) requested by the embedded web browser.
  - 17. The method of claim 14, further comprising the native app calling an appropriate process, in response to the embedded web browser requesting a new URL, to ensure the device session token remains current while the web session is active.
  - 18. The method of claim 14, wherein:
    - the communicating back further comprises the native app monitoring uniform resource locators (URL) requested by the embedded web browser; and
      
      the authenticated web session continuation of the device session signals an error condition event to the native app by requesting a pre-defined URL.
  - 19. The method of claim 14, wherein:
    - the communicating back further comprises the native app monitoring uniform resource locators (URL) requested by the embedded web browser; and
      
      the authenticated web session continuation of the device session refreshes the device session token for the native app by requesting a pre-defined URL.

20. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform a operations comprising:
- receiving a device session token by the mobile device from a server in communication via a network with the mobile device, the device session token authenticating a device session between the server and a native app executing on the mobile device, the device session token including credentials authenticating a user for the device session between the server and the native app executing on the mobile device;
  
  invoking an embedded web browser, by the native app, to execute on the mobile device;
  
  passing by the native app the device session token to the embedded web browser for authentication of a web session that continues the device session with the device session authentication and without requiring additional authentication for the web session between the embedded web browser and a common gateway interface in communication via the network with the mobile device;
  
  passing the device session token by the embedded web browser executing on the mobile device via the network to the common gateway interface;
  
  receiving from the common gateway interface a web flow authorization token converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the mobile device;
  
  authenticating the web session as a continuation of the device session authenticated by the device session token; and
  
  communicating back from the web session to the native app so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Yefimov, Igor, Atwood, Scott
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US14/530,329
Publication Number

US 20150058965A1
Time in Patent Office

676 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 67/00   Network arrangements or pro...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/04   specially adapted for termi...

H04L 67/146   Markers for unambiguous ide...

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

H04W 12/062   Pre-authentication

H04W 4/00   Services specially adapted ...

Passporting credentials between a mobile app and a web browser

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Passporting credentials between a mobile app and a web browser

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links