Proxy bypass login for applications on mobile devices

US 9,578,011 B2
Filed: 08/31/2015
Issued: 02/21/2017
Est. Priority Date: 03/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

authenticating, at a system, a user of a mobile device;

receiving, at the system via an intermediate server, a first request from the mobile device to install a software application on the mobile device;

transmitting, from the system via the intermediate server, data to the mobile device comprising the software application and a first secure ID, wherein the first secure ID indicates to the intermediate server that the user has been authenticated to the system;

receiving, at the system via the intermediate server, a second request from the mobile device to authorize the software application, the second request comprising a second secure ID, wherein the first secure ID is encrypted to generate the second secure ID, the first secure ID being previously transmitted with the software application to the mobile device;

decrypting, at the system, the second secure ID;

evaluating, at the system, the second secure ID for validity; and

transmitting, from the system via the intermediate server, a response to the mobile device in accordance with the evaluation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an intermediate server receives a request with a secure ID to authorize a software application, transmits the secure ID to a system, receives an access token from the system indicating that the software application has been authorized, evaluates the access token for validity, and transmits a response to the mobile device indicating the software application is authorized.

Citations

19 Claims

1. A method comprising:
- authenticating, at a system, a user of a mobile device;
  
  receiving, at the system via an intermediate server, a first request from the mobile device to install a software application on the mobile device;
  
  transmitting, from the system via the intermediate server, data to the mobile device comprising the software application and a first secure ID, wherein the first secure ID indicates to the intermediate server that the user has been authenticated to the system;
  
  receiving, at the system via the intermediate server, a second request from the mobile device to authorize the software application, the second request comprising a second secure ID, wherein the first secure ID is encrypted to generate the second secure ID, the first secure ID being previously transmitted with the software application to the mobile device;
  
  decrypting, at the system, the second secure ID;
  
  evaluating, at the system, the second secure ID for validity; and
  
  transmitting, from the system via the intermediate server, a response to the mobile device in accordance with the evaluation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein:
    - the second secure ID is evaluated as invalid; and
      
      the response comprises a third request to the mobile device to authenticate the user of the mobile device.
  - 3. The method of claim 1, wherein:
    - the second secure ID is evaluated as valid; and
      
      the response comprises an access token, wherein the access token indicates the software application has been authorized by the system.
  - 4. The method of claim 3, wherein the access token authorizes the software application to access social-networking data from the system.
  - 5. The method of claim 1, wherein evaluating the second secure ID for validity comprises determining that the second secure ID is based on the first secure ID.
  - 6. The method of claim 1, wherein evaluating the second secure ID for validity comprises determining that the second secure ID substantially matches the first secure ID.
  - 7. The method of claim 1, wherein the second secure ID comprises a timestamp, and wherein the timestamp is based on the time when the data was transmitted to the mobile device.
  - 8. The method of claim 7, the method further comprising:
    - determining, at the system, that the timestamp is older than a threshold period of time; and
      
      indicating, at the system via the intermediate server, that the second secure ID is not valid.
  - 9. The method of claim 8, wherein the threshold period of time is 24 hours.
  - 10. The method of claim 7, the method further comprising:
    - determining, at the system, that the timestamp is not older than a threshold period of time; and
      
      indicating, at the system via the intermediate system, that the second secure ID is valid.
  - 11. The method of claim 10, wherein the threshold period of time is 24 hours.
  - 12. The method of claim 1, wherein the user is associated with a social-networking system.
  - 13. The method of claim 1, wherein one or more of the first secure ID and the second secure ID is encrypted.
  - 14. The method of claim 1, wherein the second secure ID comprises information indicating that the user of the mobile device is authenticated.
  - 15. The method of claim 1, further comprising:
    - generating, at the system, a session in response to the first request, the session comprising the first secure ID; and
      
      storing, at the system, the session.
  - 16. The method of claim 15, further comprising:
    - accessing, at the system via the intermediate server, the first secure ID from the stored session; and
      
      wherein evaluating the second secure ID for validity comprises determining that the second secure ID substantially matches the first secure ID from the stored session.
  - 17. The method of claim 16, wherein the session is an application programming interface (API) session.

18. An apparatus comprising:
- one or more processors; and
  
  a memory coupled to the processors comprising instructions executable by the processors, the processors operable when executing the instructions to;
  
  authenticate, at a system, a user of a mobile device;
  
  receive, at the system via an intermediate server, a first request from the mobile device to install a software application on the mobile device;
  
  transmit, from the system via the intermediate server, data to the mobile device comprising the software application and a first secure ID, wherein the first secure ID indicates to the intermediate server that the user has been authenticated to the system;
  
  receive, at the system via the intermediate server, a second request from the mobile device to authorize the software application, the second request comprising a second secure ID, wherein the first secure ID is encrypted to generate the second secure ID, the first secure ID being previously transmitted with the software application to the mobile device;
  
  decrypt, at the system, the second secure ID;
  
  evaluate, at the system, the second secure ID for validity; and
  
  transmit, from the system via the intermediate server, a response to the mobile device in accordance with the evaluation.

19. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- authenticate, at a system, a user of a mobile device;
  
  receive, at the system via an intermediate server, a first request from the mobile device to install a software application on the mobile device;
  
  transmit, from the system via the intermediate server, data to the mobile device comprising the software application and a first secure ID, wherein the first secure ID indicates to the intermediate server that the user has been authenticated to the system;
  
  receive, at the system via the intermediate server, a second request from the mobile device to authorize the software application, the second request comprising a second secure ID, wherein the first secure ID is encrypted to generate the second secure ID, the first secure ID being previously transmitted with the software application to the mobile device;
  
  decrypt, at the system, the second secure ID;
  
  evaluate, at the system, the second secure ID for validity; and
  
  transmit, from the system via the intermediate server, a response to the mobile device in accordance with the evaluation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Alison, Thomas, Berdichevsky, Micha, Eldar, Bosmat Mazal, Pandit, Shashank
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/841,393
Publication Number

US 20150373009A1
Time in Patent Office

540 Days
Field of Search

726/1, 726/4, 726/26, 726/30, 455/466
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 67/01   Protocols

H04L 67/146   Markers for unambiguous ide...

H04L 67/306   User profiles

H04L 67/56   Provisioning of proxy servi...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 4/21   for social networking appli...

Proxy bypass login for applications on mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy bypass login for applications on mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links