Single sign-on processing for associated mobile applications

US 9,641,498 B2
Filed: 03/07/2013
Issued: 05/02/2017
Est. Priority Date: 03/07/2013
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media storing a first mobile application and a second mobile application, together comprising computer-executable instructions that, responsive to execution by at least one processor, configure the at least one processor to perform operations comprising:

presenting, by a mobile computing device to a user of the mobile computing device, a first user interface associated with the first mobile application comprising a first information presentation identifying one or more mobile applications associated with the first mobile application, wherein (a) the first mobile application is associated with a first server application, (b) the one or more mobile applications comprise the second mobile application, (c) the first information presentation indicates the second mobile application has been downloaded but not integrated to enable single sign-on processing, and (d) the second mobile application is associated with a second server application;

responsive to presenting the first user interface, receiving, by the mobile computing device, a request on behalf of the user to launch the second mobile application;

responsive to receiving the request on behalf of the user to launch the second mobile application, determining, by the mobile computing device, that the second mobile application is not integrated to enable single sign-on processing;

responsive to determining that the second mobile application is not integrated to enable single sign-on processing, launching, by the mobile computing device, the second mobile application without a parameter indicating that the second mobile application was launched from the first mobile application;

obtaining, by the mobile computing device, authentication credentials associated with the user for the second server application;

generating, by the mobile computing device, a request to establish a session with the second server application on behalf of the user, wherein the request to establish a session with the second server application on behalf of the user comprises the authentication credentials;

transmitting, by the mobile computing device, the request to establish a session with the second server application on behalf of the user to an application linking server;

receiving, by the mobile computing device and from the application linking server, a response to the request to establish a session with the second server application on behalf of the user, wherein the response comprises (a) a second server application session token indicating an established session with the second server application on behalf of the user, (b) an application linking server session token, and (c) application association information related to a set of associated mobile applications; and

presenting, by the mobile computing device to the user of the mobile computing device based at least in part on information extracted from the response, a second user interface associated with the first mobile application and comprising a second information presentation identifying the one or mobile applications associated with the first mobile application, wherein the second information presentation indicates the second mobile application has been downloaded and integrated to enable single sign-on processing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.

Citations

30 Claims

1. One or more non-transitory computer-readable media storing a first mobile application and a second mobile application, together comprising computer-executable instructions that, responsive to execution by at least one processor, configure the at least one processor to perform operations comprising:
- presenting, by a mobile computing device to a user of the mobile computing device, a first user interface associated with the first mobile application comprising a first information presentation identifying one or more mobile applications associated with the first mobile application, wherein (a) the first mobile application is associated with a first server application, (b) the one or more mobile applications comprise the second mobile application, (c) the first information presentation indicates the second mobile application has been downloaded but not integrated to enable single sign-on processing, and (d) the second mobile application is associated with a second server application;
  
  responsive to presenting the first user interface, receiving, by the mobile computing device, a request on behalf of the user to launch the second mobile application;
  
  responsive to receiving the request on behalf of the user to launch the second mobile application, determining, by the mobile computing device, that the second mobile application is not integrated to enable single sign-on processing;
  
  responsive to determining that the second mobile application is not integrated to enable single sign-on processing, launching, by the mobile computing device, the second mobile application without a parameter indicating that the second mobile application was launched from the first mobile application;
  
  obtaining, by the mobile computing device, authentication credentials associated with the user for the second server application;
  
  generating, by the mobile computing device, a request to establish a session with the second server application on behalf of the user, wherein the request to establish a session with the second server application on behalf of the user comprises the authentication credentials;
  
  transmitting, by the mobile computing device, the request to establish a session with the second server application on behalf of the user to an application linking server;
  
  receiving, by the mobile computing device and from the application linking server, a response to the request to establish a session with the second server application on behalf of the user, wherein the response comprises (a) a second server application session token indicating an established session with the second server application on behalf of the user, (b) an application linking server session token, and (c) application association information related to a set of associated mobile applications; and
  
  presenting, by the mobile computing device to the user of the mobile computing device based at least in part on information extracted from the response, a second user interface associated with the first mobile application and comprising a second information presentation identifying the one or mobile applications associated with the first mobile application, wherein the second information presentation indicates the second mobile application has been downloaded and integrated to enable single sign-on processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The one or more computer-readable media of claim 1, wherein presenting the first information presentation comprises generating the first information presentation based at least in part on data stored on the mobile computing device.
  - 3. The one or more computer-readable media of claim 2, wherein the operations further comprise:
    - determining, by the mobile computing device, based at least in part on the data stored on the mobile computing device, an integration status of the second mobile application, wherein (a) the integration status of the second mobile application status indicates that the second mobile application has been downloaded but not integrated to enable single sign-on processing, and (b) the first information presentation comprises the integration status of the second mobile application; and
      
      determining, by the mobile computing device, based at least in part on the data stored on the mobile computing device, an integration status of a third mobile application of the one or more mobile applications associated with the first mobile application, wherein (a) the integration status of a third mobile application indicates that the third mobile application has been downloaded and integrated to enable single sign-on processing, and (b) the first information presentation comprises the integration status of a third mobile application.
  - 4. The one or more computer-readable media of claim 1, wherein launching the second mobile application without a parameter enables the second application to receive the authentication credentials associated with the user for the second server application.
  - 5. The one or more computer-readable media of claim 1, wherein the operations further comprise:
    - determining, by the mobile computing device, that the second mobile application has been integrated to enable single sign-on processing; and
      
      generating, by the mobile computing device, the second information presentation based at least in part on the determining that the second mobile application has been integrated.
  - 6. The one or more computer-readable media of claim 1, wherein the one or more mobile applications are associated with the first mobile application based at least in part on one or more association criteria, the one or more association criteria comprising a same issuing entity being associated with the first mobile application and each of the one or more mobile applications.
  - 7. The one or more computer-readable media of claim 1, wherein the authentication credentials authenticate the user with the second server application.
  - 8. The one or more computer-readable media of claim 1, wherein the operations further comprise receiving, by the mobile computing device, the application association information associated with the one or more mobile applications, the application association information comprising a respective identifier associated with each of the one or more mobile applications.
  - 9. The one or more computer-readable media of claim 8, wherein the operations further comprise processing, by the mobile computing device, the application association information to generate the first information presentation.
  - 10. The one or more computer-readable media of claim 1, wherein (a) the first server application is executing on a first back-end system and the second server application is executing on a second back-end system and (b) the request to establish a session with the second server application on behalf of the user comprises (i) an identifier of the first back-end system, (ii) a first server application session token indicating an established session with the first server application on behalf of the user, and (iii) an identifier of the second back-end system.
  - 11. The one or more computer-readable media of claim 1, wherein the first server application session token is stored in an encrypted portion of the data storage of the mobile computing device, the encrypted portion being accessible by the first mobile application and the second mobile application.
  - 12. The one or more computer-readable media of claim 1, wherein the operations further comprise providing, by the mobile computing device to the second mobile application, a parameter indicating that the second mobile application was launched by the user second interface associated with the first mobile application.
  - 13. The one or more computer-readable media of claim 1, wherein the operations further comprise overwriting the application linker server session token stored in the data storage of the mobile computing device with an updated application linker server session token.
  - 14. The one or more computer-readable media of claim 13, wherein at least one of the application linking server session token or the updated application linking server session token is associated with a time-to-live (TTL) value.
  - 15. The one or more computer-readable media of claim 1, wherein (a) the application linker server session token is associated with a time-to-live (TTL) value for the interaction session with the application linking system, and (b) the updated application linker server session token is associated with an updated TTL value.

16. An apparatus comprising at least one processor and at least one memory including program code, the at least one memory and the program code configured to, with the processor, cause the apparatus to at least:
- present, to a user of the apparatus, a first user interface associated with the first mobile application comprising a first information presentation identifying one or more mobile applications associated with the first mobile application, wherein (a) the first mobile application is associated with a first server application, (b) the one or more mobile applications comprise the second mobile application, (c) the first information presentation indicates the second mobile application has been downloaded but not integrated to enable single sign-on processing, and (d) the second mobile application is associated with a second server application;
  
  responsive to presenting the first user interface, receive a request on behalf of the user to launch the second mobile application;
  
  responsive to receiving the request on behalf of the user to launch the second mobile application, determine that the second mobile application is not integrated to enable single sign-on processing;
  
  responsive to determining that the second mobile application is not integrated to enable single sign-on processing, launch the second mobile application without a parameter indicating that the second mobile application was launched from the first mobile application;
  
  obtain authentication credentials associated with the user for the second server application;
  
  generate a request to establish a session with the second server application on behalf of the user, wherein the request to establish a session with the second server application on behalf of the user comprises the authentication credentials;
  
  transmit the request to establish a session with the second server application on behalf of the user to an application linking server;
  
  receive, from the application linking server, a response to the request to establish a session with the second server application on behalf of the user, wherein the response comprises (a) a second server application session token indicating an established session with the second server application on behalf of the user, (b) an application linking server session token, and (c) application association information related to a set of associated mobile applications; and
  
  present, to the user of the apparatus based at least in part on information extracted from the response, a second user interface associated with the first mobile application and comprising a second information presentation identifying the one or mobile applications associated with the first mobile application, wherein the second information presentation indicates the second mobile application has been downloaded and integrated to enable single sign-on processing.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The apparatus of claim 16, wherein presenting the first information presentation comprises generating the first information presentation based at least in part on data stored on the apparatus.
  - 18. The apparatus of claim 17, wherein the memory and program code are further configured to, with the processor, cause the apparatus to:
    - determine, based at least in part on the data stored on the apparatus, an integration status of the second mobile application, wherein (a) the integration status of the second mobile application status indicates that the second mobile application has been downloaded but not integrated to enable single sign-on processing, and (b) the first information presentation comprises the integration status of the second mobile application; and
      
      determining, based at least in part on the data stored on the apparatus, an integration status of a third mobile application of the one or more mobile applications associated with the first mobile application, wherein (a) the integration status of a third mobile application indicates that the third mobile application has been downloaded and integrated to enable single sign-on processing, and (b) the first information presentation comprises the integration status of a third mobile application.
  - 19. The apparatus of claim 16, wherein launching the second mobile application without a parameter enables the second application to receive the authentication credentials associated with the user for the second server application.
  - 20. The apparatus of claim 16, wherein the memory and program code are further configured to, with the processor, cause the apparatus to:
    - determine that the second mobile application has been integrated to enable single sign-on processing; and
      
      generate the second information presentation based at least in part on the determining that the second mobile application has been integrated.
  - 21. The apparatus of claim 16, wherein the one or more mobile applications are associated with the first mobile application based at least in part on one or more association criteria, the one or more association criteria comprising a same issuing entity being associated with the first mobile application and each of the one or more mobile applications.
  - 22. The apparatus of claim 16, wherein the authentication credentials authenticate the user with the second server application.
  - 23. The apparatus of claim 16, wherein the memory and program code are further configured to, with the processor, cause the apparatus to receive the application association information associated with the one or more mobile applications, the application association information comprising a respective identifier associated with each of the one or more mobile applications.
  - 24. The apparatus of claim 23, wherein the memory and program code are further configured to, with the processor, cause the apparatus to process the application association information to generate the first information presentation.
  - 25. The apparatus of claim 16, wherein (a) the first server application is executing on a first back-end system and the second server application is executing on a second back-end system and (b) the request to establish a session with the second server application on behalf of the user comprises (i) an identifier of the first back-end system, (ii) a first server application session token indicating an established session with the first server application on behalf of the user, and (iii) an identifier of the second back-end system.
  - 26. The apparatus of claim 16, wherein the first server application session token is stored in an encrypted portion of the data storage of the apparatus, the encrypted portion being accessible by the first mobile application and the second mobile application.
  - 27. The apparatus of claim 16, wherein the memory and program code are further configured to, with the processor, cause the apparatus to provide, to the second mobile application, a parameter indicating that the second mobile application was launched by the user second interface associated with the first mobile application.
  - 28. The apparatus of claim 16, wherein the memory and program code are further configured to, with the processor, cause the apparatus to overwrite the application linker server session token stored in the data storage of the apparatus with an updated application linker server session token.
  - 29. The apparatus of claim 18, wherein at least one of the application linking server session token or the updated application linking server session token is associated with a time-to-live (TTL) value.
  - 30. The apparatus of claim 16, wherein (a) the application linker server session token is associated with a time-to-live (TTL) value for the interaction session with the application linking system, and (b) the updated application linker server session token is associated with an updated TTL value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fiserv Incorporated
Original Assignee
Fiserv Incorporated
Inventors
Scavo, David Francis, Whiteside, Barbara Wilson
Primary Examiner(s)
Vostal, O. C.

Application Number

US13/788,420
Publication Number

US 20140259134A1
Time in Patent Office

1,517 Days
Field of Search

726 7, 726229, 726206, 726222
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 67/141   Setup of application sessio...

H04W 4/00   Services specially adapted ...

Single sign-on processing for associated mobile applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on processing for associated mobile applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links