Single sign-on processing for associated mobile applications

US 9,692,746 B2
Filed: 04/20/2015
Issued: 06/27/2017
Est. Priority Date: 03/07/2013
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media storing a first mobile application comprising computer-executable instructions that responsive to execution by at least one processor configure the at least one processor to perform operations comprising:

presenting, via a mobile device to a user of the mobile device, a user interface comprising an information presentation identifying one or more mobile applications associated with the first mobile application, wherein the one or more mobile applications comprise a second mobile application executable on the mobile device, the first mobile application is associated with a first server application, and a first session token indicative of a first active session between the first mobile application and the first server application is stored in data storage of the mobile device;

receiving an indication of user interaction with the information presentation corresponding to a request to launch the second mobile application;

determining that a second active session does not exist between the second mobile application and a second server application;

generating a token request to enable initiation of the second active session based at least in part on information associated with the first active session;

transmitting, to an application linking server, the token request;

receiving a token response from the application linking server, the token response comprising a second session token associated with the second active session;

storing the second session token in the data storage of the mobile device; and

launching the second mobile application, wherein launching the second mobile application comprises transmitting, to the second mobile application, a parameter indicating that the second mobile application was launched from the first mobile application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.

Citations

24 Claims

1. One or more non-transitory computer-readable media storing a first mobile application comprising computer-executable instructions that responsive to execution by at least one processor configure the at least one processor to perform operations comprising:
- presenting, via a mobile device to a user of the mobile device, a user interface comprising an information presentation identifying one or more mobile applications associated with the first mobile application, wherein the one or more mobile applications comprise a second mobile application executable on the mobile device, the first mobile application is associated with a first server application, and a first session token indicative of a first active session between the first mobile application and the first server application is stored in data storage of the mobile device;
  
  receiving an indication of user interaction with the information presentation corresponding to a request to launch the second mobile application;
  
  determining that a second active session does not exist between the second mobile application and a second server application;
  
  generating a token request to enable initiation of the second active session based at least in part on information associated with the first active session;
  
  transmitting, to an application linking server, the token request;
  
  receiving a token response from the application linking server, the token response comprising a second session token associated with the second active session;
  
  storing the second session token in the data storage of the mobile device; and
  
  launching the second mobile application, wherein launching the second mobile application comprises transmitting, to the second mobile application, a parameter indicating that the second mobile application was launched from the first mobile application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The one or more non-transitory computer-readable media of claim 1, wherein determining that the second active session does not exist comprises determining that the second session token is not stored in the data storage of the mobile device.
  - 3. The one or more non-transitory computer-readable media of claim 1, wherein the token request comprises at least one of i) the first session token, ii) a first identifier of a first back-end server on which the first server application is executing, iii) a second identifier of a second back-end server on which the second server application is executing, or iv) an application linking server session token indicative of a third active session between the first mobile application and the application linking server.
  - 4. The one or more non-transitory computer-readable media of claim 1, wherein the one or more applications are associated with the first application based at least in part on one or more association criteria, the one or more association criteria comprising a same issuing entity being associated with the first application and each of the one or more applications.
  - 5. The one or more non-transitory computer-readable media of claim 1, the operations further comprising prior to receiving the indication of user interaction with the information presentation indicative of a request to launch the second mobile application:
    - receiving, on behalf of the user, one or more authentication credentials associated with the user, the one or more authentication credentials authenticating the user with the first server application;
      
      generating an authentication request comprising the one or more authentication credentials;
      
      transmitting, to the application linking server, the authentication request;
      
      receiving, from the application linking server, an authentication response comprising the first session token; and
      
      storing the first session token in the data storage of the mobile device.
  - 6. The one or more non-transitory computer-readable media of claim 1, wherein the first session token and the second session token are each stored in an encrypted portion of the data storage of the mobile device, the encrypted portion being accessible by the first mobile application and the second mobile application.
  - 7. The one or more non-transitory computer-readable media of claim 1, wherein the token request comprises an application linking server session token indicative of a third active session between the first mobile application and the application linking server and the token response further comprises an updated application linking server session token indicative of the third active session, the operations further comprising:
    - overwriting the application linking server session token stored in the data storage of the mobile device with the updated application linking server session token.
  - 8. The one or more non-transitory computer-readable media of claim 7, wherein the application linking server session token is associated with a first time-to-live (TTL) value for the third active session and the updated application linking server session token is associated with an updated TTL value for the third active session.
  - 9. The one or more non-transitory computer-readable media of claim 1, the operations further comprising receiving application association information associated with the one or more mobile applications, the application association information comprising:
    - i) a respective identifier associated with each of the one or more mobile applications,ii) respective back-end identification information identifying a respective set of one or more back-end server applications associated with each of the one or more mobile applications, andiii) respective metadata associated with each of the one or more mobile applications.
  - 10. The one or more non-transitory computer-readable media of claim 9, the operations further comprising processing the application association information to generate the information presentation.
  - 11. The one or more non-transitory computer-readable media of claim 1, the token response further comprising application data associated with the second server application and the second mobile application, the operations further comprising at least one of:
    - providing, to the second mobile application, the application data as part of launching the second mobile application or storing the application data in a portion of the data storage accessible by the second mobile application.
  - 12. The one or more non-transitory computer-readable media of claim 1, the operations further comprising:
    - receiving, on behalf of the user, an indication of user interaction with the information presentation indicative of a request to launch a third mobile application;
      
      determining that the third mobile application is associated with at least one of;
      
      i) the first server application or ii) the second server application;
      
      determining, responsive to determining that the third mobile application is associated with the first server application, that the first active session exists based at least in part on the first session token or determining, responsive to determining that the third mobile application is associated with the second server application, that the second active session exists based at least in part on the second session token; and
      
      launching the third mobile application, wherein the third mobile application is configured to interact with the first server application using the first session token or with the second server application using the second session token.

13. One or more non-transitory computer-readable media storing a first mobile application comprising computer-executable instructions that responsive to execution by at least one processor configure the at least one processor to perform operations comprising:
- presenting, via a mobile device to a user of the mobile device, a user interface comprising an information presentation identifying one or more mobile applications associated with the first mobile application, wherein the one or more mobile applications comprise a second mobile application executable on the mobile device, the first mobile application is associated with a first server application, and a first session token indicative of a first active session between the first mobile application and the first server application is stored in data storage of the mobile device;
  
  receiving an indication of user interaction with the information presentation indicative of a request to launch the second mobile application;
  
  determining that a second session token indicative of a second active session between the second mobile application and a second server application is stored in the data storage on the mobile device, wherein the second session token was received by the first mobile application based at least in part on the presence of the first active session; and
  
  launching the second mobile application, wherein launching the second mobile application comprises transmitting, to the second mobile application, a parameter indicating that the second mobile application was launched from the first mobile application.
- View Dependent Claims (14, 15, 16)
- - 14. The one or more non-transitory computer-readable media of claim 13, the operations further comprising prior to receiving the indication of user interaction with the information presentation indicative of a request to launch the second mobile application:
    - receiving, on behalf of the user, one or more authentication credentials associated with the user, the one or more authentication credentials authenticating the user with the first server application;
      
      generating an authentication request comprising the one or more authentication credentials;
      
      transmitting, to the application linking server, the authentication request;
      
      receiving, from the application linking server, an authentication response comprising the first session token; and
      
      storing the first session token in the data storage of the mobile device.
  - 15. The one or more non-transitory computer-readable media of claim 13, wherein the token request further comprises an application linking server session token indicative of a third active session between the first mobile application and the application linking server and the token response further comprises an updated application linking server session token indicative of the third active session, the operations further comprising:
    - overwriting the application linking server session token stored in the data storage of the mobile device with the updated application linking server session token.
  - 16. The one or more non-transitory computer-readable media of claim 13, the operations further comprising:
    - receiving, on behalf of the user, an indication of user interaction with the information presentation indicative of a request to launch a third mobile application;
      
      determining that the third mobile application is associated with at least one of;
      
      i) the first server application or ii) the second server application;
      
      determining, responsive to determining that the third mobile application is associated with the first server application, that the first active session exists based at least in part on the first session token or determining, responsive to determining that the third mobile application is associated with the second server application, that the second active session exists based at least in part on the second session token; and
      
      launching the third mobile application, wherein the third mobile application is configured to interact with the first server application using the first session token or with the second server application using the second session token.

17. A method for execution by a mobile device, the method comprising:
- presenting, to a user of the mobile device, a user interface comprising an information presentation identifying one or more mobile applications associated with a first mobile application, wherein the one or more mobile applications comprise a second mobile application executable on the mobile device, the first mobile application is associated with a first server application, and a first session token indicative of a first active session between the first mobile application and the first server application is stored in data storage of the mobile device;
  
  receiving an indication of user interaction with the information presentation corresponding to a request to launch the second mobile application;
  
  determining that a second active session does not exist between the second mobile application and a second server application;
  
  generating a token request to enable initiation of the second active session based at least in part on information associated with the first active session;
  
  transmitting, to an application linking server, the token request;
  
  receiving a token response from the application linking server, the token response comprising a second session token associated with the second active session;
  
  storing the second session token in the data storage of the mobile device; and
  
  launching the second mobile application, wherein launching the second mobile application comprises transmitting, to the second mobile application, a parameter indicating that the second mobile application was launched from the first mobile application.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein determining that the second active session does not exist comprises determining that the second session token is not stored in the data storage of the mobile device.
  - 19. The method of claim 17, wherein the token request comprises at least one of i) the first session token, ii) a first identifier of a first back-end server on which the first server application is executing, iii) a second identifier of a second back-end server on which the second server application is executing, or iv) an application linking server session token indicative of a third active session between the first mobile application and the application linking server.
  - 20. The method of claim 17, wherein the one or more applications are associated with the first application based at least in part on one or more association criteria, the one or more association criteria comprising a same issuing entity being associated with the first application and each of the one or more applications.

21. A mobile device comprising at least one processor and at least one memory including program code, the at least one memory and the program code configured to, with the processor, cause the mobile device to at least:
- present, to a user of the mobile device, a user interface comprising an information presentation identifying one or more mobile device applications associated with a first mobile device application, wherein the one or more mobile device applications comprise a second mobile device application executable on the mobile device, the first mobile device application is associated with a first server application, and a first session token indicative of a first active session between the first mobile device application and the first server application is stored in data storage of the mobile device;
  
  receive an indication of user interaction with the information presentation corresponding to a request to launch the second mobile device application;
  
  determine that a second active session does not exist between the second mobile device application and a second server application;
  
  generate a token request to enable initiation of the second active session based at least in part on information associated with the first active session;
  
  transmit, to an application linking server, the token request;
  
  receive a token response from the application linking server, the token response comprising a second session token associated with the second active session;
  
  store the second session token in the data storage of the mobile device; and
  
  launch the second mobile device application, wherein launching the second mobile device application comprises transmitting, to the second mobile device application, a parameter indicating that the second mobile device application was launched from the first mobile device application.
- View Dependent Claims (22, 23, 24)
- - 22. The mobile device of claim 21, wherein determining that the second active session does not exist comprises determining that the second session token is not stored in the data storage of the mobile device.
  - 23. The mobile device of claim 21, wherein the token request comprises at least one of i) the first session token, ii) a first identifier of a first back-end server on which the first server application is executing, iii) a second identifier of a second back-end server on which the second server application is executing, or iv) an application linking server session token indicative of a third active session between the first mobile application and the application linking server.
  - 24. The mobile device of claim 21, wherein the one or more applications are associated with the first application based at least in part on one or more association criteria, the one or more association criteria comprising a same issuing entity being associated with the first application and each of the one or more applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fiserv Incorporated
Original Assignee
Fiserv Incorporated
Inventors
Scavo, David Francis, Whiteside, Barbara Wilson
Primary Examiner(s)
Meky, Moustafa M

Application Number

US14/690,956
Publication Number

US 20150229636A1
Time in Patent Office

799 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 9/40   Network security protocols

H04W 12/06   Authentication

Single sign-on processing for associated mobile applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on processing for associated mobile applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links