Authenticating mobile applications using policy files

US 9,736,126 B2
Filed: 12/04/2014
Issued: 08/15/2017
Est. Priority Date: 12/04/2014
Status: Active Grant

First Claim

Patent Images

1. A system, comprising a processor and memory to:

receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a list of;

a plurality of security objects to be authenticated,a plurality of computing devices to authenticate the security objects, andan order of authentication;

distribute the key pair and the policy file;

receive an authentication request from a mobile application;

authenticate the mobile application based in part on the key pair and the policy file;

generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair;

authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope;

send the doubly-authenticated scope token to a security gateway for user authentication;

receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope;

receive the grant token from the mobile application; and

generate and send an access token to the mobile application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.

Citations

7 Claims

1. A system, comprising a processor and memory to:
- receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a list of;
  
  a plurality of security objects to be authenticated,a plurality of computing devices to authenticate the security objects, andan order of authentication;
  
  distribute the key pair and the policy file;
  
  receive an authentication request from a mobile application;
  
  authenticate the mobile application based in part on the key pair and the policy file;
  
  generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair;
  
  authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope;
  
  send the doubly-authenticated scope token to a security gateway for user authentication;
  
  receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope;
  
  receive the grant token from the mobile application; and
  
  generate and send an access token to the mobile application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, further comprising a service server accessible by the mobile application using the access token.
  - 3. The system of claim 1, wherein the key pair comprises a private key and a public key.
  - 4. The system of claim 3, wherein the policy file comprises instructions defining types of security checks associated with a service, an order in which the authentications are to be executed, and a device responsible for each authentication.
  - 5. The system of claim 1, wherein the application scope, the user scope, and the device scope comprise an expiration time.
  - 6. The system of claim 1, further comprising a mobile enterprise application platform (MEAP) executable by the processor to validate the access token.
  - 7. The system of claim 1, wherein the scope token further comprises a device identification and a user name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Borovoy, Ishai, Schneider, Haim, Levin, Iddo, Shachor, Gal, Spector, Artem
Primary Examiner(s)
Parsons, Theodore C.
Assistant Examiner(s)
Ho, Thomas

Application Number

US14/560,061
Publication Number

US 20160164851A1
Time in Patent Office

985 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

H04L 12/06   Answer-back mechanisms or c...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

Authenticating mobile applications using policy files

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating mobile applications using policy files

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links