Authenticating mobile applications using policy files
First Claim
1. A system, comprising a processor and memory to:
- receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a list of;
a plurality of security objects to be authenticated,a plurality of computing devices to authenticate the security objects, andan order of authentication;
distribute the key pair and the policy file;
receive an authentication request from a mobile application;
authenticate the mobile application based in part on the key pair and the policy file;
generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair;
authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope;
send the doubly-authenticated scope token to a security gateway for user authentication;
receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope;
receive the grant token from the mobile application; and
generate and send an access token to the mobile application.
1 Assignment
0 Petitions
Accused Products
Abstract
Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.
-
Citations
7 Claims
-
1. A system, comprising a processor and memory to:
-
receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a list of; a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication; distribute the key pair and the policy file; receive an authentication request from a mobile application; authenticate the mobile application based in part on the key pair and the policy file; generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair; authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope; send the doubly-authenticated scope token to a security gateway for user authentication; receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope; receive the grant token from the mobile application; and generate and send an access token to the mobile application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification