Method and apparatus for providing authentication session sharing

US 9,807,080 B2
Filed: 04/05/2016
Issued: 10/31/2017
Est. Priority Date: 02/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at an interface of a user device, an authentication context associated with a first service;

initiating, by the user device, a storage of the authentication context in a first cache in the user device associated with the interface;

converting, by the user device, the authentication context into a converted authentication context based, at least in part, on an authentication protocol associated with a second service, wherein when the authentication context is cookie-based, the converted authentication context is token-based, and when the authentication context is token-based, the converted authentication context is cookie-based; and

initiating, by the user device, a population of the converted authentication context to a second cache in the user device associated with the second service, the second cache not directly linked to the interface.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for providing authentication session sharing between browsers and run time environments in network communication. An interface receives an authentication context associated with a first service. The interface causes, at least in part, storage of the authentication context in a first cache associated with the interface. The interface causes, at least in part, population of the authentication context to a second cache associated with a second service. The second cache is not directly linked to the interface. The authentication context in the second cache authenticates access to the second service.

Citations

17 Claims

1. A method comprising:
- receiving, at an interface of a user device, an authentication context associated with a first service;
  
  initiating, by the user device, a storage of the authentication context in a first cache in the user device associated with the interface;
  
  converting, by the user device, the authentication context into a converted authentication context based, at least in part, on an authentication protocol associated with a second service, wherein when the authentication context is cookie-based, the converted authentication context is token-based, and when the authentication context is token-based, the converted authentication context is cookie-based; and
  
  initiating, by the user device, a population of the converted authentication context to a second cache in the user device associated with the second service, the second cache not directly linked to the interface.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the cookie-based authentication context is used by a browser based application, and the token-based authentication context is executed in a run-time environment.
  - 3. The method of claim 1, further comprising:
    - receiving, from the first service, a request to authenticate a user;
      
      requesting authentication credentials associated with the user;
      
      receiving the authentication credentials based on the request;
      
      causing, at least in part, transmission of the authentication credentials to an authentication server, wherein the authentication context is received from the authentication server based, at least in part, on the authentication credentials.
  - 4. The method of claim 1, wherein the authentication context is a single sign on authentication context applicable to both the first service and the second service.
  - 5. The method of claim 1, wherein the first service and the second service are executing on a common device, and wherein the converted authentication context includes a cookie derived from a token and encrypted using a user name and a password.
  - 6. The method of claim 1, wherein the user device is a mobile phone.

7. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus embedded in a user device to perform at least the following,receive, at an interface of the user device, an authentication context associated with a first service;
  
  initiate a storage of the authentication context in a first cache in the user device associated with the interface;
  
  convert the authentication context into a converted authentication context based, at least in part, on an authentication protocol associated with a second service, wherein when the authentication context is cookie-based, the converted authentication context is token-based, and when the authentication context is token-based, the converted authentication context is cookie-based; and
  
  initiate a population of the converted authentication context to a second cache in the user device associated with the second service, the second cache not directly linked to the interface.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, wherein the cookie-based authentication context is used by a browser based application, and the token-based authentication context is executed in a run-time environment.
  - 9. The apparatus of claim 7, wherein the apparatus is further caused to:
    - receive, from the first service, a request to authenticate a user;
      
      request authentication credentials associated with the user;
      
      receive the authentication credentials based on the request;
      
      cause, at least in part, transmission of the authentication credentials to an authentication server, wherein the authentication context is received from the authentication server based, at least in part, on the authentication credentials.
  - 10. The apparatus of claim 7, wherein the authentication context is a single sign on authentication context applicable to both the first service and the second service.
  - 11. The apparatus of claim 7, wherein the first service and the second service are executing on a common device, and wherein the converted authentication context includes a cookie derived from a token and encrypted using a user name and a password.
  - 12. The apparatus of claim 7, wherein the user device is a mobile phone further comprising:
    - user interface circuitry and user interface software configured to facilitate user control of at least some functions of the mobile phone through use of a display and configured to respond to user input; and
      
      the display and display circuitry configured to display at least a portion of a user interface of the mobile phone and also configured to facilitate user control of the at least some functions of the mobile phone.

13. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus embedded in a user device to at least perform the following steps:
- receiving, at an interface of the user device, an authentication context associated with a first service;
  
  initiating a storage of the authentication context in a first cache in the user device associated with the interface;
  
  converting the authentication context into a converted authentication context based, at least in part, on an authentication protocol associated with a second service, wherein when the authentication context is cookie-based, converted authentication context is token-based, and when the authentication context is token-based, the converted authentication context is cookie-based; and
  
  initiating a population of the converted authentication context to a second cache in the user device associated with the second service, the second cache not directly linked to the interface.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer readable storage medium of claim 13, wherein the cookie-based authentication context is used by a browser based application, and the token-based authentication context is executed in a run-time environment.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein the apparatus is caused to further perform:
    - receiving, from the first service, a request to authenticate a user;
      
      requesting authentication credentials associated with the user;
      
      receiving the authentication credentials based on the request;
      
      causing, at least in part, transmission of the authentication credentials to an authentication server, wherein the authentication context is received from the authentication server based, at least in part, on the authentication credentials.
  - 16. The non-transitory computer readable storage medium of claim 13, wherein the authentication context is a single sign on authentication context applicable to both the first service and the second service.
  - 17. The non-transitory computer readable storage medium of claim 13, wherein the first service and the second service are executing on a common device and wherein the converted authentication context includes a cookie derived from a token and encrypted using a user name and a password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Otranen, Jari, Karhinen, Anssi
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Alata, Ayoub

Application Number

US15/091,293
Publication Number

US 20160219042A1
Time in Patent Office

574 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 4/18   Information format or conte...

Method and apparatus for providing authentication session sharing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing authentication session sharing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links