Single sign on for native and wrapped web resources on mobile devices

US 9,819,668 B2
Filed: 10/22/2014
Issued: 11/14/2017
Est. Priority Date: 10/22/2014
Status: Active Grant

First Claim

Patent Images

1. A method of operating a mobile device, the method comprising:

performing operations as follows on a processor of the mobile device;

associating, by the processor of the mobile device, a single sign on module with a native application residing on the mobile device;

detecting, by the processor of the mobile device using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server;

determining, by the processor of the mobile device using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server;

requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device;

receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user;

sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server;

receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server;

sending, by the processor of the mobile device using the single sign on module, the token to the identity provider server to request an identity assertion;

receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; and

providing, by the processor of the mobile device using the single sign on module, the identity assertion to the native application;

sending, by the processor of the mobile device using the native application, a request to access the resource to the service provider server, the request to access the resource comprising the identity assertion; and

providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request;

wherein the service provider server is independent of the identity provider server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes performing operations as follows on a processor: associating a single sign on module with a native application residing on a mobile device, detecting, using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server, determining, using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server, sending, using the single sign on module, the token to the identity provider server when the token is determined to be stored on the mobile device, receiving, at the single sign on module, an identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server, and providing, using the single sign on module, the identity assertion to the native application. The service provider server is independent of the identity provider server.

15 Citations

View as Search Results

17 Claims

1. A method of operating a mobile device, the method comprising:
- performing operations as follows on a processor of the mobile device;
  
  associating, by the processor of the mobile device, a single sign on module with a native application residing on the mobile device;
  
  detecting, by the processor of the mobile device using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server;
  
  determining, by the processor of the mobile device using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server;
  
  requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device;
  
  receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user;
  
  sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server;
  
  receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server;
  
  sending, by the processor of the mobile device using the single sign on module, the token to the identity provider server to request an identity assertion;
  
  receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; and
  
  providing, by the processor of the mobile device using the single sign on module, the identity assertion to the native application;
  
  sending, by the processor of the mobile device using the native application, a request to access the resource to the service provider server, the request to access the resource comprising the identity assertion; and
  
  providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request;
  
  wherein the service provider server is independent of the identity provider server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - wherein the identity assertion comprises a Security Association Markup Language (SAML) identity assertion.
  - 3. The method of claim 1, wherein the identity credentials comprise a user name and a user password.
  - 4. The method of claim 1, wherein the identity credentials comprise multi-factor authentication credentials comprising answers to multiple questions.
  - 5. The method of claim 4, wherein the identity credentials comprise a username, a user password, and the multi-factor authentication credentials comprising answers to multiple questions.
  - 6. The method of claim 1, wherein the token has an expiration date associated therewith, the token being invalid after the expiration date.

7. A method of operating a mobile device, the method comprising:
- performing operations as follows on a processor of the mobile device;
  
  associating, by the processor of the mobile device, a single sign on module with a browser residing on a mobile device;
  
  detecting, by the processor of the mobile device using the single sign on module, user invocation of a Web resource provided by a service provider server using the browser;
  
  determining, by the processor of the mobile device using the single sign on module, whether the mobile device has the token stored thereon responsive to user invocation of the browser;
  
  requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device;
  
  receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user;
  
  sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server;
  
  receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server;
  
  sending, by the processor of the mobile device using the single sign on module, the token to an identity provider server to request an identity assertion, the token indicating that the user has been previously authenticated with the identity provider server;
  
  receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; and
  
  providing, by the processor of the mobile device using the single sign on module, the identity assertion to the browser;
  
  sending, by the processor of the mobile device using the browser, a request to access the Web resource to the service provider server, the request to access the resource comprising the identity assertion; and
  
  providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request;
  
  wherein the service provider server is independent of the identity provider server.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - wherein the identity assertion comprises a Security Association Markup Language (SAML) identity assertion.
  - 9. The method of claim 7, wherein the identity credentials comprise a user name and a user password.
  - 10. The method of claim 7, wherein the identity credentials comprise multi-factor authentication credentials comprising answers to multiple questions.
  - 11. The method of claim 10, wherein the identity credentials comprise a username, a user password, and the multi-factor authentication credentials comprising answers to multiple questions.
  - 12. The method of claim 7, wherein the token has an expiration date associated therewith, the token being invalid after the expiration date.

13. A computer program product, comprising:
- a non-transitory computer readable storage medium comprising computer readable program code embodied in the medium that when executed by a processor of a mobile device causes the processor of the mobile device to perform operations comprising;
  
  associating, by the processor of the mobile device, a single sign on module with a native application residing on the mobile device;
  
  detecting, by the processor of the mobile device using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server;
  
  determining, by the processor of the mobile device using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server;
  
  requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device;
  
  receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user;
  
  sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server;
  
  receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server;
  
  sending, by the processor of the mobile device using the single sign on module, the token to the identity provider server to request an identity assertion;
  
  receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion;
  
  providing, by the processor of the mobile device using the single sign on module, the identity assertion to the native application;
  
  sending, by the processor of the mobile device using the native application, a request to access the resource to the service provider server, the request to access the resource comprising the identity assertion; and
  
  providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request;
  
  wherein the service provider server is independent of the identity provider server.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein the identity credentials comprise multi-factor authentication credentials comprising answers to multiple questions.
  - 15. The computer program product of claim 13, wherein the token has an expiration date associated therewith, the token being invalid after the expiration date.
  - 16. The computer program product of claim 14, wherein the identity credentials comprise a username, a user password, and the multi-factor authentication credentials comprising answers to multiple questions.
  - 17. The computer program product of claim 13, further comprising:
    - wherein the identity assertion comprises a Security Association Markup Language (SAML) identity assertion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Krishna, Vikas
Primary Examiner(s)
Kabir, Jahangir

Application Number

US14/520,643
Publication Number

US 20160119323A1
Time in Patent Office

1,119 Days
Field of Search

726 4, 726 5, 726 8, 726 9
US Class Current
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Single sign on for native and wrapped web resources on mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign on for native and wrapped web resources on mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links