METHOD AND SYSTEM FOR SECURED INTER-APPLICATION COMMUNICATION IN MOBILE DEVICES

US 20140095874A1
Filed: 09/25/2013
Published: 04/03/2014
Est. Priority Date: 10/01/2012
Status: Active Grant

First Claim

Patent Images

1. A method for secured inter-application communication, comprising:

transferring information from a first application in a mobile computing device to a second application in the mobile computing device using a second socket associated with the second application, the second socket opened by an operating system based on a request by the second application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure describes a method for accessing network resources which includes receiving by a first application in a mobile computing device sign-in information from a user and enabling the user to sign in to a second application with the first application to access network resources from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an authorization grant from the resource server to enable the second application to access the network resources, the mobile computing device coupled with the resource server via a network.

103 Citations

View as Search Results

22 Claims

1. A method for secured inter-application communication, comprising:
- transferring information from a first application in a mobile computing device to a second application in the mobile computing device using a second socket associated with the second application, the second socket opened by an operating system based on a request by the second application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising communicating information about the second socket to the first application.
  - 3. The method of claim 2, further comprising:
    - transferring information from the second application in the mobile computing device to the first application in the mobile computing device using a first socket associated with the first application, the first socket opened by the operating system based on a request by the first application.
  - 4. The method of claim 3, further comprising communicating information about the first socket to the second application.
  - 5. The method of claim 4, further comprising associating the first socket with the second socket.
  - 6. The method of claim 1, further comprising:
    - assigning a first port identification (ID) to the first socket and a second port ID to the second socket, the first port ID and the second port ID associated with the mobile computing device.

7. A computer-implemented method for accessing network resources using single sign-in information, comprising:
- receiving by a first application in a mobile computing device sign-in information from a user; and
  
  enabling the user to sign in to a second application with the first application to allow the second application to access network resources on behalf of the user from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an access token from the resource server to allow the second application to access the network resources, the mobile computing device coupled with the resource server via a network.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the first application ID is associated with an application distribution server where the second application is downloaded from, the mobile computing device coupled with the application distribution server via the network.
  - 9. The method of claim 8, further comprising communicating the first application ID to a verification server to verify that the second application is a trusted application, the mobile computing device coupled with the verification server via the network.
  - 10. The method of claim 8, wherein the second application is configured to generate an encryption key pair including a public key and a private key, and wherein the public key is communicated to the first application along with a second application identification (ID) assigned to the second application by the resource server during registration of the second application with the resource server.
  - 11. The method of claim 10, further comprising:
    - submitting a request, by the first application, for an authorization from the resource server, wherein the request includes (a) the second application ID assigned to the second application and the public key, and (b) a redirect link to an entry point in the second application; and
      
      receiving, by the first application, an authorization grant from the resource server based on the second application ID having been verified by the resource server.
  - 12. The method of claim 11, further comprising:
    - receiving, by the first application, an authorization by the user to authorize the second application to access the resources from the resource server on behalf of the user; and
      
      communicating, by the first application, the authorization by the user and the authorization grant to the resource server.
  - 13. The method of claim 12, further comprising:
    - receiving, by the first application, an access token from the resource server, the access token to be used by the second application to access the resources in the resource server on behalf of the user;
      
      encrypting, by the first application, the access token using the public key received from the second application; and
      
      communicating the encrypted access token, by the first application, to the second application.

14. The method of claim 14, further comprising:
- decryping the encrypted access token, by the second application, using the private key to generate a decrypted access token;
  
  using the decrypted access token, by the second application, to access the network resources from the resource server; and
  
  delivering the network resources, by the second application, to the user.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein communication between the first application and the second application is based on an inter-process communication (IPC) protocol.

16. A computer program product, comprising a computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method comprising:
- receiving by a first application in a mobile computing device sign-in information from a user; and
  
  enabling the user to sign in to a second application with the first application to access network resources from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an access token from the resource server to enable the second application to access the network resources, the mobile computing device coupled with the resource server via a network.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer program product of claim 16, wherein the first application ID is associated with an application distribution server where the second application is downloaded from, the mobile computing device coupled with the application distribution server via the network.
  - 18. The computer program product of claim 17, further comprising communicating the first application ID to a verification server to verify that the second application is a trusted application, the mobile computing device coupled with the verification server via the network.
  - 19. The computer program product of claim 18, wherein the second application is configured to generate an encryption key pair including a public key and a private key, and wherein the public key is communicated to the first application along with a second application identification (ID) assigned to the second application by the resource server during registration of the second application with the resource server.
  - 20. The computer program product of claim 19, further comprising:
    - submitting a request, by the first application, for an authorization from the resource server, wherein the request includes (a) the second application ID assigned to the second application and the public key, and (b) a redirect link to an entry point in the second application;
      
      receiving, by the first application, an authorization grant from the resource server based on the second application ID having been verified by the resource server.receiving, by the first application, an authorization by the user to authorize the second application to access the resources from the resource server on behalf of the user; and
      
      communicating, by the first application, the authorization by the user and the authorization grant to the resource server.
  - 21. The computer program product of claim 20, further comprising:
    - receiving, by the first application, an access token from the resource server, the access token to be used by the second application to access the resources in the resource server on behalf of the user;
      
      encrypting, by the first application, the access token using the public key received from the second application; and
      
      communicating the encrypted access token, by the first application, to the second application.
  - 22. The computer program product of claim 21, further comprising:
    - decryping the encrypted access token, by the second application, using the private key to generate a decrypted access token;
      
      using the decrypted access token, by the second application, to access the network resources from the resource server; and
      
      delivering the network resources, by the second application, to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Desai, Sachin, Fischer, Ronald, Liu, Qingqing

Granted Patent

US 9,442,778 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 9/54   Interprogram communication

G06F 9/544   Buffers; Shared memory; Pipes

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04W 12/06   Authentication

METHOD AND SYSTEM FOR SECURED INTER-APPLICATION COMMUNICATION IN MOBILE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

103 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURED INTER-APPLICATION COMMUNICATION IN MOBILE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links