Implementing single sign-on across a heterogeneous collection of client/server and web-based applications

US 9,485,239 B2
Filed: 07/17/2014
Issued: 11/01/2016
Est. Priority Date: 04/29/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method, comprising:

establishing, based on an authentication credential provided by a user via a first client application, a first authenticated session for a computing device, the first authenticated session being associated with the first client application;

generating a master authentication token and a first authentication token corresponding to the first authentication session;

responsive to an authentication request associated with a second client application, generating, based on the master authentication token and an identification of the second client application, a second authentication token comprising a session identifier different from a session identifier of the first authentication token; and

using the second authentication token to establish a second authenticated session for the computing device, the second authenticated session being associated with the second client application.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application.

Citations

20 Claims

1. A method, comprising:
- establishing, based on an authentication credential provided by a user via a first client application, a first authenticated session for a computing device, the first authenticated session being associated with the first client application;
  
  generating a master authentication token and a first authentication token corresponding to the first authentication session;
  
  responsive to an authentication request associated with a second client application, generating, based on the master authentication token and an identification of the second client application, a second authentication token comprising a session identifier different from a session identifier of the first authentication token; and
  
  using the second authentication token to establish a second authenticated session for the computing device, the second authenticated session being associated with the second client application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the computing device comprises a mobile device having a wireless network connection with one or more servers associated with the first client application, and a wireless network connection with one or more servers associated with the second client application.
  - 3. The method of claim 1, wherein the computing device comprises a mobile phone.
  - 4. The method of claim 1, wherein the first client application comprises an application executing in a browser application executing on the computing device, and the second client application comprises a different application executing in the browser application.
  - 5. The method of claim 1, wherein the first client application comprises an application executing in a browser application executing on the computing device, and the second client application comprises a non-browser application executing on the computing device.
  - 6. The method of claim 1, wherein the first client application comprises a non-browser application executing on the computing device, and the second client application comprises an application executing in a browser application executing on the computing device.
  - 7. The method of claim 1, wherein the first client application comprises a non-browser application executing on the computing device, and the second client application comprises a different non-browser application executing on the computing device.

8. A system, comprising:
- at least one processor; and
  
  a memory storing instructions that when executed by the at least one processor cause the system to;
  
  establish, based on an authentication credential provided by a user via a first client application, a first authenticated session for a computing device, the first authenticated session being associated with the first client application;
  
  generate a master authentication token and a first authentication token corresponding to the first authentication session;
  
  responsive to an authentication request associated with a second client application, generate, based on the master authentication token and an identification of the second client application, a second authentication token comprising a session identifier different from a session identifier of the first authentication token; and
  
  use the second authentication token to establish a second authenticated session for the computing device, the second authenticated session being associated with the second client application.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the computing device comprises a mobile phone.
  - 10. The system of claim 8, wherein the first client application comprises an application executing in a browser application executing on the computing device, and the second client application comprises a different application executing in the browser application.
  - 11. The system of claim 8, wherein the first client application comprises an application executing in a browser application executing on the computing device, and the second client application comprises a non-browser application executing on the computing device.
  - 12. The system of claim 8, wherein the first client application comprises a non-browser application executing on the computing device, and the second client application comprises an application executing in a browser application executing on the computing device.
  - 13. The system of claim 8, wherein the first client application comprises a non-browser application executing on the computing device, and the second client application comprises a different non-browser application executing on the computing device.

14. One or more non-transitory computer-readable media having instructions stored thereon that when executed by one or more computers cause the one or more computers to:
- establish, based on an authentication credential provided by a user via a first client application, a first authenticated session for a computing device, the first authenticated session being associated with the first client application;
  
  generate a master authentication token and a first authentication token corresponding to the first authentication session;
  
  responsive to an authentication request associated with a second client application, generate, based on the master authentication token and an identification of the second client application, a second authentication token comprising a session identifier different from a session identifier of the first authentication token; and
  
  use the second authentication token to establish a second authenticated session for the computing device, the second authenticated session being associated with the second client application.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The one or more non-transitory computer-readable media of claim 14, wherein the computing device comprises a mobile device having a wireless network connection with one or more servers associated with the first client application, and a wireless network connection with one or more servers associated with the second client application.
  - 16. The one or more non-transitory computer-readable media of claim 14, wherein the computing device comprises a mobile phone.
  - 17. The one or more non-transitory computer-readable media of claim 14, wherein the first client application comprises an application executing in a browser application executing on the computing device, and the second client application comprises a different application executing in the browser application.
  - 18. The one or more non-transitory computer-readable media of claim 14, wherein the first client application comprises an application executing in a browser application executing on the computing device, and the second client application comprises a non-browser application executing on the computing device.
  - 19. The one or more non-transitory computer-readable media of claim 14, wherein the first client application comprises a non-browser application executing on the computing device, and the second client application comprises an application executing in a browser application executing on the computing device.
  - 20. The one or more non-transitory computer-readable media of claim 14, wherein the first client application comprises a non-browser application executing on the computing device, and the second client application comprises a different non-browser application executing on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Sanin, Aleksey, Toomey, Christopher, Keister, Alan, Wick, Andrew L., Watkins, Robert, Zhang, Xiaopeng, Richards, Russell, Eaves, Donald
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/334,586
Publication Number

US 20140325621A1
Time in Patent Office

838 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06Q 20/3674   involving authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

Implementing single sign-on across a heterogeneous collection of client/server and web-based applications

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Implementing single sign-on across a heterogeneous collection of client/server and web-based applications

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links