发明名称 |
Mobile multifactor single-sign-on authentication |
摘要 |
Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device's native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information. |
申请公布号 |
US9369457(B2) |
申请公布日期 |
2016.06.14 |
申请号 |
US201414316657 |
申请日期 |
2014.06.26 |
申请人 |
SecureAuth Corporation |
发明人 |
Grajek Garret Florian;Lo Jeff Chiwai;Phillips Robert Jason;Tung Shu Jen |
分类号 |
H04L29/06;G06F17/30;G06F21/31;G06F21/41 |
主分类号 |
H04L29/06 |
代理机构 |
Knobbe, Martens, Olson & Bear, LLP |
代理人 |
Knobbe, Martens, Olson & Bear, LLP |
主权项 |
1. A computer-implemented method for providing single-sign-on (SSO) authentication to a user of a client application on a mobile device, the computer-implemented method comprising:
receiving, from an independent browser on a mobile device, a first request to access a first uniform resource locator (URL) associated with a first non-browser mobile application executing on the mobile device; authenticating the user interacting with the mobile device at least partly by: receiving first authentication information related to the user from the independent browser, and verifying the first authentication information with an identity database; identifying a first URL mapping configured to invoke the first non-browser mobile application; sending, to the independent browser, a browser-based token, the first URL mapping, and a first client application identity for use by the first non-browser mobile application; receiving, from the independent browser on the mobile device, a second request to access a second uniform resource locator (URL) associated with a second non-browser mobile application executing on the mobile device, wherein the second request comprises the browser-based token; verifying, with the identity database, non-revocation of the browser-based token; identifying a second URL mapping configured to invoke the second non-browser mobile application; and sending, to the independent browser, a second client application identity for use by the second non-browser mobile application and the second URL mapping, said method performed in its entirety by a computer system that is separate from the mobile device, wherein the independent browser has not been specifically configured to provide identity information for non-browser mobile applications. |
地址 |
Irvine CA US |