Single sign-on without a broker application
US-9692745-B2 · Jun 27, 2017 · US
Managing access to resources
US10284532B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10284532-B2 |
| Application number | US-201615053805-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 25, 2016 |
| Priority date | Jul 31, 2015 |
| Publication date | May 7, 2019 |
| Grant date | May 7, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems for managing access to a resource by one of a plurality of applications. The method comprises: storing, in a first storage area associated with a first application, a first credential for use in accessing the resource; receiving, at a second application, a message comprising data for determining that the first application stores a validated credential for accessing the resource; sending a request for the validated credential from the second application to the first application; receiving the first credential at the second application from the first application in response to the request sent; and storing the first credential in a second storage area associated with the second application; wherein the message received at the second application is received from a server system, remote from the plurality of applications, which maintains data indicating a subset of the plurality of applications which store respective validated credentials for accessing the resource.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: storing, in a first storage area associated with a first application of a plurality of applications, a first credential for use in accessing a resource, wherein the first credential is received via a user interface in response to a prompt generated by the first application that prompts a user to input the first credential for use in accessing the resource; receiving, at a second application of the plurality of applications, a message comprising data for use in determining that the first application stores a validated credential for accessing the resource, wherein the message received at the second application is received from a server system, remote from the plurality of applications, which maintains data indicating a subset of the plurality of applications which store respective validated credentials for accessing the resource; sending a request for the validated credential from the second application to the first application based on the message; receiving the first credential at the second application from the first application in response to the request sent from the second application to the first application, wherein the second application is refrained from prompting the user to input the first credential for use in accessing the resource; storing the first credential in a second storage area associated with the second application; and sending a notification to the server system, remote from the plurality of applications, indicating that the second storage area associated with the second application stores a copy of the first credential. 2. The method of claim 1 , wherein the request for the validated credential is sent from the second application to the first application in response to a request to access the resource received at the second application. 3. The method of claim 1 , wherein the second application stores a second credential and the request for the validated credential is sent from the second application to the first application in response to determining that the second credential is invalid in respect of the resource. 4. The method of claim 1 , further comprising accessing the resource by the second application using the first credential received from the first application. 5. The method of claim 1 , wherein the first credential comprises an encrypted secret for accessing the resource. 6. The method of claim 5 , further comprising decrypting the encrypted secret at the second application using a cryptographic key, wherein the cryptographic key is received at the second application from the server system. 7. The method of claim 6 , wherein the cryptographic key is stored in volatile memory associated with the second application. 8. The method of claim 6 , wherein the cryptographic key is received at the second application from the server system as part of an authentication session between the second application and the server system. 9. The method of claim 1 , wherein the resource is located at a resource server remote from the plurality of applications. 10. The method of claim 1 , wherein the message received at the second application is received as part of a synchronization session between the second application and the server system. 11. The method of claim 1 , wherein the data received at the second application comprises a first timestamp which indicates a time at which the first credential was verified as providing access to the resource by the second application. 12. The method of claim 11 , wherein the second application stores a second credential and a second timestamp indicating a time at which the second credential was verified as providing access to the resource by the second application. 13. The method of claim 12 , wherein the request for a validated credential is sent from the second application to the first application in response to determining that the time indicated by the first timestamp is later than the time indicated by the second timestamp. 14. A method comprising: storing, at a server system remote from a plurality of applications, data indicating a subset of the plurality of applications which store respective validated credentials for accessing a resource; receiving, at the server system remote from the plurality of applications, a notification from a first application in the plurality of applications, wherein the notification indicates that the first application has successfully accessed the resource using a first credential stored in working memory associated with the first application, wherein the first credential is received via a user interface in response to a prompt generated by the first application that prompts a user to input the first credential for use in accessing the resource; updating the data based on the notification received from the first application to indicate that the working memory associated with the first application stores a validated credential for the resource; sending, from the server system to a second application in the plurality of applications, data for use in determining that the first application stores a validated credential for the resource, wherein the second application is refrained from prompting the user to input the first credential for use in accessing the resource; receiving, a second notification from the second application indicating that the second application stores a copy of the first credential; and updating the data based on the second notification received from the second application to indicate that the second application stores a copy of the validated credential for the resource. 15. The method of claim 14 , wherein the notification received at the server system from the first application comprises data indicative of the first credential. 16. The method of claim 15 , wherein the data indicative of the first credential is a hash of the first credential, the hash of the first credential being generated by the first application. 17. The method of claim 15 , wherein the data indicating the subset of the plurality of applications which store respective validated credentials for accessing the resource includes data indicative of a second credential stored by the second application, and the method further comprises: determining, at the server system, whether the first credential is different from the second credential, based on a comparison of the data indicative of the first credential and the data indicative of the second credential; and sending, from the server system to the second application in the plurality of applications, data indicating that the second credential stored by the second application is invalid, when it is determined that the first credential is different from the second credential. 18. The method of claim 1 , wherein the first application is configured on a first computing device and the second application is configured on a second computing device different from the first computing device. 19. A non-transitory computer-readable storage medium comprising computer-executable instructions which, when executed by a processor, cause a computing device to perform a method comprising: storing, in a first storage area associated with a first application of a plurality of applications, a first credential for accessing a resource, wherein the first credential is received via a user interface in response to a prompt generated by the first application that prompts a user to input the first credential for use in accessing the resource; receiving, at a second application of the plurality o
Assignees
Inventors
Classifications
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Key distribution {or management, e.g. generation, sharing or updating, of cryptographic keys or passwords (network architectures or network communication protocols for supporting key management in a packet data network H04L63/06)} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10284532B2 cover?
- Methods and systems for managing access to a resource by one of a plurality of applications. The method comprises: storing, in a first storage area associated with a first application, a first credential for use in accessing the resource; receiving, at a second application, a message comprising data for determining that the first application stores a validated credential for accessing the resou…
- Who is the assignee on this patent?
- Blackberry Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 07 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).