What technology area does this patent fall under?

Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jan 14 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Single sign-on for managed mobile devices

US10536447B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10536447-B2
Application number	US-201816220772-A
Country	US
Kind code	B2
Filing date	Dec 14, 2018
Priority date	Jun 15, 2015
Publication date	Jan 14, 2020
Grant date	Jan 14, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.

First claim

Opening claim text (preview).

Therefore, the following is claimed: 1. A non-transitory computer-readable medium embodying a program executable in a server computing device, the program, when executed by the server computing device, being configured to cause the server computing device to at least: receive a request for an identity assertion from an application executed in a mobile device; detect that the requesting mobile device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms; identify a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms; generate, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials; send to the mobile device the response; receive the requested management credential from the mobile device; determine that the received management credential is valid for the identity assertion; and send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion. 2. The non-transitory computer-readable medium of claim 1 , wherein the mobile device has access to the management credential in response to authentication by a device management service of a user of the mobile device. 3. The non-transitory computer-readable medium of claim 1 , wherein, when the specific platform is iOS, the request is generated by an iOS-specific certificate adapter. 4. The non-transitory computer-readable medium of claim 1 , wherein, when the specific platform is ANDROID, the request is generated by a certificate adapter. 5. The non-transitory computer-readable medium of claim 1 , wherein the management credential corresponds to a device management certificate maintained by a management application executed in the mobile device, the management application being configured to manage the application. 6. The non-transitory computer-readable medium of claim 1 , wherein the program, when executed by the server computing device, is further configured to cause the server computing device to at least: receive a second request for a second identity assertion from a second application executed in the mobile device; send to the mobile device a second response to the second request based at least in part on the platform, the second response requesting the management credential; receive the management credential from the mobile device; determine that the management credential is valid for the second identity assertion; and send the second identity assertion to the mobile device in response to determining that the management credential is valid for the second identity assertion. 7. The non-transitory computer-readable medium of claim 1 , wherein the plurality of types of management credentials includes a secure certificate type and a Kerberos profile type. 8. A system, comprising: at least one computing device; and an identity provider service executable by the at least one computing device, the identity provider service configured to cause the at least one computing device to at least: receive a request for an identity assertion from an application executed in a mobile device, the request including a user-agent string; determine that the application corresponds to a webview of a native application rather than a browser by examining the user-agent string; detect that the requesting mobile device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms; identify a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms; generate, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials; send to the mobile device the response; receive the management credential from the mobile device; determine that the management credential is valid for the identity assertion; and send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion. 9. The system of claim 8 , wherein the identified specific platform adapter is an iOS-specific certificate adapter. 10. The system of claim 8 , wherein the request for the identity assertion is redirected to the identity provider service from a service provider. 11. The system of claim 8 , wherein the response to the request is a hypertext transfer protocol (HTTP) response having a 401 authentication required status code. 12. A method, comprising: receiving a request for an identity assertion from an application executed in a client device; detecting that the requesting client device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms; identifying a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms; generating, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials; sending to the client device the response; receiving the management credential from the client device; determining tha

Assignees

Airwatch Llc

Inventors

Classifications

H04L63/0807
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
H04L63/0815Primary
providing single-sign-on or federations · CPC title
H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04W12/06
Authentication · CPC title
H04W12/37
Managing security policies for mobile devices or for controlling mobile applications · CPC title

Patent family

Related publications grouped by family.

View patent family 57517451

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10536447B2 cover?: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, wher…
Who is the assignee on this patent?: Airwatch Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jan 14 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).