Communication Session Transfer Between Devices
US-2015020185-A1 · Jan 15, 2015 · US
Active authentication session transfer
US10637650B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10637650-B2 |
| Application number | US-201415521698-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 29, 2014 |
| Priority date | Oct 29, 2014 |
| Publication date | Apr 28, 2020 |
| Grant date | Apr 28, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an example, an active authentication session may b transferred from a first device to a second device. An authentication server may store a new authentication session token for the second device in session storage. The new authentication session token may be derived from an active authentication session token that was received from the first device. The authentication server may also receive an identification value from the first device, which was obtained from the second device, in response to verifying a query by the second device regarding an existence of a locator key based on the identification value in the session storage, the new authentication session token may be transmitted to the second device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for transferring an active authentication session from a first device to a second device, comprising: receiving, by a server, an active authentication session token, an identification value, and an encryption key from the first device, wherein the first device is to obtain the identification value and the encryption key from the second device; deriving, by the server, a new authentication session token for the second device based on the active authentication session token, the new authentication session token differing from the active authentication session token; encrypting, by the server, the new authentication session token with the encryption key received from the first device; storing, by the server, the encrypted new authentication session token in session storage of the server in association with a locator key based on the identification value; receiving, by the server, a query by the second device regarding an existence of the locator key in the session storage; and responsive to verifying the existence of the locator key in the session storage, transmitting, by the server, the encrypted new authentication session token to the second device. 2. The method of claim 1 , further comprising: receiving user credentials from the first device; authenticating the user credentials; creating the active authentication session token; and transmitting the active authentication session token to the first device for storage in a local memory of the first device. 3. The method of claim 1 , further comprising: encoding the identification value and the encryption key in a bar code for output by the second device; transmitting the bar code to the second device to embed into a hypertext transfer protocol (HTML) login page on the second device; transmitting a textual representation of the identification value and the encryption key to the second device for storage in a local memory of the second device, wherein the textual representation is not included in the login page; and deleting the locator key, the encryption key, and the new authentication session token from volatile memory. 4. The method of claim 1 , wherein transmitting the encrypted new authentication session token to the second device further comprises: identifying the locator key in the session storage; transmitting the new authentication session token that is associated with the locator key in the session storage to the second device; and deleting the locator key and the new authentication session token from session storage. 5. The method of claim 1 , further comprising: determining whether the first device was previously validated by the authentication server; and identifying from a flag set in the first device whether the first device supports the transfer of the active authentication session. 6. The method of claim 3 , wherein encoding the identification value and the encryption key further comprises encoding the identification value and the encryption key in a quick response (QR) code. 7. The method of claim 1 , wherein encrypting the new authentication session token further comprises encrypting the new authentication session token using the received encryption key. 8. A non-transitory computer readable medium on which is stored machine readable instructions for transferring an active authentication session of a first device with an authentication server to a second device, the machine readable instructions executable by a processor to: obtain an active authentication session token, an identification value, and an encryption key from the first device, wherein the first device is to acquire the identification value and the encryption key from an output of the second device; generate a new authentication session token for the second device based on the active authentication session token, the new authentication session token differing from the active authentication session token; encrypt the new authentication session token with the encryption key received from the first device, store the encrypted new authentication session token in session storage of the authentication server in association with a locator key based on the identification value; receive a query by the second device regarding an existence of the locator key in the session storage; and responsive to the existence of the locator key in the session storage being verified, send the encrypted new authentication session token to the second device. 9. The non-transitory computer readable medium of claim 8 , wherein the machine readable instructions are further executable by the processor to: receive user credentials from the first device; validate the user credentials; create the active authentication session token; and transmit the active authentication session token to the first device for storage in a local memory of the first device. 10. The non-transitory computer readable medium of claim 8 , wherein to send the encrypted new authentication session token to the second device, the machine readable instructions are further executable by the processor to: identify the locator key in the session storage; transmit the obtained encryption key and the encrypted new authentication session token that are associated with the locator key to the second device; and delete the locator key, the encryption key, and the new authentication session token from the session storage. 11. The non-transitory computer readable medium of claim 8 , wherein the format for output by the second device comprises a datagram, and wherein the datagram is a near field communication (NFC) datagram.
Assignees
Inventors
Classifications
Encoding or coding, e.g. Huffman coding or error correction · CPC title
- H04L9/0819Primary
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
using bar codes · CPC title
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10637650B2 cover?
- In an example, an active authentication session may b transferred from a first device to a second device. An authentication server may store a new authentication session token for the second device in session storage. The new authentication session token may be derived from an active authentication session token that was received from the first device. The authentication server may also receive…
- Who is the assignee on this patent?
- Hewlett Packard Development Co
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0819. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 28 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).