What technology area does this patent fall under?

Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Single sign on (SSO) capability for services accessed through messages

US11516202B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11516202-B2
Application number	US-202016790776-A
Country	US
Kind code	B2
Filing date	Feb 14, 2020
Priority date	Dec 26, 2019
Publication date	Nov 29, 2022
Grant date	Nov 29, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed are various approaches for facilitating single sign-on (SSO) for third-party services that are accessible through messages (e.g., email) received by a user. A user can receive a message that includes an embedded URL or link that opens in a third-party service that requires authentication. Instead of requiring the user to enter authentication credentials for accessing the third-party service, a tunnel service can be used to intercept requests for authentication and redirect the requests to an identity manager that can issue a SSO token following an authentication of the user and device. Upon supplying the third-party service with the SSO token, the user can access the content associated with the third-party service without entering authentication credentials.

First claim

Opening claim text (preview).

What is claimed is: 1. A system for implementing single sign on (SSO) for third-party services accessible through received messages, the system comprising: a client device comprising a processor and a memory; a first application executable in the client device, wherein, when executed, the first application causes the client device to at least: receive an email message associated with a third-party service, the email message including a selectable component configured to redirect a user to the third-party service upon selection, the third-party service requiring authentication of the user for access to content; send a request for the content associated with the third-party service in response to a selection of the selectable component; initialize a second application configured to intercept traffic between a network and the first application; and render a user interface comprising the content associated with the third-party service in response to providing a SSO token to the third-party service for authentication, and the second application executable in the client device, wherein, when executed, the second application causes the client device to at least: intercept an authentication request from the third-party service; redirect the authentication request and a device certificate associated with the client device to an identity manager to obtain the SSO token; and receive the SSO token from the identity manager. 2. The system of claim 1 , wherein, when executed, the first application causes the client device to receive a user request to enable a SSO connector configured to interact with authenticating services. 3. The system of claim 2 , wherein, when executed, the first application causes the client device to send a request to the SSO connector for certificate data associated with the client device, the certificate data including a device certificate. 4. The system of claim 2 , wherein the SSO connector is configured to comply with an administrator-defined authentication mechanism. 5. The system of claim 1 , wherein the selectable component is an embedded uniform resource locator (URL). 6. The system of claim 1 , wherein, when executed, the first application causes the client device to at least: generate a prompt requesting the user to select the selectable component; and display the prompt on a display of the client device. 7. The system of claim 1 , wherein the second application provides the SSO token to the first application in response to receiving the SSO token from the identity manager. 8. A method for implementing single sign on (SSO) for third-party services accessible through received messages, the method comprising: receiving, by a first application installed on a client device, an email message associated with a third-party service, the email message including a selectable component configured to redirect a user to a third-party service upon selection, the third-party service requiring authentication of the user for access to content; sending, by the first application, a request for the content associated with the third-party service in response to a selection of the selectable component; initializing, by the first application, a second application configured to intercept traffic between a network and the first application; intercepting, by the second application, an authentication request from the third-party service; redirecting, by the second application, the authentication request and a device certificate associated with the client device to an identity manager to obtain a SSO token; receiving, by the second application, the SSO token from the identity manager; and rendering, by the first application, a user interface comprising the content associated with the third-party service in response to providing the SSO token to the third-party service for authentication. 9. The method of claim 8 , further comprising receiving, by the first application, a user request to enable a SSO connector configured to interact with authenticating services. 10. The method of claim 9 , further comprising sending, by the first application, a request to the SSO connector for certificate data associated with the client device, the certificate data including a device certificate. 11. The method of claim 9 , wherein the SSO connector is configured to comply with an administrator-defined authentication mechanism. 12. The method of claim 8 , wherein the selectable component is an embedded uniform resource locator (URL). 13. The method of claim 8 , further comprising: generating, by the first application, a prompt requesting the user to select the selectable component; and displaying, by the first application, the prompt on a display of the client device. 14. The method of claim 8 , wherein the second application provides the SSO token to the first application in response to receiving the SSO token from the identity manager. 15. A non-transitory computer readable medium for implementing single sign on (SSO) for third-party services accessible through received messages, the non-transitory computer readable medium comprising machine-readable instructions that, when executed by a processor of a client device, cause the client device to at least: receive, by a first application executed by the client device, an email message associated with a third-party service, the email message including a selectable component configured to redirect a user to a third-party service upon selection, the third-party service requiring authentication of the user for access of content; send, by the first application executed by the client device, a request for the content associated with the third-party service in response to a selection of the selectable component; initialize, by the first application executed by the client device, a second application, the second application being configured to intercept traffic between a network and the first application; intercept, by the second application executed by the client device, an authentication request from the third-party service; redirect, by the second application executed by the client device, the authentication request and a device certificate associated with the client device to an identity manager to obtain a SSO token; receive, by the second application executed by the client device, the SSO token from the identity manager; and render, by the first application executed by the client device, a user interface comprising the content associated with the third-party service in response to providing the SSO token to the third-party service for authentication. 16. The non-transitory computer readable medium of claim 15 , wherein the machine-readable instructions, when executed by the processor of the client device, further cause the client device to at least receive, by the first application, a user request to enable a SSO connector configured to interact with authenticating services. 17. The non-transitory computer readable medium of claim 16 , wherein the machine-readable instructions, when executed by the processor of the client device, further cause the client device to at least send, by the first application, a request to the SSO connector for certificate data associated with the client device, the certificate data including a device certificate. 18. The non-transitory computer readable medium of claim 15 , wherein the selectable component is an embedded uniform resource locator (URL). 19. The non-transitory computer readable medium of claim 15 , wherein the machine-readable instructions,

Assignees

Vmware Inc

Inventors

Classifications

H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/0815Primary
providing single-sign-on or federations · CPC title
H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L63/029
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
H04L63/30
for supporting lawful interception, monitoring or retaining of communications or communication related information (circuit switched telephony call monitoring H04M3/2281) · CPC title

Patent family

Related publications grouped by family.

View patent family 76547335

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11516202B2 cover?: Disclosed are various approaches for facilitating single sign-on (SSO) for third-party services that are accessible through messages (e.g., email) received by a user. A user can receive a message that includes an embedded URL or link that opens in a third-party service that requires authentication. Instead of requiring the user to enter authentication credentials for accessing the third-party s…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).