Authenticating users during and after suspicious voice calls and browsing
US-2024364684-A1 · Oct 31, 2024 · US
Passporting credentials between a mobile app and a web browser
US9438588B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9438588-B2 |
| Application number | US-201414530329-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 31, 2014 |
| Priority date | Jun 17, 2011 |
| Publication date | Sep 6, 2016 |
| Grant date | Sep 6, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a client device in communication via a network with a server and a common gateway interface; a native app executing on one or more hardware processors of the client device to receive a device session token from the server for authenticating a device session between the native app and the server, the device session token including credentials authenticating a user for a device session between the server and the native app executing on the client device; and an embedded web browser executing on one or more hardware processors of the client device, wherein: the native app invokes the embedded web browser and the native app passes the device session token to the embedded web browser for authentication of a web session between the embedded web browser and the common gateway interface that continues the device session authentication without requiring additional authentication; and the embedded web browser passes the device session token to the common gateway interface and receives from the common gateway interface a web flow authorization token, converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device, for authenticating the web session as a continuation of the device session authenticated by the device session token so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active. 2. The system of claim 1 , wherein the device session token remains valid for returning a flow of execution to the native app from the embedded web browser to continue the device session between the native app and the server from the web session between the embedded web browser and the common gateway interface. 3. The system of claim 1 , wherein the native app refreshes the device session token based on communication back from the embedded web browser during the web session to the native app. 4. The system of claim 1 , wherein the native app monitors one or more uniform resource locators (URL) requested by the embedded web browser and keeps the device session between the native app and the server active so long as the web session is active. 5. The system of claim 1 , wherein: the native app monitors one or more uniform resource locators (URL) requested by the embedded web browser; and the native app calls an appropriate process, in response to the embedded web browser requesting a new URL, to ensure the device session token remains current while the web session is active. 6. The system of claim 1 , wherein communication back from the authenticated web session continuation of the device session to the device session is implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser. 7. The system of claim 1 , wherein: communication back from the authenticated web session continuation of the device session to the device session is implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser; and the authenticated web session continuation of the device session signals an error condition event to the native app by requesting a pre-defined URL. 8. The system of claim 1 , wherein: communication back from the authenticated web session continuation of the device session to the device session is implemented by the native app monitoring uniform resource locators (URL) requested by the embedded web browser; and the authenticated web session continuation of the device session refreshes the device session token for the native app by requesting a pre-defined URL. 9. A system comprising: a server executing on one or more of a plurality of hardware processors for communication with a client device via a network, the server receiving login credentials for a user from the client device for a device session between the server and a native app executing on the client device, and the server returning a device session token including credentials authenticating the user for the device session between the server and the native app; a database in communication with the server and to which the sever has access; a common gateway interface (CGI) executing on one or more of the plurality of hardware processors for communication with the client device via the network, the CGI having access to the database, the CGI receiving the device session token from an embedded browser executing, on the client device, a web flow session between the embedded browser and the CGI; the CGI accessing the database according to the device session token received from the client device and the credentials to retrieve a stored session data, including an authorization object; the CGI determining, based on the device session token received from the client device, the credentials, the stored session data, and the authorization object, whether the device session is active or the device session has expired; and the CGI converting, based on determining the device session is active, the authorization object to a web flow session authorization token to be transmitted to the embedded browser to authenticate the web flow session between the embedded browser and the CGI to continue the device session between the server and the native app with the user already logged in. 10. The system of claim 9 , further comprising: based on determining the device session has expired, the CGI directs the web flow session between the embedded browser and the CGI to dispatch the user into a web login sub-flow. 11. The system of claim 9 , wherein: the device session token provides a CGI parameter that includes information for the CGI to find a correct flow entry point for a desired web flow to be continued from a point in the execution of the native app executing on the client device. 12. The system of claim 9 , wherein the CGI converting the authorization object to a web flow session authorization token further comprises: extracting the credentials from the authorization object to add to the web flow session authorization token. 13. The system of claim 9 , wherein the CGI converting the authorization object to a web flow session authorization token further comprises: adding key information for accessing the database to find information associated with the device session between the server and the native app. 14. A method comprising: receiving a device session token by a client device from a server in communication via a network with the client device, the device session token authenticating a device session between the server and a native app executing on the client device, the device session token including credentials authenticating a user for the device session between the server and the native app executing on the client device; invoking an embedded web browser, by the native app, to execute on the client device; passing by the native app the device session token to the embedded web browser for authentication of a web session that continues the device session with the device session authentication and without requiring additional authentication for the web session between the embedded web browser and a common gateway interface in communication via the network with the client device; passing the device session token by the embedded web browser executing on the client device via the network to the common gateway interface; receiving from the common gateway interface a web flow authorization token converted from the device sessi
Assignees
Inventors
Classifications
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability · CPC title
providing single-sign-on or federations · CPC title
Network arrangements or protocols for supporting network services or applications (user-to-user messaging H04L51/00; network arrangements, protocols or services for supporting real-time applications in data packet communications networks H04L65/00) · CPC title
- H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9438588B2 cover?
- Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for t…
- Who is the assignee on this patent?
- Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 06 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).