Communication method and communication system
US-2024422539-A1 · Dec 19, 2024 · US
Authenticating mobile applications using policy files
US9736126B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9736126-B2 |
| Application number | US-201414560061-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 4, 2014 |
| Priority date | Dec 4, 2014 |
| Publication date | Aug 15, 2017 |
| Grant date | Aug 15, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising a processor and memory to: receive, via a first server, a key pair and a policy file associated with a mobile service from a second server, the policy file comprising a list of: a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication; distribute the key pair and the policy file; receive an authentication request from a mobile application; authenticate the mobile application based in part on the key pair and the policy file; generate a scope token with an application scope in response to authenticating the mobile application, the scope token comprising a signature based in part on the key pair; authenticate a client device corresponding to the mobile application and a user to generate a doubly-authenticated scope token comprising a device scope and application authenticity scope; send the doubly-authenticated scope token to a security gateway for user authentication; receive a trebly-authenticated scope token with a grant token request and send a grant token to the mobile application, the trebly authenticated scope token to include a user scope; receive the grant token from the mobile application; and generate and send an access token to the mobile application. 2. The system of claim 1 , further comprising a service server accessible by the mobile application using the access token. 3. The system of claim 1 , wherein the key pair comprises a private key and a public key. 4. The system of claim 3 , wherein the policy file comprises instructions defining types of security checks associated with a service, an order in which the authentications are to be executed, and a device responsible for each authentication. 5. The system of claim 1 , wherein the application scope, the user scope, and the device scope comprise an expiration time. 6. The system of claim 1 , further comprising a mobile enterprise application platform (MEAP) executable by the processor to validate the access token. 7. The system of claim 1 , wherein the scope token further comprises a device identification and a user name.
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04W12/06Primary
Authentication · CPC title
providing single-sign-on or federations · CPC title
Program or device authentication · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9736126B2 cover?
- Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. Th…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 15 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).