Resource access authorization
US-9183361-B2 · Nov 10, 2015 · US
Inter-application delegated authentication
US9888000B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9888000-B2 |
| Application number | US-201715483989-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 10, 2017 |
| Priority date | Apr 29, 2014 |
| Publication date | Feb 6, 2018 |
| Grant date | Feb 6, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for authenticating an application executing on a client device, the method comprising: receiving an authentication request from a first application executing on a client device; identifying, at a server remote from the client device, a plurality of trusted applications executing on the client device to which authentication of the first application is delegable, the plurality of trusted applications being previously authenticated using a device profile, the device profile comprising information associated with the client device; selecting a second application from the plurality of applications based on the device profile; and authenticating the first application with the device profile associated with the client device based on the first application continuing authentication via the selected second application. 2. The method of claim 1 , wherein authenticating the first application comprises: receiving a verification request from the selected second application for authenticating the first application; and in response to receiving the verification request, transmitting an authentication token to the first application indicating that the first application is authenticated with the device profile associated with the client device. 3. The method of claim 1 , wherein the device profile information includes a combination of one or more attributes of the client device selected from a group consisting of a screen size, a screen resolution, a volume setting, a list of applications executing on the client device, and carrier information. 4. The method of claim 1 , wherein authenticating the first application includes transmitting a cryptographic nonce to the first application via the second application, and further comprising storing the cryptographic nonce as a most-recently transmitted nonce in association with the authentication request. 5. The method of claim 2 , wherein the verification request received from the selected second application includes a hashed value generated from a cryptographic nonce. 6. A non-transitory computer readable storage medium storing instructions for authenticating an application executing on a client device, the instructions when executed by a processor causes the processor to: receive an authentication request from a first application executing on a client device; identify, at a server remote to the client device, a plurality of trusted applications executing on the client device to which authentication of the first application is delegable, the plurality of trusted applications being previously authenticated using a device profile, the device profile comprising information associated with the client device; select a second application from the plurality of trusted application based on the device profile; and authenticate the first application with the device profile associated with the client device based on the first application continuing authentication via the selected second application. 7. The non-transitory computer readable storage medium of claim 6 , wherein authentication of the first application further causes the processor to: receive a verification request from the selected second application for authenticating the first application; and responsive to the receipt of the verification request, transmit an authentication token to the first application indicating that the first application is authenticated with the device profile associated with the client device. 8. The non-transitory computer readable storage medium of claim 6 , wherein the device profile information includes a combination of one or more attributes of the client device selected from a group consisting of a screen size, a screen resolution, a volume setting, a list of applications executing on the client device, and carrier information. 9. The non-transitory computer readable storage medium of claim 6 , wherein the authentication the first application further causes the processor to transmit a cryptographic nonce to the first application via the second application, and further causing the processor to store the cryptographic nonce as a most-recently transmitted nonce in association with the authentication request. 10. The non-transitory computer readable storage medium of claim 7 , wherein the verification request received from the selected second application includes a hashed value generated from a cryptographic nonce. 11. A method for authenticating an application executing on a client device, the method comprising: receiving an authentication request from a first application executing on a first client device; identifying, at a server remote from the client device, a second application executing on a second client device to which authentication of the first application on the first client device is delegable, the second application being previously authenticated with credentials associated with the second client device; transmitting an instruction to the first application to continue authentication via the second application; and authenticating the first application with the credentials associated with the second client device based on the first application on the first client device continuing authentication via the second application on the second client device; and responsive to the authentication, sharing information between the first application and the second application based on the credentials associated with the second client device. 12. The method of claim 11 , wherein authenticating the first application comprises: receiving, at the first client device, a verification request from the second application on the second client device for authenticating the first application; and in response to receiving the verification request, transmitting, to the second client device, an authentication token to the first application on the first client device indicating that the first application is authenticated with the credentials associated with the first client device. 13. The method of claim 11 , wherein the authentication request includes a unique parameter, the unique parameter a combination of one or more attributes of the client device selected from a group consisting of a screen size, a screen resolution, a volume setting, a list of applications executing on the client device, and carrier information. 14. The method of claim 11 , wherein the instruction transmitted to the first application on the first client device includes a cryptographic nonce, and further comprising storing the cryptographic nonce on the first client device as a most-recently transmitted nonce in association with the authentication request. 15. The method of claim 12 , wherein the verification request received at the first client device from the second application includes a hashed value generated from a cryptographic nonce. 16. A non-transitory computer readable storage medium storing instructions for authenticating an application executing on a client device, the instructions when executed by a processor causes the processor to: receive an authentication request from a first application executing on a first client device; identify, at a server remote from the client device, a second application executing on a second client device to which authentication of the first application on the first client device is delegable, the second application being previously authenticated with credentials associated with the second client device; transmit an instruction to the first application to continue authentication via the second application; and authenticate the first applicati
Assignees
Inventors
Classifications
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Entity profiles · CPC title
- G06F21/44Primary
Program or device authentication · CPC title
providing single-sign-on or federations · CPC title
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9888000B2 cover?
- Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The di…
- Who is the assignee on this patent?
- Twitter Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/44. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 06 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).