Recent developments in software and technology solutions have allowed web uses to access websites and web-based services faster and easier than ever before. At the same time, these solutions provide network system engineers with enhanced secured protocols that protect their clients vital information.
Access-control protocols, such as Single Sign-on (SSO) access control, offer users a secure and simple method of accessing any number of services using a single identifier. For example, many companies allow employees to sign-on to the company's intranet and network using a single access identifier. Once the users identity has been authenticated, such as by entering a single unique username and password, the employee can access any number of services provided by the company server. The user, for example, can review his or her employment information, read and send emails, and request tax-related documentation, all without having to sign in again or provide additional credentials. The user's credentials are automatically retrieved and validated by the service provider, thereby eliminating the need for the user to sign in with each request.
Employees are often provided access to not only internal web services, but also services provided by third-party systems that are external to his or her corporate computer system. For example, employees may be provided with access to third-party libraries, such as those containing literature and publications, and to third-party tools, such as programs that allow employees to recognize other employees for important achievements, as well as various other useful services. In these cases, the third-party service provider computer system may provide web services to any number of company computer systems (e.g., the enterprise systems for a plurality of different companies), each of which may be referred to as a client system.
Thus, an SSO framework can provide many benefits that are desirable from the perspective of users and network engineers alike, including providing a consistent identity across all services and platforms, reducing username/password confusion, reducing user time spent on returning passwords, and reducing the number of authentication requests.
However, currently available SSO solutions have been developed to provide web-based services for desktop and terminal-based users first and foremost, with much less attention being paid to the servicing of service requests from smartphones, tablets and other mobile devices. While many developers have modified existing SSO systems to give mobile devices access to web services, these attempts at integration have been largely inadequate. The flaws of current implementations are especially evident when the client system supports third-party web services.
With current solutions, mobile device users of many corporate computer systems must manually access the third-party service provider's system to gain access to its web services. For example, a user wishing to view a series of educational programs provided by a service provider using a mobile device will have to first sign into his or her company's computer system using previously provided SSO credentials and request the generation of a username and password specifically for use with the third-party service provider system. At the Service provider system, an account is created and the account information, including the newly generated username and password, is stored. The user must then manually log into the website of the service provider system to access the services. The user must do this each time he or she wishes to access the third-party web-service. With this implementation, many of the advantages gained in implementing an SSO framework are largely negated.
Furthermore, there are security concerns with current implementations for handling mobile third-party service requests. User SSO accounts are distinct and separate from the accounts stored at each service provider system. The service provider system, therefore, must synchronize account information with each customer system (e.g., each corporate computer system), often on a weekly or monthly basis. Accordingly, between synchronizations, there may be extensive data disparity between the two account databases. For example, many users' rights to the system and its services could have been modified or revoked outright. As a result, while they have no rights to access their own company's system, these revoked users may continue to have access to the services provided by these third-party service provider systems. An unauthorized user may intentionally damage network infrastructure, steal corporate and other sensitive information, and perform various malicious acts on the system.
Therefore, an improved solution for providing mobile SSO authorization and authentication access to third-party web services is needed. The solution should support any number of frameworks for authentication, including supporting any number of encryption mechanisms during authentication. In addition, the solution should require minimal client customization. That is, the solution should provide clients with an integrated solution while minimizing client-required installations or modifications to their existing SSO-based computer systems.
Furthermore, the solution should operate to provide users with SSO authenticated and authorized access to services using a native application running on the a user's mobile device as well as a web application running in the mobile device's web browser, thereby providing additional flexibility and function for users of the system. This would also expand the mobile devices that would be supported. Further still, the solution should be a lightweight solution to minimize the amount of data transferred to and from the mobile devices, which may be operating with limited bandwidth.
Finally, the solution should overcome the deficiencies of currently available solutions and meet the needs of both clients and service providers.