Single Sign-On (SSO) is a session/user authentication process that permits a user to enter one username and password in order to access multiple applications. The process authenticates the user for all applications the user has been given rights to and eliminates further prompts when the user switches applications during an authenticated session. SSO can reduce user fatigue resulting from providing different username and password combinations and also reduce time spent re-entering passwords for the same user identity. With SSO, an authentication service saves an authentication token to be shared among applications installed on a mobile device. The authentication token allows the applications to authenticate the user without requiring the user to re-enter a username and password combination for each application.
Several solutions rely on the operating system or user authorization to share the SSO authentication token between applications. However, these solutions do not protect against theft of a token in transport between servers or applications. As the foregoing illustrates, a new approach for SSO may be desirable.