System and method for secure authenticated user session handoff

Abstract

A system and method for enabling user session persistence between a native application and a mobile internet browser on a mobile device. The method includes authenticating a use of the native application and issuing an authentication token to the native application. The method also includes receiving from the native application the authentication token in connection with a destination address and obtaining first identifying data regarding the mobile device. The method further includes generating a key; associating the key, the authentication token, the destination address, and the first identifying data regarding the mobile device together in a database; encrypting the key to generate an encrypted key; and transmitting the encrypted key to the native application. The native application passes the encrypted key and the client key to the internet browser. The method includes receiving from the mobile internet browser the encrypted key; obtaining second identifying data in connection with the encrypted key received; decrypting the encrypted key to generate a decrypted key; locating the authentication token, the destination address, and the first identifying data within the database using the decrypted key; and confirming that the mobile internet browser is executing on the mobile device based at least in part on a comparison of the first identifying data and the second identifying data. If the mobile internet browser is confirmed, it is granted access to the destination address, which may include a feature implemented on a web application.