Abstract: A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

Abstract: In various example embodiments, a system and method for transferring an authenticated session of an application running on one electronic device to a second electronic device after determining the second electronic device is a trusted device are presented. In one embodiment, an instruction is received to transfer an authenticated session of an application running on a first device associated with a user account to a second device associated with the user account. The second device is verified to be associated with the user account of the first device. The second device is determined to be a trusted device of an authorized user of the user account. The authenticated session of the application running on the first device is transferred to the second device to reproduce a current state of the authenticated session on the second device.

Abstract: A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

Abstract: In various example embodiments, a system and method for transferring an authenticated session of an application running on one electronic device to a second electronic device after determining the second electronic device is a trusted device are presented. In one embodiment, an instruction is received to transfer an authenticated session of an application running on a first device associated with a user account to a second device associated with the user account. The second device is verified to be associated with the user account of the first device. The second device is determined to be a trusted device of an authorized user of the user account. The authenticated session of the application running on the first device is transferred to the second device to reproduce a current state of the authenticated session on the second device.