US Patent 9853965 Authentication service for third party applications

An authentication device receives, from an application executing at a mobile device, a request for an authentication token, the request including an application identifier and an encrypted session identifier (SID). The application identifier identifies the application and the SID uniquely identifies a session between the application and a destination network device. The authentication device decrypts, using a first private key of a first public/private key pair, the encrypted SID to produce a decrypted SID; and determines a first hash value of certain data that includes the application identifier and session information associated with the session. The authentication device further encrypts, using a second public key of a second public/private key pair, the determined first hash value and the decrypted SID to produce an authentication token comprising the encrypted first hash value and the SID; and sends the authentication token to the application at the mobile device.