Image Number 5 for United States Patent #8132242.
In general, the invention is directed to techniques of automated authentication of network-enabled software applications launched by a web browser. For example, an intermediate device, such as a Virtual Private Network (VPN) gateway, intercepts communications between a client device and a server. The gateway device automatically issues a temporary token to the client device when the web browser requests a resource that will result in the launch of an additional software application external to the web browser. This temporary token is only valid for a limited time and a limited number of uses. Subsequently, the gateway device uses the temporary token to authenticate the second software application, thereby avoiding passing user credentials from the web browser to the second application on the client device via an insecure persistent cookie.