Device Token Protocol for Persistent Authentication Shared across Applications

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7592)


This paper describes a protocol for enabling shared persistent authentication for desktop applications that comprise a common suite by extending the OAuth2.0 protocol. OAuth2.0 is the de facto standard for developing and deploying federated Identity. Our extension enables the users to authenticate and authorize on devices that host a suite of applications that are connected to backend services and systems at Adobe. It is the backbone of our subscription and licensing infrastructure for the Adobe Creative Suite® 6 and Adobe Creative CloudTM. The extended protocol works without storing users credentials on a per application basis but rather uses device identities that are managed on a centralized server to enable increased security and management capabilities for a set of applications on the device. We describe the protocol is in detail, its inherent characteristics, how it extends OAuth2.0, and how it is used in practice.


Authentication Identity Management OAuth2.0 Authorization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    OAuth Working Group, Hammer, E. (ed): IETF, The OAuth2.0 Authorization Protocol draft 28 (2012),
  2. 2.
    OpenId Foundation, Open ID Connect Protocol Suite (2012),
  3. 3.
    IPSec Working Group, Frankel, S., Kelly, S.: The HMAC-SHA-256-128 Algorithm and Its Use With IPsec (2002),
  4. 4.
  5. 5.
  6. 6.
    Adobe Creative CloudTM (2012),
  7. 7.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Adobe Systems IncorporatedSan JoseUSA

Personalised recommendations