Systems and methods for facilitating authentication of network devices

US 20080216153A1
Filed: 03/02/2007
Published: 09/04/2008
Est. Priority Date: 03/02/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

utilizing an identifier already affiliated with a device as a username in an authentication process;

generating a password and an authentication key based on at least the username and providing the password and authentication key to the device; and

upon attempted access to a network service by the device, exchanging the username, password and authentication key to determine the authenticity of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatuses and methods for facilitating authentication and logons for network devices. An identifier that is already affiliated with a device is used as a username in an authentication process. A password and an authentication key are generated based on at least the username, and the password and authentication key are provided to the device. Upon attempted access to a network service by the device, the username, password and authentication key are exchanged in some manner to determine the authenticity of the device.

Citations

49 Claims

1. A method comprising:
- utilizing an identifier already affiliated with a device as a username in an authentication process;
  
  generating a password and an authentication key based on at least the username and providing the password and authentication key to the device; and
  
  upon attempted access to a network service by the device, exchanging the username, password and authentication key to determine the authenticity of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein exchanging the username, password and authentication key to determine the authenticity of the device comprises:
    - receiving, at the network service, the identifier already affiliated with the device upon attempted access to the network service by the device;
      
      sending the authentication key to the device that provided the identifier;
      
      receiving, at the network service from the device, the password that is associated with the sent authentication key; and
      
      authenticating the device if the received password corresponds to the password previously generated for that device at the network service.
  - 3. The method of claim 2, further comprising the network service storing the device'"'"'s username, generated password and generated authentication key as an associated group, and in response to receiving the identifier identifying the appropriate device in which to send the associated authentication key.
  - 4. The method of claim 2, further comprising prohibiting interaction between the device and the network service if the received password does not correspond to the password previously generated for that device at the network service.
  - 5. The method of claim 1, wherein utilizing an identifier already affiliated with the device as a username comprises using an International Mobile Equipment Identity (IMEI) as the username.
  - 6. The method of claim 1, wherein utilizing an identifier already affiliated with the device as a username comprises using a Media Access Control (MAC) address as the username.
  - 7. The method of claim 1, wherein utilizing an identifier already affiliated with the device as a username comprises using an International Mobile Subscriber Identity (IMSI) as the username.
  - 8. The method of claim 1, further comprising the network service receiving the identifier from the device upon an initial attempt by the device to access the network service and applying the identifier as the username, and wherein generating a password and an authentication key comprises the network service generating the password and the authentication key based on the username in response to receiving the identifier from the device.
  - 9. The method of claim 1, further comprising storing the device'"'"'s username, generated password and generated authentication key as an associated group such that identification of any one of the username, generated password and generated authentication key enables identification of the remaining two for that device.
  - 10. The method of claim 1, wherein generating a password and an authentication key based on the username comprises generating a unique password whose value is unique due at least in part on the uniqueness of the identifier already affiliated with a device, and generating a unique authentication key whose value is unique due at least in part on the uniqueness of the identifier already affiliated with a device.

11. An apparatus comprising:
- a receiver to receive an identifier otherwise used in a communication device;
  
  a processor configured to recognize the received identifier as a username in a username/password pair, and to generate a password and authentication key based on the recognized username;
  
  a transmitter to provide the password and authentication key to the communication device; and
  
  wherein the processor is further configured to determine the authenticity of the communication device based on an exchange of the identifier, generated password and generated authentication key with the communication device.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus as in claim 11, wherein the processor is configured to determine the authenticity of the communication device by, in response to receiving the identifier, directing the transmitter to send the generated authentication key to the communication device for use in identifying the password at the communication device, comparing the password received from the communication device to the previously generated password for that communication device, and authenticating communication with the communication device if the received password matches the previously generated password.
  - 13. The apparatus as in claim 11, further comprising storage to store the associated username, password and authentication key for each registered communication device.
  - 14. The apparatus as in claim 11, wherein the receiver is configured to receive a signal providing any of an International Mobile Equipment Identity (IMEI), a Media Access Control (MAC) address, or an International Mobile Subscriber Identity (IMSI) as the identifier.

15. A computer-readable medium having instructions stored thereon that are executable by a computing system for facilitating authentication of a device by performing steps comprising:
- establishing a username to correspond to an identifier already affiliated with a device;
  
  generating a password and an authentication key based on at least the username and providing the password and authentication key to the device; and
  
  upon attempted access to a network service by the device, exchanging the username, password and authentication key to determine the authenticity of the device.

16. A method comprising:
- receiving a notification of a user requesting access to a network service session;
  
  generating an identification key for the network service session, and providing the identification key to the network service session for presentation to the user requesting access to the network service;
  
  receiving a user-entered identification key via the network service session; and
  
  comparing the generated identification key to the user-entered identification key to effect a sign-on procedure.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The method of claim 16, further comprising signing the user onto the network service session if the generated identification key corresponds to the user-entered identification key.
  - 18. The method of claim 16, further comprising prohibiting the user from signing onto the network service session if the generated identification key does not correspond to the user-entered identification key.
  - 19. The method of claim 16, wherein generating an identification key comprises generating the identification key to have a value that statistically reduces a number of keystrokes required to enter the identification key via an electronic device.
  - 20. The method of claim 19, wherein generating the identification key comprises generating the identification key to have a value that statistically reduces a number of keystrokes required to enter the identification key via a non-QWERTY keyboard.
  - 21. The method of claim 16, wherein generating an identification key comprises generating the identification key to include characters each requiring one key entry to identify the respective character.
  - 22. The method of claim 16, further comprising providing information to the network service identifying the user and mobile device to enable the network service to present personalized information via the network service session, if the sign-on procedure is successful.
  - 23. The method of claim 22, wherein providing information to the network service to present personalized information comprises providing at least device model information for use by the network service in presenting a representation of the user'"'"'s device via the network service session.
  - 24. The method of claim 16, wherein receiving a notification of a user requesting access to a network service session comprises receiving the notification from the network service in response to the user accessing the network service session.
  - 25. The method of claim 16, further comprising storing the generated identification key and corresponding network service session combinations.

26. A method comprising:
- a network service recognizing an attempt by a user to access a network service session hosted by the network service;
  
  transmitting a request from the network service to a signing server for a unique identification key;
  
  the signing server generating the unique identification key for the network service session, and providing the unique identification key to the network service session;
  
  the network service presenting the unique identification key via at least one network-addressable document of the network service session;
  
  the network service receiving a user-entered identification key input via the network-addressable document and providing the user-entered identification key to the signing server; and
  
  the signing server comparing the unique identification key and the user-entered identification key, and allowing the user to sign on to the network service session with a device if the unique identification key and the user-entered identification key match.
- View Dependent Claims (27)
- - 27. The method of claim 26, further comprising the user entering, via the device, the unique identification key presented via the network-addressable document, and transmitting the user-entered identification key to the network service.

28. An apparatus comprising:
- a receiver to receive a notification of a user requesting access to a network service session;
  
  a processor configured to generate an identification key for the network service session;
  
  a transmitter to provide the identification key to the network service session for presentation to the user requesting access to the network service;
  
  wherein the receiver further receives a user-entered identification key via the network service session; and
  
  wherein the processor is further configured to compare the generated identification key to the user-entered identification key to effect a sign-on procedure.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The apparatus as in claim 28, further comprising a database of records, each record including at least the generated identification key and corresponding network service session combinations.
  - 30. The apparatus as in claim 28, wherein the processor is configured to generate the identification key for the network service session by generating the identification key to have a value that statistically reduces a number of keystrokes required to enter the identification key via an electronic device.
  - 31. The apparatus as in claim 28, wherein the processor is configured to generate the identification key for the network service session by generating the identification key to have a value that statistically reduces a number of keystrokes required to enter the identification key via a non-QWERTY keyboard.
  - 32. The apparatus as in claim 28, wherein the processor is configured to generate the identification key for the network service session by generating the identification key to include a plurality of characters each requiring a single key entry to identify the respective character of the identification key.

33. A computer-readable medium having instructions stored thereon that are executable by a computing system for signing a device to a network service by performing steps comprising:
- receiving a notification of a user requesting access to a network service session;
  
  generating an identification key for the network service session, and providing the identification key to the network service session for presentation to the user requesting access to the network service;
  
  receiving a user-entered identification key via the network service session; and
  
  comparing the generated identification key to the user-entered identification key to effect a sign-on procedure.

34. A method comprising:
- determining whether there is a local cookie available for a first network service session accessed by a device;
  
  if there is no local cookie available, determining whether the user has logged onto at least one second network service session; and
  
  if a cookie from the at least one second network service session is found, using the cookie from the second network service session as the cookie for the first network service session.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 35. The method of claim 34, further comprising completing a login process for the first network service session using the cookie for the first network service session.
  - 36. The method of claim 34, further comprising using the local cookie for a login process for the first network service session if a local cookie is available for the first network service session.
  - 37. The method of claim 34, further comprising initiating a standard authentication procedure for the first network service session, if a local cookie is not available for the first network service session and a cookie from the at least one second network service session is not found.
  - 38. The method of claim 34, wherein determining whether the user has logged onto at least one second network service session comprises searching the device memory for any cookie associated with the at least one second network service session.
  - 39. The method of claim 38, wherein searching the device memory comprises a signing server Application Programming Interface (API) searching a cache memory of the device for any cookie associated with the at least one second network service session.
  - 40. The method of claim 34, further comprising:
    - delivering the cookie from the at least one second network service session to a signing server if any cookie associated with the at least one second network service session is found;
      
      authenticating the delivered cookie at the signing server; and
      
      returning the authenticated cookie to the device as the cookie available for the first network service session.
  - 41. The method of claim 34, wherein determining whether the user has logged onto at least one second network service session comprises determining whether the user has previously logged onto any network service session that is related to the first network service session.
  - 42. The method of claim 41, wherein determining whether the user has previously logged onto any network service session that is related to the first network service session comprises determining whether the user has previously logged onto any network service session that is equipped with a signing server Application Programming Interface (API) for interfacing the device and a signing server.
  - 43. The method of claim 34, further comprising authenticating the cookie of the second network service session, and if authenticated, using the cookie from the second network service session as the cookie for the first network service session.

44. An apparatus comprising:
- storage to store one or more cookies available to the apparatus; and
  
  a processor configured to determine whether the storage has a cookie stored therein for a first network service session, and if not, to use the cookie from a second network service session as the cookie for the first network service session.
- View Dependent Claims (45, 46, 47)
- - 45. The apparatus as in claim 44, wherein the processor is configured to determine whether there is a cookie available for a second network session, and if so, to use the cookie from the respective second network service session as the cookie for the first network service session.
  - 46. The apparatus as in claim 45, wherein the processor is configured to initiate a standard authentication procedure if there is not a cookie available for any second network session.
  - 47. The apparatus as in claim 44, further comprising:
    - a transmitter to transmit the cookie from the second network service session to a signing server;
      
      a receiver to receive an authenticated cookie if the cookie from the second network service session is validated by the signing server; and
      
      wherein the processor is configured to use the authenticated cookie as the cookie for the first network session.

48. An apparatus comprising:
- a processor configured to generate a request to access a network service session;
  
  a transmitter configured to transmit the request;
  
  a user interface configured to facilitate user entry of an identification key generated and presented external to the apparatus in response to the request to access the network service session; and
  
  wherein the transmitter is further configured to transmit the identification key to solicit authentication for accessing the network service session.
- View Dependent Claims (49)
- - 49. The apparatus as in claim 48, further comprising a browser operable via the processor and configured to access the network service session if the authentication is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Antola, Janne, Kavanti, Mika, Aaltonen, Janne L.

Application Number

US11/713,150
Publication Number

US 20080216153A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6272   by registering files or doc...

G06F 2221/2129   Authenticate client device ...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

Systems and methods for facilitating authentication of network devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for facilitating authentication of network devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links