MOBILE DEVICE ASSISTED SECURE COMPUTER NETWORK COMMUNICATION
First Claim
1. In a system comprising a server which is in communication with a client computer over a computer network, and a user'"'"'s mobile device which is in communication with the client computer, a process for conducting communications over the computer network, the process comprising using said client computer to perform the following process actions:
- facilitating an authentication by the server of the user who is attempting to access a network site associated with the server, wherein said facilitation comprises,receiving a representation of a secret value from the mobile device, wherein the mobile device generates the secret value representation whenever needed, and wherein the server knows the secret value,combining the secret value representation and a password which is entered into the client computer by the user and known to the server, to produce a combined representation,transmitting the combined representation to the server for use in determining if the password and secret value known to the server were used to generate the combined representation, andreceiving a notice from the server as to whether access to said network site has been granted or not, wherein access is granted only if the password and secret value known to the server were used to generate the combined representation; and
informing the user as to whether access to said network site has been granted or not.
2 Assignments
0 Petitions
Accused Products
Abstract
Mobile device assisted secure computer network communications embodiments are presented that employ a mobile device (e.g., a mobile phone, personal digital assistant (PDA), and the like) to assist in user authentication. In general, this is accomplished by having a user enter a password into a client computer which is in contact with a server associated with a secure Web site. This password is integrated with a secret value, which is generated in real time by the mobile device. The secret value is bound to both the mobile device'"'"'s hardware and the secure Web site being accessed, such that it is unique to both. In this way, a different secret value is generated for each secure Web site accessed, and another user cannot impersonate the user and log into a secure Web site unless he or she knows the password and possesses the user'"'"'s mobile device simultaneously.
377 Citations
20 Claims
-
1. In a system comprising a server which is in communication with a client computer over a computer network, and a user'"'"'s mobile device which is in communication with the client computer, a process for conducting communications over the computer network, the process comprising using said client computer to perform the following process actions:
-
facilitating an authentication by the server of the user who is attempting to access a network site associated with the server, wherein said facilitation comprises, receiving a representation of a secret value from the mobile device, wherein the mobile device generates the secret value representation whenever needed, and wherein the server knows the secret value, combining the secret value representation and a password which is entered into the client computer by the user and known to the server, to produce a combined representation, transmitting the combined representation to the server for use in determining if the password and secret value known to the server were used to generate the combined representation, and receiving a notice from the server as to whether access to said network site has been granted or not, wherein access is granted only if the password and secret value known to the server were used to generate the combined representation; and informing the user as to whether access to said network site has been granted or not. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a system comprising a server which is in communication with a client computer over a computer network, and a mobile device which is in the possession of a user of the client computer and which is in communication with the client computer, a process for conducting communications over the computer network, the process comprising using said mobile device to perform the following process actions:
facilitating an authentication by the server of the user who is attempting to access a network site associated with the server, wherein said facilitation comprises, generating a representation of a secret value, wherein the mobile device generates the secret value representation whenever needed, and wherein the server knows the secret value, and forwarding the secret value representation to the client computer for use in combining the secret value representation and a password which is entered into the client computer by the user and known to the server, to produce a combined representation, which is then transmitted to the server for use in determining if the password and secret value known to the server were used to generate the combined representation. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
14. In a system comprising a server which is in communication with a client computer over a computer network, and a mobile device which is in the possession of a user of the client computer and which is in communication with the client computer, a process for conducting communications over the computer network, the process comprising using said server to perform the following process actions:
authenticating the user who is attempting to access a network site associated with the server, wherein said authenticating comprises, generating a challenge number, providing a server identification and the server-generated challenge number to the mobile device via the client computer; receiving a user identification, a mobile device-generated challenge number and a combined representation from the client computer, wherein the combined representation is a combination comprising the user identification, the server identification, a mobile device-generated secret value representation, and a password which was entered into the client computer by the user, and wherein a secret value used to create components of the combined representation, as well as the password, are known to the server, computing a session key comprising a combination of the user identification, the server identification, a plurality of unique numbers which are generated by the server and mobile device, computing a server version of the secret value representation as a combination comprising the session key, the user identification and the server identification, computing a server version of the combined representation using the user identification, the server identification, the server version of the secret value representation, and the password known to the server, comparing the server version of the combined representation to the combined representation received from the client computer, determining if the password and secret value known to the server were used to generate the combined representation received from the client computer, and transmitting a notice to the client computer as to whether access to said network site has been granted or not, wherein access is granted only if the password and secret value known to the server were used to generate the combined representation received from the client computer. - View Dependent Claims (15, 16, 17, 18, 19, 20)
Specification