AUTHENTICATION SERVER AND METHOD FOR GRANTING TOKENS

US 20110271099A1
Filed: 04/29/2010
Published: 11/03/2011
Est. Priority Date: 04/29/2010
Status: Active Grant

First Claim

Patent Images

1. An authentication server comprising:

a receiver for receiving communications from a relay;

a transmitter for transmitting communications to the relay;

a memory having stored thereon a secret shared with a service server from which a service is provided; and

a processor configured, in response to a request originating from a mobile electronic device received from the relay at the receiver, to generate a token based on a reliance on the relay to ensure that the mobile electronic device has authorization to access the service and the processor configured to cause the transmitter to transmit the token to the mobile electronic device through the relay, the token generated using the shared secret and the token including an indication that the mobile electronic device is authorized to access the service.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server and method are provided for generating tokens for use by a mobile electronic device for accessing a service. Communications between the device and the authentication server are through a relay. A memory stores a secret shared with a service server from which the service is provided. A processor is configured to generate the token using the shared secret and based on a reliance on the relay to ensure that the device has authorization to access the service. One or more computer readable medium having computer readable instructions stored thereon that cause the device to obtain proof of authorization to access the service is also provided. The instructions implement a method comprising: outputting via a wireless connection to a relay a request addressed to an authentication server for a token and receiving the token from the authentication server via the relay.

Citations

19 Claims

1. An authentication server comprising:
- a receiver for receiving communications from a relay;
  
  a transmitter for transmitting communications to the relay;
  
  a memory having stored thereon a secret shared with a service server from which a service is provided; and
  
  a processor configured, in response to a request originating from a mobile electronic device received from the relay at the receiver, to generate a token based on a reliance on the relay to ensure that the mobile electronic device has authorization to access the service and the processor configured to cause the transmitter to transmit the token to the mobile electronic device through the relay, the token generated using the shared secret and the token including an indication that the mobile electronic device is authorized to access the service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The authentication server of claim 1, wherein the processor is configured to generate the token based on a reliance on the relay to authenticate the mobile electronic device.
  - 3. The authentication server of claim 1, wherein the authentication server is connected to the relay by a direct connection and the request is received over the direct connection and the token is transmitted over the direct connection.
  - 4. The authentication server of claim 1, wherein the processor is further configured to verify that a device identifier carried in the request matches a source address of a message containing the request.
  - 5. The authentication server of claim 1, wherein the processor is configured to generate the token authorizing the mobile electronic device to access a browsing proxy.
  - 6. The authentication server of claim 1, wherein the processor is further configured to negotiate a session key with the mobile electronic device through the relay, the session key being for encrypting and decrypting communications between the mobile electronic device and the authentication server.

7. A method of issuing a token for use by a mobile electronic device for authorization to access a service provided from a service server, the method comprising:
- receiving at an authentication server a request for the token from the mobile electronic device through a relay;
  
  generating the token based on a reliance on the relay to ensure that the mobile electronic device is authorized to access the service; and
  
  transmitting the token to the mobile electronic device through the relay.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein generating the token is further based on a reliance on the relay to authenticate the mobile electronic device.
  - 9. The method of claim 7, wherein generating the token comprises using a secret shared between the authentication server and the service server.
  - 10. The method of claim 7, further comprising:
    - receiving a request from the mobile electronic device through the relay to negotiate a session key to be used for communications between the mobile electronic device and the authentication server in providing the token;
      
      negotiating the session key with the mobile electronic device through the relay; and
      
      using the session key for transmitting the token.
  - 11. The method of claim 7, further comprising verifying that a device identifier carried in the request matches a source address of a message containing the request.
  - 12. The method of claim 7, further comprising obtaining a device identifier for the mobile electronic device from the request and including the device identifier in the token.
  - 13. The method of claim 7, wherein generating the token comprises generating a token for accessing a browsing proxy.

14. One or more computer readable medium having computer readable instructions stored thereon that when executed by a processor on a mobile electronic device cause the mobile electronic device to obtain proof of authorization to access a service provided from a service server by a method comprising:
- outputting to a relay a request addressed to an authentication server for a token, the token including an indication that the mobile electronic device is authorized to access the service; and
  
  receiving the token from the authentication server via the relay.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The one or more computer readable medium of claim 14, wherein the method further comprises encrypting the request using an encryption key shared with the authentication server.
  - 16. The one or more computer readable medium of claim 14, wherein the method further comprises:
    - outputting to the relay a request addressed to the authentication server to negotiate a session key from the authentication server;
      
      receiving a public key from the authentication server through the relay;
      
      generating the session key;
      
      transmitting the session key to the authentication server through the relay using the public key; and
      
      using the session key to encrypt and decrypt communications with the authentication server through the relay for obtaining the token.
  - 17. The one or more computer readable medium of claim 14, wherein the method further comprises accessing the service through a direct connection using the token as proof of authorization for the mobile electronic device to access the service.
  - 18. The one or more computer readable medium of claim 14, wherein the method further comprises requesting a new token from the authentication server through the relay prior to an expiry of the token received.
  - 19. The one or more computer readable medium of claim 14, wherein the token is for accessing a browsing proxy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Manolesco, Andreea, Preiss, Bruno Richard

Granted Patent

US 8,898,453 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/061 for key exchange, e.g. in p...

H04L 63/0807 using tickets, e.g. Kerbero...

AUTHENTICATION SERVER AND METHOD FOR GRANTING TOKENS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SERVER AND METHOD FOR GRANTING TOKENS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links