USER AUTHENTICATON

US 20110302627A1
Filed: 02/18/2009
Published: 12/08/2011
Est. Priority Date: 02/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating access to a service, comprising:

a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a client, at least part of the identifier of a service;

b) comparing, at the mobile terminal, at least part of said identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and

c) authenticating access to the service on the basis of whether the at least part of the identifier received at the mobile terminal matches an identifier in the set.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database. This improves security, since a password database would be vulnerable to malicious code.

64 Citations

View as Search Results

27 Claims

1. A method of authenticating access to a service, comprising:
- a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a client, at least part of the identifier of a service;
  
  b) comparing, at the mobile terminal, at least part of said identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and
  
  c) authenticating access to the service on the basis of whether the at least part of the identifier received at the mobile terminal matches an identifier in the set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the step of authenticating access to the service comprises generating a key for authenticating access to the service if the at least part of the identifier received at the mobile terminal matches an identifier in the set.
  - 3. The method of claim 2, further comprisingproviding the client and a server hosting the service with the key or with information from which the key may be obtained.
  - 4. The method of claim 3, further comprising establishing secure communication between the client and the server hosting the service using the key.
  - 5. The method of claim 4, further comprising establishing secure communication between the client and the server hosting the service using a pre-shared key protocol.
  - 6. The method of claim 1, further comprising generating, at the mobile terminal, a visual, audible or tactile indication if the at least part of the identifier received at the mobile terminal matches an identifier in the set.
  - 7. The method of claim 2, further comprising obtaining the user'"'"'s consent before generating the key for accessing the service.
  - 8. The method of claim 2, wherein the mobile terminal generates a one-time key.
  - 9. The method of claim 5, further comprisingobtaining a first key shared with a network entity;
    - and generating, at the mobile terminal, a second key from the first key.
  - 10. The method of claim 9, further comprising transmitting the second key to the client.
  - 11. The method of claim 9, wherein generating the second key further comprises generating, at the mobile terminal, a key reference associated with the second key.
  - 12. The method of claim 11, further comprising transmitting the key reference to the server hosting the service.
  - 13. The method of claim 12, further comprising the server hosting the service transmitting the key reference to the network entity and receiving in response the second key from the network entity.
  - 14. The method of claim 1, further comprising establishing the bi-directional near-field communication channel between the client and the mobile terminal in response to receipt of the service identifier from the server.
  - 15. The method of claim 1, further comprising, if the at least part of the identifier received at the mobile terminal matches an identifier in the set, informing the user of the identity of the service.
  - 16. The method of claim 1, wherein authenticating access to the service comprises, if the at least part of the identifier received at the mobile terminal does not match an identifier in the set, generating an alert.
  - 17. The method of claim 1, wherein a server hosting the service identifies to the client at least one of (1) an authentication method to be used and (2) authentication methods available for use.
  - 18. The method of claim 1, further comprising informing the mobile terminal of at least one of (1) an authentication method to be used and (2) authentication methods available for use.

19. A mobile terminal, comprising:
- a receiver for receiving, over a bi-directional near-field communication channel between the mobile terminal and a web client, at least part of the identifier of a service; and
  
  a comparator for comparing the at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device, whereinthe mobile terminal is adapted to authenticate access to the service on the basis of whether the at least part of the identifier received at the mobile terminal matches an identifier in the set.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The mobile terminal of claim 19, wherein the mobile terminal is adapted to authenticate the access to the service by generating a key for authenticating access to the service if the at least part of the identifier received at the mobile terminal matches an identifier in the set.
  - 21. The mobile terminal of claim 20, wherein the mobile terminal is adapted to provide the client and a server hosting the service with the key or with information from which they may obtain the key.
  - 22. The mobile terminal of claim 19, wherein the mobile terminal is adapted to generate a visual, audible or tactile indication if the at least part of the identifier received matches an identifier in the set.
  - 23. The mobile terminal of claim 20, wherein the mobile terminal is adapted to obtain the user'"'"'s consent before generating the key for accessing the service.
  - 24. The mobile terminal of claim 20, wherein the mobile terminal is adapted to generate a one-time key.
  - 25. The mobile terminal of claim 19, wherein the mobile terminal is adapted to establish the bi-directional near-field communication channel with the client in response to receipt of the service identifier from the server.
  - 26. The mobile terminal of claim 19, wherein the mobile terminal is adapted to, if the at least part of the identifier received matches an identifier in the set, inform the user of the identity of the service.
  - 27. The mobile terminal of claim 19, wherein the authenticating access to the service comprises, if the at least part of the identifier received does not match an identifier in the set, generating an alert.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Blom, Rolf, Barriga, Luis, Norrman, Karl

Granted Patent

US 8,875,232 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/18   using different networks or...

H04L 67/04   specially adapted for termi...

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

USER AUTHENTICATON

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATON

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links