METHOD AND APPARATUS FOR ACCELERATED AUTHENTICATION

US 20120079570A1
Filed: 09/27/2010
Published: 03/29/2012
Est. Priority Date: 09/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user, wherein user credentials are used to authenticate a user;

determining whether the first portion of user credentials is valid; and

if the first portion of user credentials is valid, then determining to send second data that indicates a valid value for the second portion of user credentials for the first user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.

Citations

21 Claims

1. A method comprising:
- receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user, wherein user credentials are used to authenticate a user;
  
  determining whether the first portion of user credentials is valid; and
  
  if the first portion of user credentials is valid, then determining to send second data that indicates a valid value for the second portion of user credentials for the first user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method of claim 1, wherein the second data is sent to a remote process that is trusted to ensure that data received from the first user substantively agrees with the valid value for the second portion of user credentials for the first user.
  - 3. A method of claim 1, wherein the second data further indicates a token that is used by the first user to obtain service from a set of one or more network services for a predetermined time interval.
  - 4. A method of claim 1, wherein the second data indicates an encrypted version of the valid value for the second portion of user credentials for the first user.
  - 5. A method of claim 4, wherein the encrypted version of the valid value for the second portion of user credentials for the first user is used by a remote process to verify data received from the first user.

6. A method comprising:
- receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user, wherein user credentials are used to authenticate a user; and
  
  before receiving second data that indicates the second portion of user credentials for the first user, determining to send a first message that indicates the first portion of user credentials to a remote process that initiates authentication of the first user based on the first portion of user credentials.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. A method of claim 6, further comprising:
    - receiving the second data that indicates the second portion of user credentials for the first user; and
      
      in response to receiving the second data, determining whether the second data is valid.
  - 8. A method of claim 7, wherein determining whether the second data is valid further comprises:
    - determining to send a second message that indicates the second portion of the user credentials to the remote process; and
      
      determining whether the remote process returns third data that indicates successful authentication in response to the second message.
  - 9. A method of claim 7, wherein determining whether the second data is valid further comprises:
    - receiving third data from the remote process that indicates a valid value for the second portion of the user credentials; and
      
      determining whether the second data is consistent with the third data.
  - 10. A method of claim 6, wherein the first message further indicates a request for a service from the remote process.
  - 11. A method of claim 6, wherein the remote process is an authentication service and the first data and the second data are received from a different remote process executing on a device operated by the first user.
  - 12. A method of claim 11, further comprising, before receiving second data that indicates the second portion of user credentials for the first user, determining to retrieve local user profile data for the first user based, at least in part, on a user identifier in the first portion of user credentials for the first user.
  - 13. A method of claim 11, further comprising receiving, from the remote process, a second message that includes data that indicates a valid value for the second portion of the user credentials for the first user if the remote process determines that the first portion of user credentials for the first user is valid.
  - 14. A method of claim 13, further comprising, in response to receiving the second message, determining to send, to the different remote process, a third message that indicates the valid value for the second portion of the user credentials for the first user.
  - 15. A method of claim 13, further comprising:
    - receiving the second data that indicates the second portion of user credentials for the first user; and
      
      determining whether the second data is valid based at least in part on the data that indicates the valid value for the second portion of the user credentials for the first user.

16. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code for one or more programs,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  receive first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user, wherein user credentials are used to authenticate a user;
  
  determine whether the first portion of user credentials is valid; and
  
  if the first portion of user credentials is valid, then determine to send second data that indicates a valid value for the second portion of user credentials for the first user.
- View Dependent Claims (17)
- - 17. An apparatus of claim 16, wherein the second data is sent to a remote process that is trusted to ensure that data received from the first user substantively agrees with the valid value for the second portion of user credentials for the first user.

18. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code for one or more programs,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  receive first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user, wherein user credentials are used to authenticate a user; and
  
  before receiving second data that indicates the second portion of user credentials for the first user, determining to send a first message that indicates the first portion of user credentials to a remote process that initiates authentication of the first user based on the first portion of user credentials.
- View Dependent Claims (19, 20)
- - 19. An apparatus of claim 18, wherein the apparatus is further caused to:
    - receive the second data that indicates the second portion of user credentials for the first user; and
      
      in response to receiving the second data, determine whether the second data is valid.
  - 20. An apparatus of claim 18, wherein the apparatus is a mobile phone further comprising:
    - user interface circuitry and user interface software configured to facilitate user control of at least some functions of the mobile phone through use of a display and configured to respond to user input; and
      
      a display and display circuitry configured to display at least a portion of a user interface of the mobile phone, the display and display circuitry configured to facilitate user control of at least some functions of the mobile phone.

21-46. -46. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Fu, Yan, Asokan, Nadarajah, Aarni, Ville

Granted Patent

US 9,667,423 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

METHOD AND APPARATUS FOR ACCELERATED AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR ACCELERATED AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links