TRIPLE AUTHENTICATION: MOBILE HARDWARE, MOBILE USER, AND USER ACCOUNT

US 20130104208A1
Filed: 10/21/2011
Published: 04/25/2013
Est. Priority Date: 10/21/2011
Status: Active Grant

First Claim

Patent Images

1. A network authentication system for authenticating a network data communication device being used by a user having a network account, the system comprising:

a network communication interface configured to electronically receive from the network data communication device;

user information identifying the user;

security information that the user has entered into the network data communication device; and

device information identifying the network data communication device; and

a data processing system configured to electronically authenticate the network data communication device if and only if;

the user information and the security information match user information and related security information in a user-security information database;

the device information matches device information in a device information database; and

the network account of the user is indicated as being active in a network account database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Enhanced network security is provided by requiring three types of information to be authenticated: user information identifying a user, security information that the user has entered into a network data communication device, and device information identifying the network data communication device. Systems and databases are described for processing and authenticating this information.

22 Citations

View as Search Results

20 Claims

1. A network authentication system for authenticating a network data communication device being used by a user having a network account, the system comprising:
- a network communication interface configured to electronically receive from the network data communication device;
  
  user information identifying the user;
  
  security information that the user has entered into the network data communication device; and
  
  device information identifying the network data communication device; and
  
  a data processing system configured to electronically authenticate the network data communication device if and only if;
  
  the user information and the security information match user information and related security information in a user-security information database;
  
  the device information matches device information in a device information database; and
  
  the network account of the user is indicated as being active in a network account database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The network authentication system of claim 1 wherein the security information includes at least two separate fields of information and one of the fields of information is a password and another of the fields of information is an employee ID.
  - 3. The network authentication system of claim 2 wherein:
    - the user-security information database includes;
      
      a user-password database containing a password for each of several users; and
      
      a user-employee ID database containing an employee ID for each of several users; and
      
      the data processing system and the network communication interface are configured to communicate with;
      
      a user-password database system that has access to the user-password database and that is separate from the network authentication system to determine whether the user information and the password match user information and a related password in the user-password information database; and
      
      a user-employee ID database system that has access to the user-employee database and that is separate from the network authentication system and the user-password database system to determine whether the user information and the employee ID match user information and a related employee ID in the user-employee ID information database.
  - 4. The network authentication system of claim 1 wherein the security information includes at least three separate fields of information and one of the fields of information is a password, another of the fields of information is an employee ID, and another of the fields of information is a PIN.
  - 5. The network authentication system of claim 4 wherein:
    - the user-security information database includes;
      
      a user-password database containing a password for each of several users; and
      
      a user-employee ID database containing an employee ID for each of several users;
      
      a user-PIN database containing a PIN for each of several users; and
      
      the data processing system and the network communication interface are configured to communicate with;
      
      a user-password database system that has access to the user-password database and that is separate from the network authentication system to determine whether the user information and the password match user information and a related password in the user-password information database;
      
      a user-employee ID database system that has access to the user-employee database and that is separate from the network authentication system and the user-password database system to determine whether the user information and the employee ID match user information and a related employee ID in the user-employee ID information database; and
      
      a user-PIN database system that has access to the user-PIN database and that is separate from the network authentication system, the user-employee ID database system, and the user-password database system, to determine whether the user information and the PIN match user information and a related PIN in the user-employee ID information database.
  - 6. The network authentication system of claim 1 wherein the network data communication device is a wireless mobile communication device.
  - 7. The network authentication system of claim 6 wherein:
    - the wireless mobile communication device has a mobile device number (MDN) and an IP address;
      
      the device information includes the MDN and the IP address; and
      
      the processing system is configured to determine whether the MDN and the IP address match an MDN and a related IP address in the device information database.
  - 8. The network authentication system of claim 1 wherein:
    - the network communication interface is configured to electronically send a session token to the network data communication device; and
      
      the processing system is configured to cause the network communication interface to electronically send the session token to the network data communication device if and only if the data processing system electronically authenticates the network data communication device.
  - 9. The network authentication system of claim 8 wherein the network communication interface and the processing systems are configured to electronically request and receive the session token from a token database system that is separate from the network authentication system.
  - 10. The network authentication system of claim 8 wherein the same session token is configured to provide security access to multiple applications.
  - 11. The network authentication system of claim 1 wherein the network authentication system is part of a gateway between the network data communication device and the user-security information database, the device information database, and the network account database.
  - 12. The network authentication system of claim 1:
    - further comprising a network communication interface configured to;
      
      electronically receive requests for application services from the network data communication device andelectronically send requests for the services to the applications on behalf of the network data communication device,wherein the data processing system is further configured toelectronically authenticate each received request; and
      
      cause the network communication interface to send each request for the service indicated by the received request on behalf of the network data communication device to the application if and only if the authentication is successful.
  - 13. The network authentication system of claim 12 wherein the data processing system is configured to determine whether there are any additional application-specific security requirements in connection with the application to which each received request is directed and, if so, to verify that such application-specific security requirements are met in addition to authenticating each received request.

14. Non-transitory, tangible, computer-readable storage media containing a program of instructions configured to cause a network authentication system running the program of instructions to authenticate a wireless mobile communication device being used by a user having a network account by:
- electronically receiving from the wireless mobile communication device;
  
  user information identifying the user;
  
  security information that the user has entered into the wireless mobile communication device; and
  
  device information identifying the wireless mobile communication device; and
  
  electronically authenticating the wireless mobile communication device if and only if;
  
  the user information and the security information match user information and related security information in a user-security information database;
  
  the device information matches device information in a device information database; and
  
  the network account of the user is indicated as being active in a network account database.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The storage media of claim 14 wherein the security information includes at least three separate fields of information, wherein one of the fields of information is a password, another of the fields of information is an employee ID, and another of the fields of information is a PIN.
  - 16. The storage media of claim 15 wherein:
    - the user-security information database includes;
      
      a user-password database containing a password for each of several users; and
      
      a user-employee ID database containing an employee ID for each of several users;
      
      a user-PIN database containing a PIN for each of several users; and
      
      the program of instructions is configured to cause the network authentication system running the program of instructions to communicate with;
      
      a user-password database system that has access to the user-password database and that is separate from the network authentication system to determine whether the user information and the password match user information and a related password in the user-password information database;
      
      a user-employee ID database system that has access to the user-employee database and that is separate from the network authentication system and the user-password database system to determine whether the user information and the employee ID match user information and a related employee ID in the user-employee ID information database; and
      
      a user-PIN database system that has access to the user-PIN database and that is separate from the network authentication system, the user-employee ID database system, and the user-password database system, to determine whether the user information and the PIN match user information and a related PIN in the user-employee ID information database.
  - 17. The storage media of claim 14 wherein the program of instructions is configured to cause the network authentication system running the program of instructions to electronically send a session token to the wireless mobile communication device if and only if the network data communication device is authenticated.
  - 18. The storage media of claim 17 wherein the program of instructions is configured to cause the network authentication system running the program of instructions to electronically request and receive the session token from a token database system that is separate from the network authentication system.
  - 19. The storage media of claim 18 wherein the session token is configured to provide security access to multiple applications.
  - 20. The storage media of claim 14 wherein the network authentication system is part of a gateway system between the wireless mobile communication device and the user-security information database, the device information database, and the network account database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Mudalegundi, Vijay G., Kumar, Nanda

Granted Patent

US 8,566,914 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 2463/082 applying multi-factor authe...

H04W 12/068 using credential vaults, e....

TRIPLE AUTHENTICATION: MOBILE HARDWARE, MOBILE USER, AND USER ACCOUNT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRIPLE AUTHENTICATION: MOBILE HARDWARE, MOBILE USER, AND USER ACCOUNT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links