Credential authentication for mobile users

US 7,047,560 B2
Filed: 06/28/2001
Issued: 05/16/2006
Est. Priority Date: 06/28/2001
Status: Active Grant

First Claim

Patent Images

1. In a computerized system that includes one or more wireless clients accessing a content server through a WAP server and a gateway interposed between the WAP server and the content server, all of which are part of a network, wherein access to the content server requires authentication credentials, the network maintaining gateway authentication credentials that specify one or more access privileges tailored to access through the gateway, a method of authenticating a client comprising a gateway performing the acts of:

defining an authentication filter in a gateway that is remotely interposed between a remote WAP server client and a content server, wherein the authentication filter maps authentication credentials received from the remote WAP server client according to pre-established criteria, the authentication filter including a domain identifier and a username modifier, wherein the WAP server provides the authentication credentials to the gateway in response to a wireless client requesting access to a domain available to the content server;

receiving the authentication credentials at the gateway from the remote WAP server client, wherein the authentication credentials include both a password and a user name corresponding to access permissions for accessing the resources at the content server through one or more domains;

mapping the received authentication credentials based on the pre-established criteria, and by changing at least one of a domain and user name of the authentication credentials received from the remote client to different domain or user name, respectively, wherein the domain identifier is configured to change the domain, and wherein the username modifier is configured to change the user name that is received from the remote client by at least one of adding a suffix or prefix to the user name, adding new characters to a middle portion of the user name, replacing a portion of the user name, or deleting some characters from the user name; and

sending the mapped authentication credentials to the network, the mapped authentication credentials including the password originally provided by the WAP server client and the at least one changed user name or domain, and such that the wireless client'"'"'s access to the content source is based on the mapped authentication credentials comprising the at least one of a changed user name and a changed domain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products for authenticating a mobile client that may have an input system optimized for numeric input. A mobile gateway receives authentication credentials from a mobile client and uses an authentication filter to map the authentication credentials according to pre-established criteria. The authentication filter may change the domain name, the username, or both. Then, the mapped authentication credentials are sent to a network that includes the content server being accessed. Any access privileges granted to the mobile client are based on the mapped authentication credentials. The mobile gateway may be configured to accept connections only from known servers. Mobile authentication credentials may be maintained in one or more domains, possibly having a trust relationship, or may be stored in a separately administered credential database.

Citations

36 Claims

1. In a computerized system that includes one or more wireless clients accessing a content server through a WAP server and a gateway interposed between the WAP server and the content server, all of which are part of a network, wherein access to the content server requires authentication credentials, the network maintaining gateway authentication credentials that specify one or more access privileges tailored to access through the gateway, a method of authenticating a client comprising a gateway performing the acts of:
- defining an authentication filter in a gateway that is remotely interposed between a remote WAP server client and a content server, wherein the authentication filter maps authentication credentials received from the remote WAP server client according to pre-established criteria, the authentication filter including a domain identifier and a username modifier, wherein the WAP server provides the authentication credentials to the gateway in response to a wireless client requesting access to a domain available to the content server;
  
  receiving the authentication credentials at the gateway from the remote WAP server client, wherein the authentication credentials include both a password and a user name corresponding to access permissions for accessing the resources at the content server through one or more domains;
  
  mapping the received authentication credentials based on the pre-established criteria, and by changing at least one of a domain and user name of the authentication credentials received from the remote client to different domain or user name, respectively, wherein the domain identifier is configured to change the domain, and wherein the username modifier is configured to change the user name that is received from the remote client by at least one of adding a suffix or prefix to the user name, adding new characters to a middle portion of the user name, replacing a portion of the user name, or deleting some characters from the user name; and
  
  sending the mapped authentication credentials to the network, the mapped authentication credentials including the password originally provided by the WAP server client and the at least one changed user name or domain, and such that the wireless client'"'"'s access to the content source is based on the mapped authentication credentials comprising the at least one of a changed user name and a changed domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 34, 35, 36)
- - 2. A method as recited in claim 1 wherein gateway authentication credentials and other authentication credentials are maintained in separate domains, and wherein the act of mapping the received authentication credentials includes changing a domain name that is part of the received authentication credentials.
  - 3. A method as recited in claim 2 wherein the act of mapping the received authentication credentials includes replacing the domain name that is part of the received authentication credentials with another domain name.
  - 4. A method as recited in claim 1 wherein the gateway authentication credentials are maintained in a credential database that is administered separately from domain authentication credentials and recognized by the content server only in authenticating client access through the gateway.
  - 5. A method as recited in claim 1 wherein gateway authentication credentials and other authentication credentials share a common domain, and wherein the act of mapping the received authentication credentials includes changing a username that is part of the received authentication credentials.
  - 6. A method as recited in claim 5 wherein the act of mapping the received authentication credentials includes adding a suffix to the username.
  - 7. A method as recited in claim 5 wherein the act of mapping the received authentication credentials includes adding a prefix to the username.
  - 8. A method as recited in claim 1 wherein the client includes one or more identified wireless application protocol servers providing gateway and content server access to one or more other clients, the method further comprising the act of accepting authentication credentials only from the one or more identified wireless application protocol servers.
  - 9. A method as recited in claim 1 wherein the gateway authentication credentials correspond to other authentication credentials that allow access to a content server, and wherein a trust relationship exists between the gateway authentication credentials and other authentication credentials with respect to one or more access privileges, the method further comprising the acts of:
    - receiving a request for content available at the content server;
      
      sending the request to the network;
      
      receiving the requested content from the network; and
      
      sending the received content to the client.
  - 10. A method as recited in claim 9 wherein the content available at the content server comprises email content.
  - 11. A method as recited in claim 9 wherein the one or more access privileges included within the trust relationship that exists between the gateway authentication credentials and the other authentication credentials comprise a delegate access permission.
  - 34. A method as recited in claim 2, wherein changing the domain includes at least one of substituting one domain for another domain by replacing a domain specified by the mobile client;
    - altering a domain name specified by the mobile client;
      
      or adding a domain.
  - 35. A method as recited in claim 1, wherein the password comprises a numeric PIN entered by the wireless client.
  - 36. A method as recited in claim 1, wherein the password is a password entered by the wireless client and wherein different authentication credentials must be provided by the wireless client to access different resources at the content server.

12. In a computerized system that includes one or more mobile clients accessing a content server through a mobile gateway and a WAP server interposed between the WAP server and the content server, all of which are part of a network, wherein access to the content server requires authentication credentials that may contain a combination of numbers, upper case letters, lower case letters, and punctuation, the network maintaining mobile authentication credentials that specify one or more access privileges tailored to mobile client access, a method of authenticating a mobile client comprising a mobile gateway performing steps for:
- altering, at a gateway, authentication credentials that are received from a WAP server communicating with one or more remote mobile clients and the gateway to produce mapped authentication credentials that match mobile authentication credentials maintained on the network by at least one of changing the domain name and the user name, wherein the authentication credentials include a password and user name for resources at one or more domains of the content server, which are provided by a wireless client to the WAP server and from the WAP server to the gateway, and wherein changing the user name includes one of adding a suffix or prefix to the user name, adding new characters to a middle portion of the user name, replacing a portion of the user name, or deleting some characters from the user name;
  
  identifying a mobile client to the network using the altered authentication credentials, including the password provided by the wireless client and at least one of a changed domain or user name; and
  
  accessing content provided by the network in accordance with the access privileges allowed by the mobile authentication credentials.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. A method as recited in claim 12 wherein the step for altering authentication credentials comprises the acts of:
    - defining an authentication filter that maps authentication credentials received from mobile clients according to pre-established criteria; and
      
      mapping the received authentication credentials based on the pre-established criteria.
  - 14. A method as recited in claim 12 wherein the step for identifying a mobile client comprises the acts of:
    - receiving authentication credentials from a mobile client; and
      
      sending mapped authentication credentials to the network, wherein the mobile client'"'"'s access to the content source is determined from the mapped authentication credentials.
  - 15. A method as recited in claim 12 wherein changing at least one of the domain name and a username includes either adding a suffix to the username or replacing the domain name with another domain name.
  - 16. A method as recited in claim 12 wherein the mobile authentication credentials are maintained in a credential database that is administered separately from domain authentication credentials and recognized by the content server only in authenticating mobile clients.
  - 17. A method as recited in claim 12 wherein mobile authentication credentials and other authentication credentials share a common domain.
  - 18. A method as recited in claim 12 wherein the mobile client includes one or more identified wireless application protocol servers providing mobile gateway and content server access to one or more other mobile clients, the step for identifying a mobile client comprising the act of accepting authentication credentials only from the one or more identified wireless application protocol servers.
  - 19. A method as recited in claim 12 wherein the step for accessing content provided by the content server comprises the acts of:
    - receiving a request to access content from the mobile client;
      
      sending the request to the network;
      
      receiving the requested content from the network; and
      
      sending the received content to the mobile client.
  - 20. A method as recited in claim 19 wherein the content is email content.
  - 21. A method as recited in claim 12 wherein a trust relationship exists between the mobile authentication credentials and other authentication credentials with respect to one or more access privileges.
  - 22. A method as recited in claim 21 wherein the one or more access privileges included within the trust relationship that exists between the mobile authentication credentials and the other authentication credentials comprise a delegate access permission.

23. In a computerized system that includes one or more mobile clients accessing a content server through a WAP server and a mobile gateway interposed between the WAP server and the content server, all of which are part of a network, wherein access to the content server requires authentication credentials that may contain a combination of numbers, upper case letters, lower case letters, and punctuation, the network maintaining mobile authentication credentials that specify one or more access privileges tailored to mobile client access, a computer program product that implements a method of authenticating a mobile client comprising:
- a computer readable medium for carrying machine-executable instructions for implementing the method; and
  
  wherein said method is comprised of machine-executable instructions for a mobile gateway performing the acts of;
  
  defining an authentication filter in a gateway that is remotely interposed between a remote WAP server client and a content server, wherein the authentication filter maps authentication credentials received from the remote WAP server client according to pre-established criteria, the authentication filter including a domain identifier and a username modifier, wherein the WAP server provides the authentication credentials to the gateway in response to a wireless client requesting access to a domain available to the content server;
  
  receiving the authentication credentials at the gateway from the remote WAP server client, wherein the authentication credentials include both a password and a user name corresponding to access permissions for accessing the resources at the content server through one or more domains;
  
  mapping the received authentication credentials based on the pre-established criteria, and by changing at least one of a domain and user name of the authentication credentials received from the remote client to different domain or user name, respectively, wherein the domain identifier is configured to change the domain, and wherein the username modifier is configured to change the user name that is received from the remote client by at least one of adding a suffix or prefix to the user name, adding new characters to a middle portion of the user name, replacing a portion of the user name, or deleting some characters from the user name; and
  
  sending the mapped authentication credentials to the network, the mapped authentication credentials including the password originally provided by the WAP server client and the at least one changed user name or domain, and such that the wireless client'"'"'s access to the content source is based on the mapped authentication credentials comprising the at least one of a changed user name and a changed domain.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. A computer program product as recited in claim 23 wherein mobile authentication credentials and other authentication credentials are maintained in separate domains, and wherein the act of mapping the received authentication credentials includes changing a domain name that is part of the received authentication credentials.
  - 25. A computer program product as recited in claim 24 wherein the act of mapping the received authentication credentials includes replacing the domain name that is part of the received authentication credentials with another domain name.
  - 26. A computer program product as recited in claim 23 wherein the mobile authentication credentials are maintained in a credential database that is administered separately from domain authentication credentials and recognized by the content server only in authenticating mobile clients.
  - 27. A computer program product as recited in claim 23 wherein mobile authentication credentials and other authentication credentials share a common domain, and wherein the act of mapping the received authentication credentials includes changing a username that is part of the received authentication credentials.
  - 28. A computer program product as recited in claim 27 wherein the act of mapping the received authentication credentials includes adding a suffix to the username.
  - 29. A computer program product as recited in claim 27 wherein the act of mapping the received authentication credentials includes adding a prefix to the username.
  - 30. A computer program product as recited in claim 23 wherein the mobile authentication credentials correspond to other authentication credentials that allow access to a content server, and wherein a trust relationship exists between the mobile authentication credentials and other authentication credentials with respect to one or more access privileges, the method further comprising computer-executable instructions for performing the acts of:
    - receiving a request for content available at the content server;
      
      sending the request to the network;
      
      receiving the requested content from the network; and
      
      sending the received content to the mobile client.
  - 31. A computer program product as recited in claim 30 wherein the content available at the content server comprises email content.
  - 32. A computer program product as recited in claim 30 wherein the one or more access privileges included within the trust relationship that exists between the mobile authentication credentials and the other authentication credentials comprise a delegate access permission.
  - 33. A computer program product as recited in claim 23 wherein the mobile client includes one or more identified wireless application protocol servers providing mobile gateway and content server access to one or more other mobile clients, the method further comprising computer-executable instructions for performing the act of accepting authentication credentials only from the one or more identified wireless application protocol servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fishman, Neil S., Kramer, Michael
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US09/894,607
Publication Number

US 20030005290A1
Time in Patent Office

1,783 Days
Field of Search

713/156, 713/200, 726/6, 726 12- 13, 380/270
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

H04L 63/104   Grouping of entities

H04L 67/04   specially adapted for termi...

H04L 69/329   in the application layer [O...

Credential authentication for mobile users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Credential authentication for mobile users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links