System and method of secure authentication information distribution

US 7,809,953 B2
Filed: 12/08/2003
Issued: 10/05/2010
Est. Priority Date: 12/09/2002
Status: Active Grant

First Claim

Patent Images

1. A system for distributing authentication information to a remote device, comprising:

a computer-readable memory having an authentication information store configured to store, prior to receipt of a seed request, a plurality of seeds for a plurality of users; and

a data processor executable authentication system configured to;

receive from the remote device the seed request for one of the plurality of seeds, the seed request including identity information and a received access code;

authenticate the seed request if the identity information is associated with one of the plurality of users;

responsive to the authentication, retrieve the one of the plurality of seeds corresponding to the identity information from the authentication information store;

calculate a calculated access code using the retrieved seed;

determine whether the calculated access code matches the received access code; and

return the retrieved seed to the remote device if the calculated access code matches the received access code.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of distributing authentication information for remotely accessing a computer resource. A request for authentication information, including identity information, is received from a user of a remote device. When the user is authenticated based on the identity information, requested authentication information is retrieved and returned to the remote device. The authentication information, or information generated from the authentication information, is then used for remotely accessing the computer resource.

Citations

19 Claims

1. A system for distributing authentication information to a remote device, comprising:
- a computer-readable memory having an authentication information store configured to store, prior to receipt of a seed request, a plurality of seeds for a plurality of users; and
  
  a data processor executable authentication system configured to;
  
  receive from the remote device the seed request for one of the plurality of seeds, the seed request including identity information and a received access code;
  
  authenticate the seed request if the identity information is associated with one of the plurality of users;
  
  responsive to the authentication, retrieve the one of the plurality of seeds corresponding to the identity information from the authentication information store;
  
  calculate a calculated access code using the retrieved seed;
  
  determine whether the calculated access code matches the received access code; and
  
  return the retrieved seed to the remote device if the calculated access code matches the received access code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the authentication information is used in a two-factor authentication scheme.
  - 3. The system of claim 1, wherein the seed request comprises a Hypertext Transfer Protocol (HTTP) connection request.
  - 4. The system of claim 1, wherein the seed request comprises a network password and a digital signature, and wherein the network password and digital signature are verified by the authentication system before the authentication information is provided to the remote device.
  - 5. The system of claim 1, wherein the identity information comprises user information and account information.
  - 6. The system of claim 5, wherein the identity information identifies a particular user and corresponding authentication information being requested, and is used by the authentication system to authenticate the particular user requesting the authentication information.
  - 7. The system of claim 1, wherein the identity information in the seed request is used by the remote device for two-factor authentication.
  - 8. The system of claim 7, wherein the identity information comprises a network password entered by the user of the remote device and a digital signature generated based on a transformation of at least a portion of the information in the seed request, a signature key, and a signature algorithm.
  - 9. The system of claim 1, wherein the authentication system does not provide the authentication information to the remote device if a match was not found in the authentication information store based upon the identity information.
  - 10. The system of claim 1, wherein the remote device uses the retrieved seed to gain access to a corporate local area network (LAN).
  - 11. The system of claim 10, wherein two-factor authentication is used in the LAN to authenticate a user requesting remote access to the LAN, and wherein the retrieved seed is used in performing two-factor authentication in order to gain access to the LAN.
  - 12. The system of claim 1, wherein the remote device is a wireless mobile communication device.
  - 13. The system of claim 12, wherein the remote device stores the retrieved seed in a data store.
  - 14. The system of claim 13, wherein the data store is implemented in a smart card.
  - 15. The system of claim 13, wherein the data store is implemented in a Universal Serial Bus (USB) token.
  - 16. The system of claim 1, wherein the remote device is a desktop computer.
  - 17. The system of claim 1, wherein the remote device communicates with the authentication system over a communication system, and wherein the communication system comprises a wide area network (WAN) and a wireless network gateway.

18. A method for distributing authentication information to a remote device using an authentication system, the method implemented using a computer-readable memory having an authentication information store storing, prior to receipt of a seed request, a plurality of seeds for a plurality of users;
- the method comprising;
  
  receiving from the remote device, via a communication network, the seed request for one of the plurality of seeds, the seed request including identity information and a received access code;
  
  authenticating the seed request if the identity information is associated with one of the plurality of users;
  
  responsive to the authentication, retrieving the one of the plurality of seeds corresponding to the identity information from the authentication information store;
  
  calculating, by a computer, a calculated access code using the retrieved seed;
  
  determining, by the computer, whether the calculated access code matches the received access code; and
  
  returning the retrieved seed to the remote device if the calculated access code matches the received access code.

19. A non-transitory computer readable medium having an authentication information store storing, prior to receipt of a seed request, a plurality of seeds for a plurality of users, wherein the non-transitory computer readable medium further stores instructions comprising an authentication system which, when executed by a processor, implements a method for distributing authentication information to a remote device, the method comprising:
- receiving from the remote device the seed request for one of the plurality of seeds, the seed request including identity information and a received access code;
  
  authenticating the seed request if the identity information is associated with one of the plurality of users;
  
  responsive to the authentication, retrieving the one of the plurality of seeds corresponding to the identity information from the authentication information store;
  
  calculating a calculated access code using the retrieved seed;
  
  determining whether the calculated access code matches the received access code; and
  
  returning the retrieved seed to the remote device if the calculated access code matches the received access code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Robertson, Ian M., Kirkup, Michael G., Little, Herbert A.
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Zee; Edward

Application Number

US10/730,183
Publication Number

US 20040172531A1
Time in Patent Office

2,493 Days
Field of Search

726/3, 726/8, 726/5, 726/6, 726/7, 726/9, 380/278, 380/279, 713/168, 713/182, 713/184, 713/185
US Class Current

713/184
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0823   using certificates cryptogr...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

System and method of secure authentication information distribution

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of secure authentication information distribution

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links