Computer program product, apparatus and method for secure HTTP digest response verification and integrity protection in a mobile terminal
First Claim
1. An apparatus comprising a processor and memory including computer program code, the memory and computer program code configured to, with the processor, cause the apparatus to:
- direct storage of a password at a password provisioning module (PPM);
direct generation of the password at a password generating module in operable communication with the PPM;
direct generation of an authentication response from the password in response to a request from a client application, the authentication response being generated by a response generation module (RGM) in operable communication with both the client application of a mobile terminal and the PPM, the mobile terminal having processing and memory resources separate from the processor and the memory, the RGM being disposed at a user identity module (UIM) of the mobile terminal to enable generation of the authentication response at the UIM for provision of the authentication response to the client application; and
direct verification of a request for a server digest response and generation of a verification result in response to a request from the client application via a response verification module (RVM) in operable communication with both the client application and the PPM,wherein the apparatus further comprises the UIM and the UIM is configured to enable sending the password from the PPM to the RGM such that the password never leaves the UIM.
2 Assignments
0 Petitions
Accused Products
Abstract
A mobile terminal for securely communicating with a network includes a user identity module (UIM) and a user equipment module. The user equipment module includes a client application. The UIM is in operable communication with the user equipment and includes a password provisioning module (PPM), a password generating module, a response verification module (RVM) and a response generation module (RGM). The PPM is configured to store a password. The password generating module is in operable communication with the PPM and configured to generate the password. The RGM and RVM are in operable communication with both the client application and the PPM. The RGM is configured to generate an authentication response from the password in response to a request from the client application. The RVM is configured to verify a request for a server digest response and generate a verification result in response to a request from the client application.
-
Citations
28 Claims
-
1. An apparatus comprising a processor and memory including computer program code, the memory and computer program code configured to, with the processor, cause the apparatus to:
-
direct storage of a password at a password provisioning module (PPM); direct generation of the password at a password generating module in operable communication with the PPM; direct generation of an authentication response from the password in response to a request from a client application, the authentication response being generated by a response generation module (RGM) in operable communication with both the client application of a mobile terminal and the PPM, the mobile terminal having processing and memory resources separate from the processor and the memory, the RGM being disposed at a user identity module (UIM) of the mobile terminal to enable generation of the authentication response at the UIM for provision of the authentication response to the client application; and direct verification of a request for a server digest response and generation of a verification result in response to a request from the client application via a response verification module (RVM) in operable communication with both the client application and the PPM, wherein the apparatus further comprises the UIM and the UIM is configured to enable sending the password from the PPM to the RGM such that the password never leaves the UIM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a request for an authentication response from a response generation module (RGM) in communication with a password provisioning module (PPM) and a client application sending the request, the PPM and the RGM being embodied by a user identity module (UIM) comprising a processor and memory separate from processing and memory resources of a mobile terminal with which the UIM is associated; causing sending a password from the PPM to the RGM in response to the request, the UIM being configured to enable sending the password from the PPM to the RGM such that the password never leaves the UIM; causing generating the authentication response at the RGM from the password in response to the request, and the password, to enable provision of the authentication response from the RGM of the UIM to the client application; receiving a server digest response; and causing verifying the server digest response. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product comprising at least one non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
-
a first executable portion for receiving a request for an authentication response from a response generation module (RGM) in communication with a password provisioning module (PPM) and a client application sending the request, the PPM and the RGM being embodied by a user identity module (UIM) comprising a processor and memory separate from processing and memory resources of a mobile terminal with which the UIM is associated; a second executable portion for sending a password from the PPM to the RGM in response to the request, the second executable portion including instructions for sending the password from the PPM to the RGM such that the password never leaves the UIM; a third executable portion for generating the authentication response at the RGM from the password in response to the request, and the password, to enable provision of the authentication response from the RGM of the UIM to the client application; a fourth executable portion for receiving a server digest response; and a fifth executable portion for verifying the server digest response. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus comprising:
-
means for receiving a request for an authentication response from a response generation module (RGM) in communication with a password provisioning module (PPM) and a client application sending the request, the PPM and the RGM being embodied by a user identity module (UIM) comprising a processor and memory separate from processing and memory resources of a mobile terminal with which the UIM is associated; means for sending a password from the PPM to the RGM in response to the request such that the password never leaves the UIM; means for generating the response at the RGM from the password in response to the request, and the password, to enable provision of the authentication response from the RGM of the UIM to the client application; means for receiving a server digest response; and means for verifying the server digest response. - View Dependent Claims (28)
-
Specification