Computer program product, apparatus and method for secure HTTP digest response verification and integrity protection in a mobile terminal

US 8,091,122 B2
Filed: 12/05/2006
Issued: 01/03/2012
Est. Priority Date: 12/05/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising a processor and memory including computer program code, the memory and computer program code configured to, with the processor, cause the apparatus to:

direct storage of a password at a password provisioning module (PPM);

direct generation of the password at a password generating module in operable communication with the PPM;

direct generation of an authentication response from the password in response to a request from a client application, the authentication response being generated by a response generation module (RGM) in operable communication with both the client application of a mobile terminal and the PPM, the mobile terminal having processing and memory resources separate from the processor and the memory, the RGM being disposed at a user identity module (UIM) of the mobile terminal to enable generation of the authentication response at the UIM for provision of the authentication response to the client application; and

direct verification of a request for a server digest response and generation of a verification result in response to a request from the client application via a response verification module (RVM) in operable communication with both the client application and the PPM,wherein the apparatus further comprises the UIM and the UIM is configured to enable sending the password from the PPM to the RGM such that the password never leaves the UIM.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile terminal for securely communicating with a network includes a user identity module (UIM) and a user equipment module. The user equipment module includes a client application. The UIM is in operable communication with the user equipment and includes a password provisioning module (PPM), a password generating module, a response verification module (RVM) and a response generation module (RGM). The PPM is configured to store a password. The password generating module is in operable communication with the PPM and configured to generate the password. The RGM and RVM are in operable communication with both the client application and the PPM. The RGM is configured to generate an authentication response from the password in response to a request from the client application. The RVM is configured to verify a request for a server digest response and generate a verification result in response to a request from the client application.

Citations

28 Claims

1. An apparatus comprising a processor and memory including computer program code, the memory and computer program code configured to, with the processor, cause the apparatus to:
- direct storage of a password at a password provisioning module (PPM);
  
  direct generation of the password at a password generating module in operable communication with the PPM;
  
  direct generation of an authentication response from the password in response to a request from a client application, the authentication response being generated by a response generation module (RGM) in operable communication with both the client application of a mobile terminal and the PPM, the mobile terminal having processing and memory resources separate from the processor and the memory, the RGM being disposed at a user identity module (UIM) of the mobile terminal to enable generation of the authentication response at the UIM for provision of the authentication response to the client application; and
  
  direct verification of a request for a server digest response and generation of a verification result in response to a request from the client application via a response verification module (RVM) in operable communication with both the client application and the PPM,wherein the apparatus further comprises the UIM and the UIM is configured to enable sending the password from the PPM to the RGM such that the password never leaves the UIM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the RGM is configured to generate the authentication response from the password and a hash of a payload message.
  - 3. The apparatus of claim 1, wherein the RGM is configured to send the authentication response to the client application.
  - 4. The apparatus of claim 1, wherein the password comprises a hyper text transfer protocol (HTTP) password.
  - 5. The apparatus of claim 4, wherein the authentication response comprises a HTTP response.
  - 6. The apparatus of claim 1, wherein the authentication response comprises a hyper text transfer protocol (HTTP) response including a checksum of a username, the password, a nonce value, an HTTP method, a requested universal resource identifier (URI) and a hash of an HTTP payload.
  - 7. The apparatus of claim 1, wherein the request includes an application identity, a username, a nonce and a hash of a hyper text transfer protocol (HTTP) payload.
  - 8. The apparatus of claim 1, wherein the password generating module comprises a generic bootstrapping architecture unit.

9. A method comprising:
- receiving a request for an authentication response from a response generation module (RGM) in communication with a password provisioning module (PPM) and a client application sending the request, the PPM and the RGM being embodied by a user identity module (UIM) comprising a processor and memory separate from processing and memory resources of a mobile terminal with which the UIM is associated;
  
  causing sending a password from the PPM to the RGM in response to the request, the UIM being configured to enable sending the password from the PPM to the RGM such that the password never leaves the UIM;
  
  causing generating the authentication response at the RGM from the password in response to the request, and the password, to enable provision of the authentication response from the RGM of the UIM to the client application;
  
  receiving a server digest response; and
  
  causing verifying the server digest response.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, wherein generating the response further comprises generating the authentication response from the password in response to the request, the password and a hash of a payload message.
  - 11. The method of claim 9, further comprising sending the authentication response from the RGM to the client application.
  - 12. The method of claim 9, wherein generating the authentication response comprises generating a hyper text transfer protocol (HTTP) response including a checksum of a username, the password, a nonce value, an HTTP method, a requested universal resource identifier (URI) and a hash of an HTTP payload.
  - 13. The method of claim 9, wherein receiving the request includes receiving the request which includes an application identity, a username, a nonce and a hash of a hyper text transfer protocol (HTTP) payload.
  - 14. The method of claim 9, further comprising generating the password in a generic bootstrapping architecture unit.
  - 15. The method of claim 9 further comprising storing the password in the PPM.
  - 16. The method of claim 15, wherein storing the password comprises storing a hyper text transfer protocol (HTTP) password.
  - 17. The method of claim 16, wherein receiving the request for the authentication response comprises receiving a request for an HTTP response.

18. A computer program product comprising at least one non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- a first executable portion for receiving a request for an authentication response from a response generation module (RGM) in communication with a password provisioning module (PPM) and a client application sending the request, the PPM and the RGM being embodied by a user identity module (UIM) comprising a processor and memory separate from processing and memory resources of a mobile terminal with which the UIM is associated;
  
  a second executable portion for sending a password from the PPM to the RGM in response to the request, the second executable portion including instructions for sending the password from the PPM to the RGM such that the password never leaves the UIM;
  
  a third executable portion for generating the authentication response at the RGM from the password in response to the request, and the password, to enable provision of the authentication response from the RGM of the UIM to the client application;
  
  a fourth executable portion for receiving a server digest response; and
  
  a fifth executable portion for verifying the server digest response.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The computer program product of claim 18, wherein the third executable portion includes instructions for generating the authentication response from the password in response to the request, the password and a hash of a payload message.
  - 20. The computer program product of claim 18, further comprising a sixth executable portion for sending the authentication response from the RGM to the client application.
  - 21. The computer program product of claim 18, wherein the third executable portion includes instructions for generating a hyper text transfer protocol (HTTP) response including a checksum of a username, the password, a nonce value, an HTTP method, a requested universal resource identifier (URI) and a hash of an HTTP payload.
  - 22. The computer program product of claim 18, wherein the first executable portion includes instructions for receiving the request which includes an application identity, a username, a nonce and a hash of a hyper text transfer protocol (HTTP) payload.
  - 23. The computer program product of claim 18, further comprising a sixth executable portion for generating the password in a generic bootstrapping architecture unit.
  - 24. The computer program product of claim 18 further comprising a sixth executable portion for storing the password in the PPM.
  - 25. The computer program product of claim 24, wherein the sixth executable portion includes instructions for storing a hyper text transfer protocol (HTTP) password.
  - 26. The computer program product of claim 25, wherein the first executable portion includes instructions for receiving a request for an HTTP response.

27. An apparatus comprising:
- means for receiving a request for an authentication response from a response generation module (RGM) in communication with a password provisioning module (PPM) and a client application sending the request, the PPM and the RGM being embodied by a user identity module (UIM) comprising a processor and memory separate from processing and memory resources of a mobile terminal with which the UIM is associated;
  
  means for sending a password from the PPM to the RGM in response to the request such that the password never leaves the UIM;
  
  means for generating the response at the RGM from the password in response to the request, and the password, to enable provision of the authentication response from the RGM of the UIM to the client application;
  
  means for receiving a server digest response; and
  
  means for verifying the server digest response.
- View Dependent Claims (28)
- - 28. The apparatus of claim 27, wherein means for generating the authentication response further comprises means for generating the response from the password in response to the request, the password and a hash of a payload message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Guo, Yile, Chan, Tat
Primary Examiner(s)
Gee, Jason K

Application Number

US11/566,894
Publication Number

US 20070150943A1
Time in Patent Office

1,855 Days
Field of Search

726/5, 726/6, 726/7
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

G06F 2221/2119   Authenticating web pages, e...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04M 1/72445   for supporting Internet bro...

H04W 12/068   using credential vaults, e....

H04W 12/106   Packet or message integrity

Computer program product, apparatus and method for secure HTTP digest response verification and integrity protection in a mobile terminal

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Computer program product, apparatus and method for secure HTTP digest response verification and integrity protection in a mobile terminal

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links