Simplified login for mobile devices

US 8,631,237 B2
Filed: 04/25/2008
Issued: 01/14/2014
Est. Priority Date: 04/25/2008
Status: Active Grant

First Claim

Patent Images

1. A method implemented at least in part by a computer, the method comprising:

in conjunction with a first logon activity, receiving a PIN from a user interface of a mobile device;

sending the PIN and user credentials to a server outside the mobile device;

receiving encrypted data that includes the PIN and the user credentials at the mobile device;

storing the encrypted data on the mobile device;

in conjunction with a second logon activity, receiving the PIN from the user interface; and

sending the PIN, unencrypted, and the encrypted data to the server to enable the server to compare the PIN, unencrypted, and the PIN that is included in the encrypted data to determine whether to grant the mobile device access to a resource, the encrypted data being sent as a parameter of a resource locator associated with the resource, the encrypted data including a revalidation date after which a password is to be supplied to obtain access to the resource via the mobile device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

12 Citations

20 Claims

1. A method implemented at least in part by a computer, the method comprising:
- in conjunction with a first logon activity, receiving a PIN from a user interface of a mobile device;
  
  sending the PIN and user credentials to a server outside the mobile device;
  
  receiving encrypted data that includes the PIN and the user credentials at the mobile device;
  
  storing the encrypted data on the mobile device;
  
  in conjunction with a second logon activity, receiving the PIN from the user interface; and
  
  sending the PIN, unencrypted, and the encrypted data to the server to enable the server to compare the PIN, unencrypted, and the PIN that is included in the encrypted data to determine whether to grant the mobile device access to a resource, the encrypted data being sent as a parameter of a resource locator associated with the resource, the encrypted data including a revalidation date after which a password is to be supplied to obtain access to the resource via the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15)
- - 2. The method of claim 1, further comprising:
    - in conjunction with the first logon activity, receiving a username and password; and
      
      together with sending the PIN to a server outside the mobile device, sending the username and password to the server.
  - 3. The method of claim 1, wherein the evidence of authentication comprises a username and password encrypted in the encrypted data.
  - 4. The method of claim 1, wherein the encrypted data is placed in a cookie to send with one or more subsequent resource requests.
  - 5. The method of claim 1, further comprising determining whether the revalidation date has occurred, and if so, presenting a user interface that indicates a username and provides an area to receive the password.
  - 6. The method of claim 5, further comprising receiving input in the area and sending the input and username to the server for use in validating that the input matches a password for the username.
  - 7. The method of claim 1, wherein the encrypted data is encrypted via a secret symmetrical key not available on the mobile device.
  - 8. The method of claim 1, further comprising prior to the first logon activity displaying an element that queries whether to logon with a PIN or to logon with a username and password for subsequent logons.
  - 15. The method of claim 1, wherein the second logon activity occurs on or after the revalidation date;
    - wherein the method further comprises;
      
      receiving a request for a password at the mobile device in response to sending the PIN, unencrypted, and the encrypted data to the server to enable the server to compare the PIN, unencrypted, and the PIN that is included in the encrypted data, based on the second logon activity occurring on or after the revalidation date, anddisplaying a field for accepting the password in response to receiving the request.

9. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
- receiving credentials and a first number from a mobile device, the credentials including a username and a password, the first number comprising a string of numeric digits, each digit enterable on the mobile device by pressing a single key;
  
  authenticating the credentials, said authenticating including validating the password;
  
  encrypting, in data, the first number and evidence of authentication of the credentials;
  
  sending the data to the mobile device for use in subsequent logons, said sending including sending a revalidation date to the mobile device, the revalidation date being a date after which the password is to be revalidated prior to granting access to the resource;
  
  receiving a second number, unencrypted, and the data from the mobile device;
  
  decrypting the data to obtain the credentials and the first number;
  
  comparing the second number to the first number to determine whether the first number and the second number match;
  
  determining whether to grant access to a resource based on the credentials, the first number, and the second number; and
  
  in response to determining whether to grant the access, performing actions comprising;
  
  granting access to the resource based on the credentials if the first number and the second number match but not if the first number and the second number do not match; and
  
  generating a message to cause an invalid logon attempt to be recorded in a log and recording the invalid logon attempt in the log if the first number and the second number do not match but not if the first number and the second number match.
- View Dependent Claims (10, 16, 17, 18)
- - 10. The computer storage medium of claim 9, wherein generating a message to cause an invalid logon attempt to be recorded in a log comprises generating a message that includes a username and a bogus password and sending the message to an authentication server which logs the invalid logon attempt.
  - 16. The computer storage medium of claim 9, wherein receiving the second number comprises:
    - receiving the second number on or after the revalidation date;
      
      wherein the method further comprises;
      
      sending a request for a password to the mobile device in response to receiving the second number, andreceiving the password from the mobile device in response to the request; and
      
      wherein determining whether to grant access to the resource comprises;
      
      determining whether to grant access to the resource in response to receiving the password from the mobile device.
  - 17. The method of claim 9, wherein encrypting, in the data, the first number and the evidence of authentication of the credentials comprises:
    - encrypting, in the data, the first number and the evidence of authentication of the credentials via a secret symmetrical key not available on the mobile device.
  - 18. The computer storage medium of claim 9, wherein performing the actions further comprises:
    - sending new encrypted data to the mobile device if the first number and the second number match but not if the first number and the second number do not match.

11. In a mobile device having a display, a method comprising:
- receiving input for a first logon, comprising;
  
  displaying a first field for accepting a username,displaying a second field for accepting a password,displaying a third field for accepting a PIN, anddisplaying a user interface element that when activated sets the PIN;
  
  receiving second input for a second logon, the second input including the PIN and not including the username and password; and
  
  displaying a revalidation screen, the revalidation screen including the username and a field for receiving the password, the revalidation screen being displayed after a revalidation date occurs.
- View Dependent Claims (12, 13, 14, 19, 20)
- - 12. The method of claim 11, further comprising before receiving the second input, displaying the username and an indication to enter the PIN to logon.
  - 13. The method of claim 11, further comprising displaying a user interface element that, when activated, causes subsequent logons to require a username and password.
  - 14. The computer storage medium of claim 11, wherein the actions further comprise:
    - determining whether the revalidation date has expired;
      
      determining whether to revalidate the password in response to determining that the revalidation date has expired; and
      
      wherein determining whether to revalidate the password comprises;
      
      receiving an input and the username from the mobile device in response to expiration of the revalidation date;
      
      comparing the received input to the password to determine whether the received input and the password match;
      
      revalidating the password if the received input and the password match; and
      
      not revalidating the password if the received input and the password do not match.
  - 19. The method of claim 11, further comprising:
    - receiving the password in response to displaying the revalidation screen; and
      
      providing access to a resource in response to receiving the password.
  - 20. The method of claim 11, further comprising, prior to displaying the third field, displaying an element that queries whether to logon with a PIN or to logon with a username and password for subsequent logons.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mendelovich, Meir, Neystadt, John, Aoyama, Ken, Nice, Nir, Gurman, Shay Yehuda
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US12/109,580
Publication Number

US 20090271621A1
Time in Patent Office

2,090 Days
Field of Search

713/168, 380/259, 726/5
US Class Current

713/168
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/32   including means for verifyi...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Simplified login for mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified login for mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links