System, devices and method for secure authentication

US 8,689,297 B2
Filed: 11/19/2010
Issued: 04/01/2014
Est. Priority Date: 11/19/2010
Status: Active Grant

First Claim

Patent Images

1. A mobile communications device comprising:

a communications subsystem for communicating over a wireless network;

a short-range communications subsystem for short-range communications;

a processor, in communication with the communications subsystem and the short-range communications subsystem;

a secure memory store, in communication with the processor; and

,wherein the processor is operative to enable the device to;

receive authentication data through the communications subsystem, the authentication data comprising information to identify on-line resource log-in credentials stored in the secure memory store, and comprising instructions to be executed by the device, the instructions comprising encryption security information;

process the authentication data and execute the instructions to render the processor further operative to process the information to locate the identified on-line resource log-in credentials and secure the identified on-line resource log-in credentials using the encryption security information to create processed authentication data; and

,transmit the processed authentication data to a computing device through the short-range communications subsystem.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, devices and method for authenticating a user requesting access, through a computing device connected to a network, to an on-line resource hosted by a server in communication with the network. The system, devices and method employing an authentication server and a mobile communications device in communication over a wireless network. The authentication server forwarding an authentication to the mobile communications device. Optionally, the authentication server also returning security information related to the authentication in response to the request. The mobile communications device operative to receive and process the authentication, and forward the processed authentication to the computing device over a short-range communications link.

21 Citations

View as Search Results

18 Claims

1. A mobile communications device comprising:
- a communications subsystem for communicating over a wireless network;
  
  a short-range communications subsystem for short-range communications;
  
  a processor, in communication with the communications subsystem and the short-range communications subsystem;
  
  a secure memory store, in communication with the processor; and
  
  ,wherein the processor is operative to enable the device to;
  
  receive authentication data through the communications subsystem, the authentication data comprising information to identify on-line resource log-in credentials stored in the secure memory store, and comprising instructions to be executed by the device, the instructions comprising encryption security information;
  
  process the authentication data and execute the instructions to render the processor further operative to process the information to locate the identified on-line resource log-in credentials and secure the identified on-line resource log-in credentials using the encryption security information to create processed authentication data; and
  
  ,transmit the processed authentication data to a computing device through the short-range communications subsystem.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, wherein the processor is further operative to decrypt the identified on-line resource log-in credentials from a first encryption state when stored in the secure memory store and to encrypt the decrypted identified on-line resource log-in credentials using the encryption security information into a second encrypted state.
  - 3. The device of claim 1, further comprising:
    - a user input interface; and
      
      ,the processor operative to execute the instructions to request and require user input through the user input interface, before the device transmits the processed authentication data.
  - 4. The device of claim 3, wherein the user input is to be input through the user input interface within a specified period of time after at least one of a tone or vibration is output.
  - 5. The device of claim 3, further comprising:
    - the processor operative to receive the user input through the user input interface, compare the user input with a pre-defined user input stored on the device, and transmit the processed authentication data if the user input matches the pre-defined user input.
  - 6. The device of claim 5, wherein if the user input fails to match the pre-defined user input, the processor is operative to transmit an error message.
  - 7. The device of claim 1, wherein the information to identify the on-line resource log-in credentials stored in the secure memory store comprises a hash of the on-line resource log-in credentials.

8. A method for performing user authentication, through a computing device connected to a network, in response to a request to access an on-line resource hosted on a server accessible via the network, the method comprising:
- the computing device receiving the request for on-line content;
  
  the computing device transmitting the request to an authentication server connected to the network;
  
  the computing device receiving decryption security information over the network and receiving processed authentication data over a short-range communications subsystem,the computing device processing the processed authentication data using the decryption security information to obtain on-line resource log-in credentials;
  
  the computing device transmitting the on-line resource log-in credentials to the server over the network to perform the user authentication;
  
  a mobile communications device receiving from the authentication server over a wireless network authentication data comprising instructions, the instructions comprising an identifier and encryption security information;
  
  the mobile communications device processing the authentication data by executing the instructions to identify on-line resource log-in credentials stored on the mobile communications device and encrypting the identified on-line resource log-in credentials to create the processed authentication data; and
  
  the mobile communications device transmitting the processed authentication data over a short-range communications subsystem of the mobile communications device to the computing device.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising:
    - the server receiving decryption security information from the authentication server;
      
      the server processing the on-line resource log-in credentials using the decryption security information to perform the user authentication.
  - 10. The method of claim 8, further comprising:
    - the authentication server receiving the request;
      
      the authentication server comparing the request with stored information to identify on-line resource log-in credentials;
      
      the authentication server transmitting authentication data to a mobile communications device over a wireless network and decryption security information to the computing device over the network for decrypting encrypted on-line resource log-in credentials identified by the request.
  - 11. The method of claim 8, wherein the instructions comprise a requirement to obtain a specified user input and the executing comprise the mobile communications device notifying the user of a specified request for user input and transmitting the processed authentication data to the computing device if the requested input is received.

12. A method for performing user authentication, the method comprising:
- a processor of a mobile communications device receiving authentication data through a communications subsystem, the authentication data comprising information to identify on-line resource log-in credentials stored in a secure memory store of the mobile communications device, and comprising instructions to be executed by the mobile communications device, the instructions comprising encryption security information;
  
  the processor processing the authentication data and executing the instructions to render the processor operative to process the information to locate the identified on-line resource log-in credentials and secure the identified on-line resource log-in credentials using the encryption security information to create processed authentication data; and
  
  ,the processor transmitting the processed authentication data to a computing device through a short-range communications subsystem.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, further comprising the processor of the mobile communications device decrypting the identified on-line resource log-in credentials from a first encryption state when stored in the secure memory store and encrypting the decrypted identified on-line resource log-in credentials using the encryption security information into a second encrypted state.
  - 14. The method of claim 12, further comprising the processor of the mobile communications device executing the instructions to request and require user input through a user input interface of the mobile communications device, before the device transmits the processed authentication data.
  - 15. The method of claim 14, further comprising the processor receiving the user input through the user input interface, comparing the user input with a pre-defined user input stored on the device, and transmitting the processed authentication data if the user input matches the pre-defined user input.
  - 16. The method of claim 14, wherein the user input is to be input through the user input interface within a specified period of time after at least one of a tone or vibration is output.
  - 17. The method of claim 15, further comprising transmitting an error message if the user input fails to match the pre-defined user input.
  - 18. The method of claim 12, wherein the information to identify the on-line resource log-in credentials stored in the secure memory store comprises a hash of the on-line resource log-in credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Pasquero, Jerome, Walker, David Ryan
Primary Examiner(s)
LEWIS, LISA C

Application Number

US12/949,890
Publication Number

US 20120131653A1
Time in Patent Office

1,229 Days
Field of Search

726 2- 7, 726/9, 726/27
US Class Current

726/6
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

H04L 2209/80   Wireless network architectu...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

System, devices and method for secure authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System, devices and method for secure authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links