Authentication server and method for granting tokens
First Claim
1. An authentication server comprising:
- a receiver;
a transmitter;
a memory having stored thereon a secret shared with a service server from which a service is provided; and
a hardware processor configured to;
receive, at the receiver, a request from a mobile electronic device through a relay server to negotiate a session key, the relay server being separate from the authentication server and being a trusted entity not requiring authentication by the authentication server;
negotiate the session key with the mobile electronic device through the relay server, wherein the session key is generated by the mobile device;
while using the session key to encrypt and decrypt communications with the mobile electronic device through the relay server;
generate a token in response to receipt, at the receiver, of a request from the relay server, the request originating from the mobile electronic device, the token being generated by the authentication server based on a reliance on the relay server to ensure that the mobile electronic device has authorization to access the service, the token being generated in absence of authentication of the mobile electronic device and the relay server by the authentication server when the request for the token is received; and
cause the transmitter to transmit the token to the mobile electronic device through the relay server, the token being generated using the shared secret and the token including an indication that the mobile electronic device is authorized to access the service.
4 Assignments
0 Petitions
Accused Products
Abstract
An authentication server and method are provided for generating tokens for use by a mobile electronic device for accessing a service. Communications between the device and the authentication server are through a relay. A memory stores a secret shared with a service server from which the service is provided. A processor is configured to generate the token using the shared secret and based on a reliance on the relay to ensure that the device has authorization to access the service. One or more computer readable medium having computer readable instructions stored thereon that cause the device to obtain proof of authorization to access the service is also provided. The instructions implement a method comprising: outputting via a wireless connection to a relay a request addressed to an authentication server for a token and receiving the token from the authentication server via the relay.
-
Citations
15 Claims
-
1. An authentication server comprising:
-
a receiver; a transmitter; a memory having stored thereon a secret shared with a service server from which a service is provided; and a hardware processor configured to; receive, at the receiver, a request from a mobile electronic device through a relay server to negotiate a session key, the relay server being separate from the authentication server and being a trusted entity not requiring authentication by the authentication server; negotiate the session key with the mobile electronic device through the relay server, wherein the session key is generated by the mobile device; while using the session key to encrypt and decrypt communications with the mobile electronic device through the relay server; generate a token in response to receipt, at the receiver, of a request from the relay server, the request originating from the mobile electronic device, the token being generated by the authentication server based on a reliance on the relay server to ensure that the mobile electronic device has authorization to access the service, the token being generated in absence of authentication of the mobile electronic device and the relay server by the authentication server when the request for the token is received; and cause the transmitter to transmit the token to the mobile electronic device through the relay server, the token being generated using the shared secret and the token including an indication that the mobile electronic device is authorized to access the service. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of issuing a token for use by a mobile electronic device for authorization to access a service provided from a service server, the method comprising:
-
receiving a request, by an authentication server, from the mobile electronic device through a relay server to negotiate a session key, the relay server being separate from the authentication server and being a trusted entity not requiring authentication by the authentication server; negotiate the session key with the mobile electronic device through the relay server, wherein the session key is generated by the mobile electronic device; while using the session key to encrypt and decrypt communications between the authentication server and the mobile electronic device through the relay server; receiving, at the authentication server, a request for the token from the mobile electronic device through the relay server; generating the token, by the authentication server, based on a reliance on the relay server to ensure that the mobile electronic device is authorized to access the service, the token being generated in absence of authentication of the mobile electronic device and the relay server by the authentication server when the request for the token is received; and transmitting the token to the mobile electronic device through the relay server, the token being generated using a secret shared between the authentication server and the service server and the token including an indication that the mobile electronic device is authorized to access the service. - View Dependent Claims (7, 8, 9, 10)
-
-
11. One or more non-transitory computer readable medium having computer readable instructions stored thereon that when executed by a processor on a mobile electronic device cause the mobile electronic device to obtain proof of authorization to access a service provided from a service server by a method comprising:
-
outputting, to an authentication server through a relay server, a request to negotiate a session key with the authentication server, the relay server being separate from the authentication server and being a trusted entity not requiring authentication by the authentication server; negotiating the session key with the authentication server through the relay server, wherein the session key is generated by the mobile electronic device; while using the session key to encrypt and decrypt communications with the authentication server through the relay server; outputting, to the relay server, a request addressed to the authentication server for a token to be used as indication that the mobile electronic device is authorized to access the service; and receiving the token from the authentication server via the relay server, in absence of authentication of the mobile electronic device by the authentication server; wherein the token is generated by the authentication server, based on a reliance on the relay server to ensure that the mobile electronic device is authorized to access the service, the token being generated in absence of authentication of the relay server by the authentication server when the request for the token is received at the authentication server; and the token being generated using a secret shared between the authentication server and the service server. - View Dependent Claims (12, 13, 14, 15)
-
Specification