System and method for accessing private networks

US 9,118,667 B2
Filed: 06/01/2012
Issued: 08/25/2015
Est. Priority Date: 06/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method of operating a mobile device, the method comprising:

receiving at the mobile device, a challenge from an authentication server on behalf of a computing device attempting to access a private network, the challenge having been generated in response to a request by the computing device to access the private network;

obtaining a private value entered by a user, wherein the private value is not accessible by the computing device;

the mobile device using the private value, the challenge, and a private key stored on the mobile device to generate a response to the challenge; and

the mobile device sending the response to the authentication server to enable the computing device to access the private network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for using a mobile device to authenticate access to a private network. The mobile device may operate to receive a challenge from an authentication server, the challenge having being generated according to a request to access a private network; obtain a private value; use the private value, the challenge, and a private key to generate a response to the challenge; and send the response to the authentication server. An authentication server may operate to generate a challenge; send the challenge to a mobile device; receive a response from the mobile device, the response having been generated by the mobile device using a private value, the challenge, and a private key; verify the response; and confirm verification of the response with a VPN gateway to permit a computing device to access a private network.

Citations

22 Claims

1. A method of operating a mobile device, the method comprising:
- receiving at the mobile device, a challenge from an authentication server on behalf of a computing device attempting to access a private network, the challenge having been generated in response to a request by the computing device to access the private network;
  
  obtaining a private value entered by a user, wherein the private value is not accessible by the computing device;
  
  the mobile device using the private value, the challenge, and a private key stored on the mobile device to generate a response to the challenge; and
  
  the mobile device sending the response to the authentication server to enable the computing device to access the private network.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the private value is a personal identification number.
  - 3. The method of claim 1, wherein the challenge is received by the mobile device directly from the authentication server independent of the computing device, and the response is sent directly to the authentication server over a public network independent of the computing device.
  - 4. The method of claim 1, wherein the mobile device is connected to the computing device for generating the response, wherein the challenge is received from the authentication server via a virtual private network gateway on the computing device, and wherein the response is sent to the authentication server via the virtual private network gateway on the computing device.
  - 5. The method of claim 1, wherein the response comprises a signature generated using the challenge, the private key, and the private value.

6. A non-transitory computer readable storage medium comprising computer executable instructions for operating a mobile device, the computer executable instructions comprising instructions for:
- receiving at the mobile device, a challenge from an authentication server on behalf of a computing device attempting to access a private network, the challenge having been generated in response to a request by the computing device to access the private network;
  
  obtaining a private value entered by a user, wherein the private value is not accessible by the computing device;
  
  the mobile device using the private value, the challenge, and a private key stored on the mobile device to generate a response to the challenge; and
  
  the mobile device sending the response to the authentication server to enable the computing device to access the private network.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory computer readable storage medium of claim 6, wherein the private value is a personal identification number.
  - 8. The non-transitory computer readable storage medium of claim 6, wherein the challenge is received by the mobile device directly from the authentication server independent of the computing device, and the response is sent directly to the authentication server over a public network independent of the computing device.
  - 9. The non-transitory computer readable storage medium of claim 6, wherein the mobile device is connected to the computing device for generating the response, wherein the challenge is received from the authentication server via a virtual private network gateway on the computing device, and wherein the response is sent to the authentication server via the virtual private network gateway on the computing device.
  - 10. The non-transitory computer readable storage medium of claim 6, wherein the response comprises a signature generated using the challenge, the private key, and the private value.

11. A mobile device comprising a processor, and memory, the memory comprising computer executable instructions for causing the processor to:
- receive at the mobile device, a challenge from an authentication server on behalf of a computing device attempting to access a private network, the challenge having been generated in response to a request by the computing device to access the private network;
  
  obtain a private value entered by a user, wherein the private value is not accessible by the computing device;
  
  use the private value, the challenge, and a private key stored on the mobile device to generate a response to the challenge; and
  
  send the response to the authentication server to enable the computing device to access the private network.

12. A method of operating an authentication server, the method comprising:
- generating a challenge in response to a request from a computing device to access a private network;
  
  sending the challenge to a mobile device on behalf of the computing device attempting to access the private network;
  
  receiving a response from the mobile device, the response having been generated by the mobile device using a private value entered by a user, the challenge, and a private key stored on the mobile device, wherein the private value is not accessible by the computing device;
  
  verifying the response; and
  
  confirming verification of the response with a virtual private network gateway to permit the computing device to access the private network.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the private value is a personal identification number.
  - 14. The method of claim 12, wherein the challenge is sent directly to the mobile device independent of the computing device, and the response is received directly from the mobile device over a public network independent of the computing device.
  - 15. The method of claim 12, wherein the mobile device is connected to the computing device for generating the response, wherein the challenge is sent to the mobile device via the virtual private network gateway on the computing device, and wherein the response is received from the mobile device via the virtual private network gateway on the computing device.
  - 16. The method of claim 12, wherein the response comprises a signature generated using the challenge, the private key, and the private value.

17. A non-transitory computer readable storage medium comprising computer executable instructions for operating an authentication server, the computer executable instructions comprising instructions for:
- generating a challenge in response to a request from a computing device to access a private network;
  
  sending the challenge to a mobile device on behalf of the computing device attempting to access the private network;
  
  receiving a response from the mobile device, the response having been generated by the mobile device using a private value entered by a user, the challenge, and a private key stored on the mobile device, wherein the private value is not accessible by the computing device;
  
  verifying the response; and
  
  confirming verification of the response with a virtual private network gateway to permit the computing device to access the private network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The non-transitory computer readable storage medium of claim 17, wherein the private value is a personal identification number.
  - 19. The non-transitory computer readable storage medium of claim 17, wherein the challenge is sent directly to the mobile device independent of the computing device, and the response is received directly from the mobile device over a public network independent of the computing device.
  - 20. The non-transitory computer readable storage medium of claim 17, wherein the mobile device is connected to the computing device for generating the response, wherein the challenge is sent to the mobile device via the virtual private network gateway on the computing device, and wherein the response is received from the mobile device via the virtual private network gateway on the computing device.
  - 21. The non-transitory computer readable storage medium of claim 17, wherein the response comprises a signature generated using the challenge, the private key, and the private value.

22. An authentication server comprising a processor and memory, the memory comprising computer executable instructions for causing the processor to:
- generate a challenge in response to a request from a computing device to access a private network;
  
  send the challenge to a mobile device on behalf of the computing device attempting to access the private network;
  
  receive a response from the mobile device, the response having been generated by the mobile device using a private value entered by a user, the challenge, and a private key stored on the mobile device, wherein the private value is not accessible by the computing device;
  
  verify the response; and
  
  confirm verification of the response with a virtual private network gateway to permit the computing device to access the private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited, Certicom Corporation (Blackberry Limited)
Inventors
Rosati, Anthony, Vanstone, Scott Alexander, Pecen, Mark E.
Primary Examiner(s)
Chai, Longbit

Application Number

US13/487,055
Publication Number

US 20130046976A1
Time in Patent Office

1,180 Days
Field of Search

713/168
US Class Current

1/1
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/3271   using challenge-response

H04W 12/03   Protecting confidentiality,...

H04W 12/069   using certificates or pre-s...

System and method for accessing private networks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for accessing private networks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links