System and method for validating a user of an account for a wireless device

US 9,125,056 B2
Filed: 03/17/2014
Issued: 09/01/2015
Est. Priority Date: 02/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access of a wireless device to resources provided through a private network accessed by the wireless device from a first network, the method comprising:

receiving, at a server, a request from the wireless device requesting access to a resource, the request being received upon activation of a first icon in a graphical user interface (GUI) on a display of the wireless device, the first icon relating to the resource and the GUI providing in one screen the first icon and a second icon relating to an authentication status of the wireless device;

in response to determining, at the server, that the request for access to the resource is related to a restricted resource in the private network;

intercepting the request, at the server, and redirecting the request to an authentication server;

in response to receiving, from the authentication server, a signal indicating that the wireless device has not been authenticated to access the restricted resource;

initiating, at the server, an authentication process to request a user account and a password from the wireless device, the authentication process utilizing a two-factor authentication technique to authenticate the wireless device, the two-factor authentication technique comprising;

processing, at the server, an input stream provided from the wireless device in response to the authentication process, the input stream comprising account data and a password;

sending the input stream to the authentication server for comparison against valid account data associated with the restricted resource; and

in response to receiving, at the server, a response from the authentication server that the input stream matches the valid account data;

authenticating access for the wireless device to the restricted resource;

automatically directing the wireless device to the restricted resource in the private network; and

providing a message to the wireless device, the message causing the wireless device to update the one screen provided by the GUI to indicate through the second icon that the wireless device has been authenticated to access the restricted resource; and

in response to determining, at the server, that the wireless device previously had been authenticated to access the restricted resource, automatically providing the wireless device access to the restricted resource; and

in response to determining, at the server, that the request for access to the resource relates to a non-restricted resource accessible from the first network, automatically providing the wireless device access to the non-restricted resource.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource.

23 Citations

19 Claims

1. A method for controlling access of a wireless device to resources provided through a private network accessed by the wireless device from a first network, the method comprising:
- receiving, at a server, a request from the wireless device requesting access to a resource, the request being received upon activation of a first icon in a graphical user interface (GUI) on a display of the wireless device, the first icon relating to the resource and the GUI providing in one screen the first icon and a second icon relating to an authentication status of the wireless device;
  
  in response to determining, at the server, that the request for access to the resource is related to a restricted resource in the private network;
  
  intercepting the request, at the server, and redirecting the request to an authentication server;
  
  in response to receiving, from the authentication server, a signal indicating that the wireless device has not been authenticated to access the restricted resource;
  
  initiating, at the server, an authentication process to request a user account and a password from the wireless device, the authentication process utilizing a two-factor authentication technique to authenticate the wireless device, the two-factor authentication technique comprising;
  
  processing, at the server, an input stream provided from the wireless device in response to the authentication process, the input stream comprising account data and a password;
  
  sending the input stream to the authentication server for comparison against valid account data associated with the restricted resource; and
  
  in response to receiving, at the server, a response from the authentication server that the input stream matches the valid account data;
  
  authenticating access for the wireless device to the restricted resource;
  
  automatically directing the wireless device to the restricted resource in the private network; and
  
  providing a message to the wireless device, the message causing the wireless device to update the one screen provided by the GUI to indicate through the second icon that the wireless device has been authenticated to access the restricted resource; and
  
  in response to determining, at the server, that the wireless device previously had been authenticated to access the restricted resource, automatically providing the wireless device access to the restricted resource; and
  
  in response to determining, at the server, that the request for access to the resource relates to a non-restricted resource accessible from the first network, automatically providing the wireless device access to the non-restricted resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18)
- - 2. The method for controlling access of a wireless device to resources as claimed in claim 1, wherein:
    - the restricted resource relates to a HTML page and is provided through an internet point-to-point protocol layer;
      
      the restricted resource is provided in the internet point-to-point protocol layer by the private network;
      
      the wireless device has an access account to the first network; and
      
      the non-restricted resource relates to a resource accessible from the first network.
  - 3. The method for controlling access of a wireless device to resources as claimed in claim 1, wherein the two-factor authentication technique comprises receiving a validation code from the wireless device, and wherein, at the server, a response from the authentication server comprises receiving the response when the validation codes matches an validation code generated by the authentication server.
  - 4. The method for controlling access of a wireless device to resources as claimed in claim 3, wherein the validation code is provided as part of the password.
  - 5. The method for controlling access of a wireless device to resources as claimed in claim 4, further comprising requesting the validation code from the wireless device when the input stream is not authenticated after a set number of authentication attempts.
  - 6. The method for controlling access of a wireless device to resources as claimed in claim 5, wherein the validation code periodically changes in a pattern known by the first network;
    - and changes in the validation code are provided to the wireless device.
  - 7. The method for controlling access of a wireless device to resources as claimed in claim 1, wherein access to the restricted resource is time limited.
  - 8. The method for controlling access of a wireless device to resources as claimed in claim 1, wherein the one screen comprises a main application screen for the wireless device.
  - 18. The method for controlling access of a wireless device to resources as claimed in claim 1, wherein:
    - when the second icon is activated and the wireless device is not authenticated by the authentication server, the authentication process is initiated.

9. A server for controlling access of a wireless device to resources provided through a private network accessed by the wireless device from a first network, the server comprising:
- a microprocessor;
  
  a memory device containing instructions executable by the microprocessor toreceive a request from the wireless device requesting access to a resource, the request being received upon activation of a first icon in a graphical user interface (GUI) on a display of the wireless device, the first icon relating to the resource and the GUI providing in one screen the first icon and a second icon relating to an authentication status of the wireless device;
  
  in response to determining that the request for access to the resource is related to a restricted resource in the private network;
  
  intercept the request and redirecting the request to an authentication process;
  
  in response to receiving, from the authentication server, a signal indicating that the wireless device has not been authenticated to access the restricted resourceinitiate the authentication process to request a user account and a password from the wireless device, the authentication process utilizing a two-factor authentication technique to authenticate the wireless device, the two-factor authentication technique comprising;
  
  process an input stream provided from the wireless device in response to the authentication process, the input stream comprising account data and a password;
  
  sending the input stream to the authentication server for comparison against valid account data associated with the restricted resource;
  
  in response to receiving a response from the authentication server that the input stream matches the valid account data;
  
  authenticating access for the wireless device to the restricted resource;
  
  automatically directing the wireless device to the restricted resource in the private network;
  
  providing a message to the wireless device, the message causing the wireless device to update the one screen provided by the GUI to indicate through the second icon to indicate that the wireless device has been authenticated to access the restricted resource; and
  
  in response to determining that the wireless device previously had been authenticated to access the restricted resource, automatically provide the wireless device with access to the restricted resource; and
  
  in response to determining that the request for access to the resource relates to a non-restricted resource accessible from the first network, automatically provide the wireless device with access to the non-restricted resource.
- View Dependent Claims (10, 11, 12, 13, 19)
- - 10. The server as claimed in claim 9, wherein:
    - the restricted resource relates to a HTML page and is provided through an internet point-to-point protocol layer;
      
      the restricted resource is provided in the internet point-to-point protocol layer by the private network; and
      
      the non-restricted resource relates to a resource accessible from the first network.
  - 11. The server as claimed in claim 9, wherein:
    - the two-factor authentication technique further comprises receiving a validation code from the wireless device; and
      
      the validation code is provided as part of the password.
  - 12. The server as claimed in claim 9, wherein the two-factor authentication technique further comprises requesting a validation code from the wireless device when the wireless device has not been authenticated after a set number of authentication attempts.
  - 13. The server as claimed in claim 9, wherein:
    - the private network includes a mobile data services server; and
      
      the server is a redirection server.
  - 19. The server as claimed in claim 9, wherein:
    - when the second icon is activated and the wireless device is not authenticated by the server, the authentication process is initiated.

14. A non-transitory computer readable medium storing computer readable instructions executable by a microprocessor to:
- receive a request from a wireless device requesting access to a resource provided through a private network accessed by the wireless device from a first network request being received upon activation of a first icon in a graphical user interface (GUI) on a display of the wireless device, the first icon relating to the resource and the GUI providing in one screen the first icon and a second icon relating to an authentication status of the wireless device;
  
  in response to determining that the request for access to the resource is related to a restricted resource in the private network;
  
  intercept the request and redirecting the request to an authentication server;
  
  in response to receiving, from the authentication server, a signal indicating that the wireless device has not been authenticated to access the restricted resource, initiate an authentication process to request a user account and a password from the wireless device, the authentication process utilizing a two-factor authentication technique to authenticate the wireless device, the two-factor authentication technique comprising;
  
  processing an input stream provided from the wireless device in response to the authentication process, the input stream comprising account data and a password;
  
  sending the input stream to the authentication server for comparison against valid account data associated with the restricted resource; and
  
  in response to receiving a response from the authentication server that the input stream matches the valid account data;
  
  authenticating access for the wireless device to the restricted resource;
  
  automatically directing the wireless device to the restricted resource in the private network; and
  
  providing a message to the wireless device, the message causing the wireless device to update the one screen provided by the GUI to indicate through the second icon of the GUI to indicate that the wireless device has been authenticated status to access the restricted resource;
  
  in response to determining, at the server, that the wireless device previously had been authenticated to access the restricted resource, automatically provide the wireless device access to the restricted resource; and
  
  in response to determining, at the server, that the request for access to the resource relates to a non-restricted resource accessible from the first network, automatically provide the wireless device access to the non-restricted resource.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer readable medium as claimed in claim 14, wherein the two-factor authentication technique further comprisesrequesting the validation code from the wireless device when the input stream is not authenticated after a set number of authentication attempts.
  - 16. The non-transitory computer readable medium as claimed in claim 14, wherein:
    - the microprocessor is in a server in the private network;
      
      the restricted resource relates to a HTML page and is provided through an internet point-to-point protocol layer;
      
      the restricted resource is provided in the internet point-to-point protocol layer by the private network;
      
      the wireless device has an access account to the first network; and
      
      the non-restricted resource relates to a resource accessible from the first network.
  - 17. The non-transitory computer readable medium as claimed in claim 14, wherein:
    - when the second icon is activated and the wireless device is not authenticated by the authentication server, the authentication process is initiated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Hung, Michael Hin Kai
Primary Examiner(s)
HERZOG, MADHURI R

Application Number

US14/172,382
Publication Number

US 20140250504A1
Time in Patent Office

533 Days
Field of Search

726 1- 15, 726/21, 713155-159, 713164-186, 709217-229
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/35   communicating wirelessly

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2117   User registration

G06F 2221/2149   Restricted operating enviro...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

System and method for validating a user of an account for a wireless device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for validating a user of an account for a wireless device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links