Secure identification string

US 9,386,009 B1
Filed: 11/05/2012
Issued: 07/05/2016
Est. Priority Date: 11/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method of providing secure access to a device, comprising:

receiving a first credential string entered by via a user interface;

validating the first credential string using trusted code installed at the device;

in response to determining that the first credential string is valid using the trusted code, sending, to a remote server, an indication that the first credential string has been validated by the trusted code, wherein the remote server compares an amount of time between receiving the indication and a previous indication that a credential string has been validated by the trusted code with a predetermined duration;

in the event the amount of time is greater than the predetermined duration, receiving from the remote server a request for additional authentication information;

in the event the amount of time is less than or equal to the predetermined duration, receiving from the remote server a response that includes a second credential string, wherein the second credential string includes more characters than the first credential string; and

using the second credential string to provide access to data stored on the device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing secure access to a mobile or other device using a network-assisted PIN or other short password is disclosed. In various embodiments, upon entry by a user of a personal identification number (PIN) or other short password, the password and a unique identifier, such as a user and/or device identifier, and/or other data, are sent to a remote server. The remote server returns to the mobile or other device a cryptographic key and/or other data, such as a more secure (e.g., more characters and/or including characters drawn from a larger set of characters) password usable at the mobile device to access encrypted data.

58 Citations

View as Search Results

25 Claims

1. A method of providing secure access to a device, comprising:
- receiving a first credential string entered by via a user interface;
  
  validating the first credential string using trusted code installed at the device;
  
  in response to determining that the first credential string is valid using the trusted code, sending, to a remote server, an indication that the first credential string has been validated by the trusted code, wherein the remote server compares an amount of time between receiving the indication and a previous indication that a credential string has been validated by the trusted code with a predetermined duration;
  
  in the event the amount of time is greater than the predetermined duration, receiving from the remote server a request for additional authentication information;
  
  in the event the amount of time is less than or equal to the predetermined duration, receiving from the remote server a response that includes a second credential string, wherein the second credential string includes more characters than the first credential string; and
  
  using the second credential string to provide access to data stored on the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein the first credential comprises a numeric PIN.
  - 3. The method of claim 1, wherein the first credential string is entered via a user access interface.
  - 4. The method of claim 1, wherein the second credential string comprises a password.
  - 5. The method of claim 1, wherein the second credential string comprises an encryption key.
  - 6. The method of claim 1, wherein using the second credential string to provide access to data stored on the device includes using the second credential string to decrypt data stored in encrypted form on the device.
  - 7. The method of claim 1, wherein the remote server is configured to throttle requests associated with attempts to access the device.
  - 8. The method of claim 1, wherein the remote server is configured to send the second credential string to the device based at least in part on receipt of the indication that the first credential string is valid.
  - 9. The method of claim 1, wherein the device is configured to permit access without sending a request to the remote server upon entry of the second credential string directly at the device.
  - 10. The method of claim 9, wherein the device is configured to require that the device connect with the server prior to access being allowed based at least in part on a determination that greater than a prescribed amount of time has passed since a last connection to the server.
  - 11. The method of claim 1, further comprising displaying a soft numeric keypad based at least in part on a determination that a PIN entry field has been selected.
  - 12. The method of claim 1, wherein the device is configured to require entry at the device by a user of both the first credential string and the second credential string based at least in part on a determination that a maximum security condition has been met.
  - 19. The method of claim 1, wherein in response to receiving the indication that the first credential string has been validated, the remote server determines whether the device is eligible to have an access attempt processed.
  - 20. The method of claim 19, wherein the remote server determines whether the device is eligible based at least in part on an IP address from which the request was received.
  - 21. The method of claim 19, wherein the remote server determines whether the device is eligible based at least in part on a time at which the request was received.
  - 22. The method of claim 19, wherein the remote server determines whether the device is eligible based at least in part on geographic location associated with the device.
  - 23. The method of claim 1, further comprising:
    - receiving a request to access the data stored on the device;
      
      in response to receiving the request to access the data,determining an amount of time that has passed since the device last connected with the remote server; and
      
      in the event that the amount of time that has passed since the device last connected with the remote server exceeds a threshold amount of time, disabling offline access to the data until the device connects with the remote server.
  - 24. The method of claim 1, wherein the request for additional authentication information comprises:
    - receiving, from the remote server, a request for an additional credential string to authenticate the user;
      
      receiving a third credential string entered via the user interface, wherein the third credential string is longer than the first credential string; and
      
      sending information associated with the third credential string to the remote server, wherein the remote server determines whether to send the response that includes the second credential string based at least in part on the information associated with the third credential string.
  - 25. The method of claim 1, wherein the indication that the first credential string has been validated by the trusted code does not include the first credential string.

13. A device configured to provide network-assisted secure access, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured to;
  
  receive a first credential string entered by via a user interface;
  
  validate the first credential string using trusted code installed at the device;
  
  in response to determining that the first credential string is valid using the trusted code, send, to a remote server, an indication that the first credential string has been validated by the trusted code, wherein the remote server compares an amount of time between receiving the indication and a previous indication that a credential string has been validated by the trusted code with a predetermined duration;
  
  in the event the amount of time is greater than the predetermined duration, receiving from the remote server a request for additional authentication information;
  
  in the event the amount of time is less than or equal to the predetermined duration, receive from the remote server via the communication interface a response that includes a second credential string, wherein the second credential string includes more characters than the first credential string; and
  
  use the second credential string to provide access to data stored on the device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The device of claim 13, wherein the second credential string comprises a password.
  - 15. The device of claim 13, wherein the process is configured to use the second credential string to provide access to data stored on the device at least in part by using the second credential string to decrypt data stored in encrypted form on the device.
  - 16. The device of claim 13, wherein the remote server is configured to throttle requests associated with attempts to access the device by entering values associated with the first credential string.
  - 17. The device of claim 13, wherein the remote server is configured to send the second credential string to the device based at least in part on receipt of the indication that the first credential string is valid.

18. A computer program product to provide secure access, the computer program product being embodied in a tangible, non-transitory computer readable storage medium and comprising computer instructions for:
- receiving a first credential string entered by via a user interface;
  
  validating the first credential string using trusted code installed at a device;
  
  in response to determining that the first credential string is valid using the trusted code, sending, to a remote server, an indication that the first credential string has been validated by the trusted code, wherein the remote server compares an amount of time between receiving the indication and a previous indication that a credential string has been validated by the trusted code within a predetermined duration;
  
  in the event the amount of time is greater than the predetermined duration, receiving from the remote server a request for additional authentication information;
  
  in the event the amount of time is less than or equal to the predetermined duration, receiving from the remote server a response that includes a second credential string, wherein the second credential string includes more characters than the first credential string; and
  
  using the second credential string to provide access to data stored on the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Marion, Eric M., Sonawane, Nitin
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
McCoy, Richard

Application Number

US13/669,089
Time in Patent Office

1,338 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/083 using passwords cryptograph...

H04L 9/3226 using a predetermined code,...

Secure identification string

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure identification string

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links