Method and apparatus for accelerated authentication

US 9,667,423 B2
Filed: 09/27/2010
Issued: 05/30/2017
Est. Priority Date: 09/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a hardware processor, first data that indicates a first portion of a user credential for a first user but not a second portion of the user credential for the first user, wherein the first data is received in response to a sign-in prompt to a user to provide the user credential to authenticate the first user;

determining, by the hardware processor, whether the first portion of the user credential is valid; and

if the first portion of the user credential is valid, then determining, by the hardware processor, to send second data that indicates a valid value for the second portion of the user credential for the first user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.

27 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a hardware processor, first data that indicates a first portion of a user credential for a first user but not a second portion of the user credential for the first user, wherein the first data is received in response to a sign-in prompt to a user to provide the user credential to authenticate the first user;
  
  determining, by the hardware processor, whether the first portion of the user credential is valid; and
  
  if the first portion of the user credential is valid, then determining, by the hardware processor, to send second data that indicates a valid value for the second portion of the user credential for the first user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the second data is sent to a remote process that is trusted to ensure that data received from the first user agrees with the valid value for the second portion of the user credential for the first user.
  - 3. The method of claim 1, wherein the second data further indicates a token that is used by the first user to obtain service from a set of one or more network services for a predetermined time interval.
  - 4. The method of claim 1, wherein the second data indicates an encrypted version of the valid value for the second portion of the user credential for the first user.
  - 5. The method of claim 4, wherein the encrypted version of the valid value for the second portion of the user credential for the first user is used by a remote process to verify data received from the first user.

6. A method comprising:
- receiving, by a hardware processor, first data that indicates a first portion of a user credential for a first user but not a second portion of the user credential for the first user, wherein the first data is received in response to a sign-in prompt to a user to provide the user credential to authenticate the first user; and
  
  before receiving second data that indicates the second portion of the user credential for the first user, determining, by the hardware processor, to send a first message that indicates the first portion of the user credential to a remote process that initiates authentication of the first user based on the first portion of the user credential.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. The method of claim 6, further comprising:
    - receiving the second data that indicates the second portion of the user credential for the first user; and
      
      in response to receiving the second data, determining whether the second data is valid.
  - 8. The method of claim 7, wherein determining whether the second data is valid further comprises:
    - determining to send a second message that indicates the second portion of the user credential to the remote process; and
      
      determining whether the remote process returns third data that indicates successful authentication in response to the second message.
  - 9. The method of claim 7, wherein determining whether the second data is valid further comprises:
    - receiving third data from the remote process that indicates a valid value for the second portion of the user credential; and
      
      determining whether the second data is consistent with the third data.
  - 10. The method of claim 6, wherein the first message further indicates a request for a service from the remote process.
  - 11. The method of claim 6, wherein the remote process is an authentication service and the first data and the second data are received from a different remote process executing on a device operated by the first user.
  - 12. The method of claim 11, further comprising, before receiving second data that indicates the second portion of the user credential for the first user, determining to retrieve local user profile data for the first user based, at least in part, on a user identifier in the first portion of the user credential for the first user.
  - 13. The method of claim 11, further comprising receiving, from the remote process, a second message that includes data that indicates a valid value for the second portion of the user credential for the first user if the remote process determines that the first portion of the user credential for the first user is valid.
  - 14. The method of claim 13, further comprising, in response to receiving the second message, determining to send, to the different remote process, a third message that indicates the valid value for the second portion of the user credential for the first user.
  - 15. The method of claim 13, further comprising:
    - receiving the second data that indicates the second portion of the user credential for the first user; and
      
      determining whether the second data is valid based at least in part on the data that indicates the valid value for the second portion of the user credential for the first user.

16. An apparatus comprising:
- at least one hardware processor; and
  
  at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one hardware processor, cause the apparatus to at least;
  
  receive first data that indicates a first portion of a user credential for a first user but not a second portion of the user credential for the first user, wherein the first data is received in response to a sign-in prompt to a user to provide the user credential to authenticate the first user;
  
  determine whether the first portion of the user credential is valid; and
  
  if the first portion of the user credential is valid, then determine to send second data that indicates a valid value for the second portion of the user credential for the first user.
- View Dependent Claims (17)
- - 17. The apparatus of claim 16, wherein the second data is sent to a remote process that is trusted to ensure that data received from the first user agrees with the valid value for the second portion of the user credential for the first user.

18. An apparatus comprising:
- at least one hardware processor; and
  
  at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one hardware processor, cause the apparatus to at least;
  
  receive first data that indicates a first portion of a user credential for a first user but not a second portion of the user credential for the first user, wherein the first data is received in response to a sign-in prompt to a user to provide the user credential to authenticate the first user; and
  
  before receiving second data that indicates the second portion of the user credential for the first user, determining to send a first message that indicates the first portion of the user credential to a remote process that initiates authentication of the first user based on the first portion of the user credential.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18, wherein the apparatus is further caused to:
    - receive the second data that indicates the second portion of the user credential for the first user; and
      
      in response to receiving the second data, determine whether the second data is valid.
  - 20. The apparatus of claim 18, wherein the apparatus is a mobile phone further comprising:
    - user interface circuitry and user interface software configured to facilitate user control of one or more functions of the mobile phone through use of a display and configured to respond to user input; and
      
      a display and display circuitry configured to display at least a portion of a user interface of the mobile phone, the display and display circuitry configured to facilitate user control of the one or more functions of the mobile phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Asokan, Nadarajah, Fu, Yan, Aarni, Ville
Primary Examiner(s)
LEE, JASON T

Application Number

US12/891,476
Publication Number

US 20120079570A1
Time in Patent Office

2,437 Days
Field of Search

726 5, 726 6, 726 22, 713165, 713189
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

Method and apparatus for accelerated authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for accelerated authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links