Device registration, authentication, and authorization system and method

US 9,860,241 B2
Filed: 06/30/2014
Issued: 01/02/2018
Est. Priority Date: 04/15/2014
Status: Active Grant

First Claim

Patent Images

1. A server, comprising:

at least one processor to;

receive a registration request, the registration request comprising a representation of a username and a password;

verify the username and the password and transmit a one-time-use password;

receive the one-time-use password and first device identifier information from a mobile computing device;

receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information;

verify the username, the password, the second device identifier information, and the application key information at the server;

transmit a token to the mobile computing device responsive to verification of the username, the password, the second device identifier information, and the application key information;

receive a resource request from the mobile computing device comprising the token and third device identifier information;

verify the token and the third device identifier information; and

transmit a representation of the requested resource to the mobile computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes one or more processors to receive a registration request, the registration request comprising a representation of a username and a password, verify the username and the password and transmit a one-time-use password, receive the one-time-use password and first device identifier information from a mobile computing device, receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information, verify the username, the password, the second device identifier information, and the application key information, and transmit a token to the mobile computing device, and receive a resource request from the mobile computing device comprising the token and third device identifier information.

22 Citations

View as Search Results

30 Claims

1. A server, comprising:
- at least one processor to;
  
  receive a registration request, the registration request comprising a representation of a username and a password;
  
  verify the username and the password and transmit a one-time-use password;
  
  receive the one-time-use password and first device identifier information from a mobile computing device;
  
  receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information;
  
  verify the username, the password, the second device identifier information, and the application key information at the server;
  
  transmit a token to the mobile computing device responsive to verification of the username, the password, the second device identifier information, and the application key information;
  
  receive a resource request from the mobile computing device comprising the token and third device identifier information;
  
  verify the token and the third device identifier information; and
  
  transmit a representation of the requested resource to the mobile computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The server of claim 1, the at least one processor further to:
    - store the first device identifier information in a memory, the first device identifier information comprising a first device identifier and a first device identifier secret.
  - 3. The server of claim 2, wherein the second device identifier information comprises a second device hash-based message authentication code.
  - 4. The server of claim 3, the at least one processor further to:
    - perform a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code; and
      
      compare the first device hash-based message authentication code with the second hash-based message authentication code to verify the second device identifier information.
  - 5. The server of claim 2, wherein the third device identifier information comprises a third device hash-based message authentication code.
  - 6. The server of claim 5, the at least one processor further to:
    - perform a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code;
      
      compare the first device hash-based message authentication code with the third device hash-based message authentication code to determine that the resource request is valid;
      
      transmit a representation of a resource associated with the resource request to the mobile computing device.
  - 7. The server of claim 5, the at least one processor further to:
    - perform a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code;
      
      compare the first device hash-based message authentication code with the third hash-based message authentication code to determine that the resource request is invalid; and
      
      transmit an indication that the resource request is invalid to the mobile computing device.
  - 8. The server of claim 1, wherein the application key information comprises a first application hash-based message authentication code based on an application key and an application key secret.
  - 9. The server of claim 2, the at least one processor further to:
    - disable at least one of the first device identifier and the first device identifier secret; and
      
      deny the resource request from the mobile computing device.
  - 10. The server of claim 2, the at least one processor further to:
    - delete at least one of the first device identifier and the first device identifier secret; and
      
      deny the resource request from the mobile computing device.

11. A method, comprising:
- receiving, by at least one processor on a server, a registration request, the registration request comprising a representation of a username and a password;
  
  verifying, by the at least one processor, the username and the password and transmitting a one-time-use password;
  
  receiving, by the at least one processor, the one-time-use password and first device identifier information from a mobile computing device;
  
  receiving, by the at least one processor, an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information;
  
  verifying, by the at least one processor, the username, the password, the second device identifier information, and the application key information at the server;
  
  transmitting a token to the mobile computing device responsive to verification of the username, the password, the second device identifier information, and the application key information;
  
  receiving, by the at least one processor, a resource request from the mobile computing device comprising the token and third device identifier information;
  
  verifying the token and the third device identifier information; and
  
  transmitting a representation of the requested resource to the mobile computing device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising:
    - storing the first device identifier information in a memory, the first device identifier information comprising a first device identifier and a first device identifier secret.
  - 13. The method of claim 12, wherein the second device identifier information comprises a second device hash-based message authentication code.
  - 14. The method of claim 13, further comprising:
    - performing a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code; and
      
      comparing the first device hash-based message authentication code with the second hash-based message authentication code to verify the second device identifier information.
  - 15. The method of claim 12, wherein the third device identifier information comprises a third device hash-based message authentication code.
  - 16. The method of claim 15, further comprising:
    - performing a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code;
      
      comparing the first device hash-based message authentication code with the third device hash-based message authentication code to determine that the resource request is valid;
      
      transmitting a representation of a resource associated with the resource request to the mobile computing device.
  - 17. The method of claim 15, further comprising:
    - performing a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code;
      
      comparing the first device hash-based message authentication code with the third hash-based message authentication code to determine that the resource request is invalid; and
      
      transmitting an indication that the resource request is invalid to the mobile computing device.
  - 18. The method of claim 11, wherein the application key information comprises a first application hash-based message authentication code based on an application key and an application key secret.
  - 19. The method of claim 12, further comprising:
    - disabling at least one of the first device identifier and the first device identifier secret; and
      
      denying the resource request from the mobile computing device.
  - 20. The method of claim 12, further comprising:
    - deleting at least one of the first device identifier and the first device identifier secret; and
      
      denying the resource request from the mobile computing device.

21. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one processor on a server, cause the at least one processor to perform operations comprising:
- receiving a registration request, the registration request comprising a representation of a username and a password;
  
  verifying the username and the password and transmitting a one-time-use password;
  
  receiving the one-time-use password and first device identifier information from a mobile computing device;
  
  receiving an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information;
  
  verifying the username, the password, the second device identifier information, and the application key information at the server;
  
  transmitting a token to the mobile computing device responsive to verification of the username, the password, the second device identifier information, and the application key information;
  
  receiving a resource request from the mobile computing device comprising the token and third device identifier information;
  
  verifying the token and the third device identifier information; and
  
  transmitting a representation of the requested resource to the mobile computing device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The non-transitory computer-readable medium of claim 21, the operations further comprising:
    - storing the first device identifier information in a memory, the first device identifier information comprising a first device identifier and a first device identifier secret.
  - 23. The non-transitory computer-readable medium of claim 22, wherein the second device identifier information comprises a second device hash-based message authentication code.
  - 24. The non-transitory computer-readable medium of claim 23, the operations further comprising:
    - performing a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code; and
      
      comparing the first device hash-based message authentication code with the second hash-based message authentication code to verify the second device identifier information.
  - 25. The non-transitory computer-readable medium of claim 22, wherein the third device identifier information comprises a third device hash-based message authentication code.
  - 26. The non-transitory computer-readable medium of claim 25, the operations further comprising:
    - performing a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code;
      
      comparing the first device hash-based message authentication code with the third device hash-based message authentication code to determine that the resource request is valid;
      
      transmitting a representation of a resource associated with the resource request to the mobile computing device.
  - 27. The non-transitory computer-readable medium of claim 25, the operations further comprising:
    - performing a cryptographic hash function on the first device identifier and the first device identifier secret to obtain a first device hash-based message authentication code;
      
      comparing the first device hash-based message authentication code with the third hash-based message authentication code to determine that the resource request is invalid; and
      
      transmitting an indication that the resource request is invalid to the mobile computing device.
  - 28. The non-transitory computer-readable medium of claim 21, wherein the application key information comprises a first application hash-based message authentication code based on an application key and an application key secret.
  - 29. The non-transitory computer-readable medium of claim 22, the operations further comprising:
    - disabling at least one of the first device identifier and the first device identifier secret; and
      
      denying the resource request from the mobile computing device.
  - 30. The non-transitory computer-readable medium of claim 22, the operations further comprising:
    - deleting at least one of the first device identifier and the first device identifier secret; and
      
      denying the resource request from the mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Original Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Inventors
Dixon, Allen E., Rdzak, Steven M., Swift, Christopher T., Grippo, Rene, Scheufele, Jeff
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
SARKER, SANCHIT K

Application Number

US14/320,179
Publication Number

US 20150295930A1
Time in Patent Office

1,282 Days
Field of Search

713181
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

H04L 9/3242   involving keyed hash functi...

H04W 12/068   using credential vaults, e....

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

Device registration, authentication, and authorization system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Device registration, authentication, and authorization system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links