Method and apparatus for accelerated authentication

US 9,979,545 B2
Filed: 05/24/2017
Issued: 05/22/2018
Est. Priority Date: 09/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a hardware processor from a user device, first data that indicates a first portion of user credentials for a first user but not a second portion of the user credentials for the first user;

determining, by the hardware processor, whether the first portion of the user credentials is valid; and

when the first portion of the user credentials is valid, then determining, by the hardware processor, to send a service response authorized by the first portion to the user device,wherein sending of the service response authorized by the first portion occurs before receiving the second portion of the user credentials from the user device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.

24 Citations

15 Claims

1. A method comprising:
- receiving, by a hardware processor from a user device, first data that indicates a first portion of user credentials for a first user but not a second portion of the user credentials for the first user;
  
  determining, by the hardware processor, whether the first portion of the user credentials is valid; and
  
  when the first portion of the user credentials is valid, then determining, by the hardware processor, to send a service response authorized by the first portion to the user device,wherein sending of the service response authorized by the first portion occurs before receiving the second portion of the user credentials from the user device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein, the service response authorized by the first portion provides access control to the first user, and when the user device is a trusted client, a level of access control provided to the first user that is authorized by the first portion is less strict than the level of access control provided to the user by the second portion.
  - 3. The method of claim 2, wherein, the service response authorized by the first portion is included in second data that is sent to the user device, and the second data further includes a valid value for the second portion of the user credentials for the first user and a token that is used by the first user to obtain service from a set of one or more network services.
  - 4. The method of claim 1, wherein, when the user device is a trusted client, the service response authorized by the first portion is included in second data that is received by the user device, and the second data further includes a valid value for the second portion of the user credentials for the first user and a token that is used by the first user to obtain service from a set of one or more network services, and wherein the user device inhibits sending the token to obtain service from the set of one or more network services until all entries of the user credentials for the first user are verified as correct.
  - 5. The method of claim 1, wherein, the user device is an untrusted client, and the method further comprises:
    - after sending the service response authorized by the first portion to the user device, receiving the second portion of the user credentials for the first user; and
      
      when the second portion of the user credentials is valid, then determining, by the hardware processor, to send a further service response authorized by the second portion and a token to the user device,wherein the service response authorized by the first portion and the further service response authorized by the second portion each provide a different level of access control to the first user,wherein the further service response authorized by the second portion is a more strict level of access control than that provided by the service response authorized by the first portion, andwherein the token is data that is used by the first user to obtain service from a set of one or more network services.

6. A method comprising:
- receiving, by a hardware processor of a user device, first data that indicates a first portion of user credentials for a first user but not a second portion of the user credentials for the first user,wherein the first data is received in response to a sign-in prompt to the first user to provide the user credentials to authenticate the first user;
  
  before receiving second data that indicates the second portion of the user credentials for the first user, determining, by the hardware processor, to send a first message that indicates the first portion of the user credentials to a remote process that initiates authentication of the first user based on the first portion of the user credentials; and
  
  receiving a service response authorized by the first portion,wherein the receiving of the service response authorized by the first portion occurs before a submit button on the user device is activated to send the second portion of the user credentials from the user device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein, the service response authorized by the first portion provides access control to the first user, and when the user device is a trusted client, a level of access control provided to the first user that is authorized by the first portion is less strict than the level of access control provided to the user by the second portion.
  - 8. The method of claim 7, wherein, the service response authorized by the first portion is included in third data that is received by the user device, and the third data further includes a valid value for the second portion of the user credentials for the first user and a token that is used by the first user to obtain service from a set of one or more network services.
  - 9. The method of claim 6, wherein, when the user device is a trusted client, the service response authorized by the first portion is included in third data that is received by the user device, and the third data further includes a valid value for the second portion of the user credentials for the first user and a token that is used by the first user to obtain service from a set of one or more network services, wherein the method further comprises:
    - inhibiting sending the token from the user device to obtain service from the set of one or more network services until all entries of the user credentials for the first user are verified as correct.
  - 10. The method of claim 6, wherein, the user device is an untrusted client, and the method further comprises:
    - after receiving the service response authorized by the first portion, sending the second portion of the user credentials for the first user to the remote process; and
      
      receiving a further service response authorized by the second portion and a token,wherein the service response authorized by the first portion and the further service response authorized by the second portion each provide a different level of access control to the first user,wherein the further service response authorized by the second portion is a more strict level of access control than that provided by the service response authorized by the first portion, andwherein the token is data that is used by the first user to obtain service from a set of one or more network services.

11. An apparatus comprising:
- at least one hardware processor; and
  
  at least one memory including computer program code for one or more programs,the at least one memory and the computer program code configured to, with the at least one hardware processor, cause the apparatus to at least;
  
  receive first data that indicates a first portion of user credentials for a first user but not a second portion of the user credentials for the first user,wherein the first data is received in response to a sign-in prompt to the first user at a user device to provide the user credentials to authenticate the first user;
  
  before receiving second data that indicates the second portion of the user credentials for the first user, determine to send a first message that indicates the first portion of the user credentials to a remote process that initiates authentication of the first user based on the first portion of the user credentials; and
  
  receive a service response authorized by the first portion,wherein receiving of the service response authorized by the first portion occurs before a submit button on the user device is activated to send the second portion of the user credentials from the user device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11, wherein, the service response authorized by the first portion provides access control to the first user, and when the user device is a trusted client, a level of access control provided to the first user that is authorized by the first portion is less strict than the level of access control provided to the user by the second portion.
  - 13. The apparatus of claim 12, wherein, the service response authorized by the first portion is included in third data that is received by the user device, and the third data further includes a valid value for the second portion of the user credentials for the first user and a token that is used by the first user to obtain service from a set of one or more network services.
  - 14. The method of claim 11, wherein, when the user device is a trusted client, the service response authorized by the first portion is included in third data that is received by the user device, and the third data further includes a valid value for the second portion of the user credentials for the first user and a token that is used by the first user to obtain service from a set of one or more network services, wherein the apparatus is further caused to:
    - inhibit sending the token from the user device to obtain service from the set of one or more network services until all entries of the user credentials for the first user are verified as correct.
  - 15. The apparatus of claim 11, wherein, the user device is an untrusted client, and the apparatus is further caused to:
    - after receiving the service response authorized by the first portion, send the second portion of the user credentials for the first user to the remote process; and
      
      receive a further service response authorized by the second portion and a token,wherein the service response authorized by the first portion and the further service response authorized by the second portion each provide a different level of access control to the first user,wherein the further service response authorized by the second portion is a more strict level of access control than that provided by the service response authorized by the first portion, andwherein the token is data that is used by the first user to obtain service from a set of one or more network services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Fu, Yan, Asokan, Nadarajah, Aarni, Ville
Primary Examiner(s)
Lee, Jason

Application Number

US15/604,134
Publication Number

US 20170264437A1
Time in Patent Office

363 Days
Field of Search

726 5
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

Method and apparatus for accelerated authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for accelerated authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others