System, method, apparatus and computer program product for facilitating digital communications

US 20050086492A1
Filed: 08/16/2004
Published: 04/21/2005
Est. Priority Date: 08/15/2003
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for securely accessing a computer from a client over a network comprising:

receiving credentials from a user, said credentials including a user identification and a password;

encrypting said credentials with an encryption process;

creating a request message for access to said computer, said request message including said encrypted credentials;

transmitting said request message over the network;

receiving a verification message that access to said computer is granted; and

accessing said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method and apparatus provides secured access to a computer. In one aspect of the present invention, credentials are received from a user, the credentials including a user identification and a password. The credentials are encrypted with an encryption algorithm. A request for access to a computer is created, the request for access to the computer including the encrypted credentials. The request for access to the computer is transmitted over a network. Verification is received that access to the computer is granted. Access to the computer is received.

108 Citations

View as Search Results

41 Claims

1. A computer-implemented method for securely accessing a computer from a client over a network comprising:
- receiving credentials from a user, said credentials including a user identification and a password;
  
  encrypting said credentials with an encryption process;
  
  creating a request message for access to said computer, said request message including said encrypted credentials;
  
  transmitting said request message over the network;
  
  receiving a verification message that access to said computer is granted; and
  
  accessing said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method recited in claim 1, wherein said encrypting step includes mapping said credentials to valid, encryptable characters using a character mapping table.
  - 3. The method recited in claim 1, wherein said encrypting step includes encrypting said credentials using a 256 bit key.
  - 4. The method recited in claim 1, wherein said encrypting step includes encrypting said credentials using a 128 bit seed.
  - 5. The method recited in claim 1, wherein said encrypting step includes encrypting said credentials using a seed including at least a portion of at least one of:
    - a client software identification number, a client session identification number, a client hardware identification number, and random bits.
  - 6. The method recited in claim 1, wherein said creating step includes appending at least one of a routing prefix or suffix to said encrypted user identification.
  - 7. The method recited in claim 3, further comprising:
    - updating said key periodically.
  - 8. The method recited in claim 7, wherein said updating step includes updating said key after accessing said computer.
  - 9. The method recited in claim 1, wherein said transmitting step includes transmitting said request message over said network using SSL, CHAP, or PAP.
  - 10. The method recited in claim 9, wherein said transmitting step includes transmitting said request message over said network using CHAP after algorithmically mixing a random number with said encrypted password with a one way hashing function.
  - 11. The method recited in claim 9, wherein said transmitting step includes transmitting said request message over said network using CHAP after algorithmically mixing a random number with said encrypted password with an MD-5 hashing function.
  - 12. The method recited in claim 1, wherein said transmitting step includes transmitting said request message over said network including at least one of:
    - dial-up, a local area network, Wi-Fi, wired roaming broadband, telecommuter broadband, 2.5G/3G wireless, GPRS, and PHS networks.
  - 13. The method recited in claim 1, wherein at least a portion of said network includes an Internet communication link.
  - 14. The method recited in claim 1, wherein at least a portion of said network includes a private data communication circuit.

15. A computer-implemented method for securely authenticating access to a computer from a client over a network comprising:
- receiving a request message for access to said computer from said client, said request message transmitted over said network, said request message including encrypted credentials, said encrypted credentials including an encrypted user identification and an encrypted password;
  
  decrypting said encrypted credentials to form decrypted credentials;
  
  verifying that said decrypted credentials are valid;
  
  sending a verification message to said client; and
  
  granting said client access to said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. The method recited in claim 15, wherein said verifying step includes verifying that said encrypted credentials are not a copy of previously presented credentials.
  - 17. The method recited in claim 15, wherein said decrypting step includes reverse mapping decrypted characters using a character mapping table.
  - 18. The method recited in claim 17, wherein said decrypting step includes decrypting said credentials using a 256 bit key.
  - 19. The method recited in claim 15, wherein said decrypting step includes decrypting said credentials using a 128 bit seed.
  - 20. The method recited in claim 15, wherein said decrypting step includes decrypting said credentials using a seed including at least a portion of at least one of:
    - a client software identification number, a client session identification number, a client hardware identification number, and random bits.
  - 21. The method recited in claim 18, further comprising:
    - updating said key and said character mapping table periodically.
  - 22. The method recited in claim 21, wherein said updating step includes transmitting said key and said character mapping table to said client after granting said client access to said computer.
  - 23. The method recited in claim 15, wherein said receiving step includes receiving said request message over said network using SSL, CHAP, or PAP.
  - 24. The method recited in claim 15, further comprising:
    - retrieving a cleartext password from a database;
      
      encrypting said password based on contents of said request message to form a second encrypted password;
      
      algorithmically mixing a random number with said second encrypted password using a hashing function to form a hashed password;
      
      verifying said hashed password matches said encrypted password contained in said request message;
  - 25. The method recited in claim 15, wherein said receiving step includes receiving said request message over said network including at least one of:
    - dial-up, a local area network, Wi-Fi, wired roaming broadband, telecommuter broadband, 2.5G/3G wireless, GPRS, and PHS networks.
  - 26. The method recited in claim 15, wherein at least a portion of said network includes an Internet communication link.
  - 27. The method recited in claim 15, wherein at least a portion of said network includes a private data communication circuit.

28. A computer program product including a computer storage medium and a computer program code mechanism embedded in the computer storage medium for securely accessing a computer from a client over a network, the computer code mechanism comprising:
- a computer code device configured to receive credentials from a user, said credentials including a user identification and a password;
  
  a computer code device configured to encrypt said credentials with an encryption process;
  
  a computer code device configured to create a request message for access to said computer, said request message including said encrypted credentials;
  
  a computer code device configured to transmit said request message over the network;
  
  a computer code device configured to receive a verification message that access to said computer is granted; and
  
  a computer code device configured to access said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.

29. A computer program product including a computer storage medium and a computer program code mechanism embedded in the computer storage medium for securely authenticating access to a computer from a client over a network, the computer code mechanism comprising:
- a computer code device configured to receive a request message for access to said computer from said client, said request message transmitted over said network, said request message including encrypted credentials, said encrypted credentials including an encrypted user identification and an encrypted password;
  
  a computer code device configured to decrypt said encrypted credentials to form decrypted credentials;
  
  a computer code device configured to verify that said decrypted credentials are valid;
  
  a computer code device configured to send a verification message to said client; and
  
  a computer code device configured to grant said client access to said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.

30. An apparatus for securely accessing a computer from a client over a network comprising:
- means for receiving credentials from a user, said credentials including a user identification and a password;
  
  means for encrypting said credentials with an encryption process;
  
  means for creating a request message for access to said computer, said request message including said encrypted credentials;
  
  means for transmitting said request message over the network;
  
  means for receiving a verification message that access to said computer is granted; and
  
  a data access mechanism configured to access data stored on said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.

31. An apparatus for securely authenticating access to a computer from a client over a network comprising:
- means for receiving a request message for access to said computer from said client, said request message transmitted over said network, said request message including encrypted credentials, said encrypted credentials including an encrypted user identification and an encrypted password;
  
  means for decrypting said encrypted credentials to form decrypted credentials;
  
  means for verifying that said decrypted credentials are valid;
  
  means for sending a verification message to said client; and
  
  means for granting said client access to said computer, wherein said user identification and said user password remain encrypted when transmitted over said network.

32. An apparatus for securely accessing a computer from a client over a network comprising:
- an input/output device configured to receive credentials from a user, said credentials including a user identification and a password;
  
  an encryption mechanism configured to encrypt said credentials with an encryption process; and
  
  a processor including a request message generation mechanism configured to create a request message for access to said computer, said request message including said encrypted credentials, wherein said input/output device is configured to transmit said request message over the network and receive a verification message that access to said computer is granted, and said user identification and said user password remain encrypted when transmitted over said network.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The apparatus recited in claim 32, wherein said encryption mechanism is configured to encrypt said credentials using a 256 bit key.
  - 34. The apparatus recited in claim 32, wherein said encryption mechanism is configured to encrypt said credentials using a 128 bit seed.
  - 35. The apparatus recited in claim 32, wherein said input/output device is configured to transmit said request message over said network using SSL, CHAP, or PAP.
  - 36. The apparatus recited in claim 32, wherein said input/output device is configured to transmit said request message over said network including at least one of:
    - dial-up. a local area network, Wi-Fi, wired roaming broadband, telecommuter broadband, 2.5G/3G wireless, GPRS, and PHS networks.

37. An apparatus for securely authenticating access to a computer from a client over a network comprising:
- an input/output device configured to receive a request message for access to said computer from said client, said request message transmitted over said network, said request message including encrypted credentials, said encrypted credentials including an encrypted user identification and an encrypted password;
  
  a decryption mechanism configured to decrypt said encrypted credentials to form decrypted credentials; and
  
  a processor including a verification mechanism configured to verify that said decrypted credentials are valid, wherein said input/output device configured to send a verification message to said client, said processor includes access control mechanism configured to grant said client access to said computer, and said user identification and said user password remain encrypted when transmitted over said network.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The apparatus recited in claim 37, wherein said decryption mechanism is configured to decrypt said credentials using a 256 bit key.
  - 39. The apparatus recited in claim 37, wherein said decryption mechanism is configured to decrypt said credentials using a 128 bit seed.
  - 40. The apparatus recited in claim 37, wherein said input/output device is configured to receive said request message over said network using SSL, CHAP, or PAP.
  - 41. The apparatus recited in claim 37, wherein said input/output device is configured to receive said request message over said network including at least one of:
    - dial-up, a local area network, Wi-Fi, wired roaming broadband, telecommuter broadband, 2.5G/3G wireless, GPRS, and PHS networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Pappano, Joseph E., Bluestone, Derek, Adams, Clinton, Pressman, Howard M., Nicodemus, Blair Gaver

Application Number

US10/918,363
Publication Number

US 20050086492A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 12/2898   Subscriber equipments DSL m...

H04L 63/0272   Virtual private networks

H04L 63/0414   during transmission, i.e. p...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 69/16   Implementation or adaptatio...

H04L 69/168   specially adapted for link ...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 74/00   Wireless channel access

System, method, apparatus and computer program product for facilitating digital communications

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

41 Claims

Specification

Use Cases

Quick Links

Others

System, method, apparatus and computer program product for facilitating digital communications

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

41 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others