Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Web History | Sign in

Patents

A two-factor network authentication system uses “something you know” in the form of a password/Pin and “something you have” in the form of a key token. The password is encrypted in a secure area of the USB device and is protected from brute force attacks. The key token includes authentication credentials. Users cannot authenticate without the key token. Four distinct authentication elements that the must be present. The first element is a global unique identifier that is unique to each key. The second is a private credential generated from the online service provider that is stored in a secure area of the USB device. The third element is a connection profile that is generated from the online service provider. The fourth element is a credential that is securely stored with the online service provider. The first two elements create a unique user identity. The second two elements create mutual authentication.

InventorsJustin M. Beck, Chad L. Swensen
Original AssigneeSWEET SPOT SOLUTIONS, INC.
Current U.S. Classification713/159

View patent at USPTO
Search USPTO Assignment Database
Download USPTO Public PAIR data

Referenced by

Citing PatentFiling dateIssue dateOriginal AssigneeTitle
US7979512Nov 7, 2008Jul 12, 2011Microsoft CorporationService delivery online
US8205098Feb 25, 2008Jun 19, 2012Microsoft CorporationSecure and usable protection of a roamable credentials store
US8209744May 16, 2008Jun 26, 2012Microsoft CorporationMobile device assisted secure computer network communication
US8239679Nov 19, 2009Aug 7, 2012Tencent Technology (Shenzhen) Company LimitedAuthentication method, client, server and system

Claims

1. Secure electronic device networks comprising:

A plurality of independent networks;

Each independent network having a plurality of end user devices attachable to the network forming nodes thereof, each end user device having input plugs for coupling accessories thereto;

A network managing system which includes authenticating the end user devices attached to the network;

A plurality of authenticating keys, with each key attachable to an input plug of an end user device, each key containing a validation certificate therein and constructed to establish a virtual private network tunnel between at least a portion of the network managing system and the key, whereby the presence of a current validation certificate on a key coupled to the end users device may be validated prior to granting access to the network.

2. The secure electronic device networks as claimed in claim 1 wherein each key attaches to a universal serial bus port of the end user device.

3. The secure electronic device networks as claimed in claim 2 wherein the network managing system utilizes at least one additional network access validating tool which is distinct from the authenticating keys for access to the networks.

4. The secure electronic device networks as claimed in claim 3 wherein the network managing system utilizes at least one of a user inputted Personal Identification Number and a user inputted password.

5. The secure electronic device networks as claimed in claim 1 wherein selective end user devices may be coupled to multiple local networks each key adaptable for use with authentication of the multiple networks.

6. The secure electronic device networks as claimed in claim 5 wherein each key includes password management software thereon

7. The secure electronic device networks as claimed in claim 1 wherein each key further includes network protection software.

8. The secure electronic device networks as claimed in claim 1 wherein at least one independent network is a Wi-Fi network.

9. The secure electronic device networks as claimed in claim 1 wherein each key further includes a personal profile on an individual's key that grant privileges on the network associated with the particular user to whom the key is assigned.

10. The secure electronic device networks as claimed in claim 1 wherein end user devices is coupled to the local networks via the internet.

11. An authenticating key for access of an end users electronic device to a plurality of independent networks each having a network management system, the authenticating key comprising a key attachment mechanism which is attachable to an input plug of an end user device, each key configured to create a communication link between the network management system of each selected independent network and the key, wherein the communication between the network management system for the selected network and the key is not preconfigured on the end user device, each key further containing a validation certificate therein unique to the selected network, wherein the network can verify the presence of a current validation certificate on the key for that network coupled to the end users device through the communication link prior to granting access to the selected network.

12. The authenticating key claimed in claim 11 wherein each key further includes network protection software.

13. The authenticating key claimed in claim 11 wherein each key attaches to a universal serial bus port of the end user device.

14. The authenticating key as claimed in claim 13 wherein each key is a USB port flash drive.

15. The authenticating key as claimed in claim 11 wherein each key includes password management software.

16. The authenticating key as claimed in claim 11 wherein each key further includes a personal profile on an individual's key that grant privileges on the networks associated with the particular user to whom the key is assigned.

17. The authenticating key as claimed in claim 16 wherein each key is on the order of 1″ to 5″ in length and includes indicia thereon.

18. A token based authentication system for network management and security of online networks comprising:

authenticating key tokens for access of end user devices to at least one online end user device network, the authenticating key comprising a key attachment mechanism which is attachable to an input plug of an end user device, each key further containing at least one validation certificate therein associated with an specific end user device network, wherein the validation certificate includes a global identifier specific to the user and a private credential private credential specific to the associated end user device network; and

a network management system associated with the at least one online end user device network, wherein the network management system can verify the presence of a current validation certificate on the key coupled to the end users device prior to granting access to the associated online end user device network.

19. The token based authentication system for network management and security of online networks according to claim 18 wherein each validation certificate of each key that is associated with a specific end user device network further includes a connection profile associated with the specific end user device network; and wherein a private credential for the specific network is stored remote from the key, and wherein the connection profile associated with the specific end user device network and the private credential for the specific network combine to form a mutual, two way authentication for the system.

20. The token based authentication system for network management and security of online networks according to claim 18 wherein each key includes a plurality of validation certificates with each certificate containing a common global identifier specific to the user.

Drawings