SYSTEM AND METHOD FOR PROVIDING AUTOMATIC REGISTRATION
WITH DUAL AUTHENTICATION FOR WIRELESS DEVICES
FIELD OF INVENTION
[0001] The invention is in the field of enabling automatic registration of a user
from an application running in a Portable Computing Devices (PCD) including a
mobile terminal.
BACKGROUND
[0002] Wireless or other service providers currently cater to a growing demand for
superior user experience. Currently, whenever users want to register themselves
for a service from an application running on their PCD, there is a need to go
through a two - step or multiple step manual process. This exercise is often time
consuming and error-prone. Most of the services provided by an application provider
are left untouched by users because of either time constraints, or cumbersome
registration processes.
[0003] Current registration processes also do not account for dual authentication,
and security may be compromised. For example, a registration request in one step
generates a security token via SMS from an application running on a PCD. A user
may use an application running on another PCD to complete a second step of the
registration for entering the received security token. This leaves security holes in
the registration process.
SUMMARY
[0004] Accordingly, it is a general object of the present invention to provide a novel
and useful method and system for simplifying user registration process for
application providers using dual authentication from a Portable Computing Device
(P CD).
[0005] Another object of the invention is to provide a platform to automatically
register user from an application running in varied network technologies. Another
object of the invention is to ensure that the user uses the same PCD that was
originally initiated to start the registration process and completing the registration
2
using the application running on the same PCD. Yet another object of the invention
is to enable the easier registration using dual authentication in a range of PCDs
operating on various platforms.
[0006] In another embodiment, a Messaging Request Sender Module configured to
automatically transmit a request to get a security token from server network. A
Registration Request Handler receives generates and sends the security token back
to the PCD. The Security Token Receiver Module intercepts the incoming security
token without user intervention. The Registration Request Processor Module
provides a common mechanism to send across this registration to the User
Authentication Engine of the Mobile Server Platform. The Automatic Registration
Dual Authentication Unit is configured to complete registration from an application
in any type of mobile terminal in a single instance 1 interaction.
[0007] The Automatic Registration Dual Authentication Unit (ARDAU) sends a
request to get security token and later intercepting and interpreting received
security token to complete the registration or activation process from any
application. The whole process is very simple for a user, who may just need to click
a register link only once. A send request for security token message is performed
automatically by Messaging Request Sender Module (MRSM). Similarly a response
received for security token message is performed automatically by Security Token
Receiver Module (STRM). A Registration Request Processor Module (RRPM) sends
the registration information along with security token to a User Authentication
Engine (UAE) to complete the registration request. One advantage of the described
embodiments is that it brings about easy registration in mobile stations using dual
authentication without any user intervention or minimal intervention I interaction.
[0008] Other objects, features, and advantage of the present invention will become
apparent from the following detailed description.
BRIEF DESCRIPTION OF DRAWINGS
[0009]A more detailed understanding may be had from the following description,
given by way of example in conjunction with the accompanying drawings wherein:
2 5 JUL 2011
[0010] FIG. 1A is a system diagram of an example communications system in which
one or more disclosed embodiments may be implemented;
[0011]FIG. 1B is a system diagram of an example portable communication device
(PCD) / user equipment (UE) that may be used within the communications system
illustrated in FIG. 1A;
[0012] FIG. 1C is a system diagram of an example radio access network and an
example core network that may be used within the communications system
illustrated in FIG. 1A;
[0013]FIG. 2 illustrates an overall structure of an Automatic Registration Dual
Authentication System (ARDAU);
[0014] FIG. 3 is a system diagram of an example PCD with the ARDAU illustrated
in FIG. 2, and that may be used within the communication system illustrated in
FIG. 1A;
[0015] FIG. 4 is a flow diagram illustrating a method of registration of an
application using the structure as described in FIG.2;
[0016] FIG. 5 is a flow diagram illustrating a user registration from an application
by integrating with a messaging system gateway and mobile server platform
modules; and
[0017] FIG. 6 is a flow diagram illustrating steps performed for registering an
application.
DETAILED DESCRIPTION
[0018] FIG. 1A is a diagram of an example communications system 100 in which
one or more disclosed embodiments may be implemented. The communications
system 100 may be a multiple access system that provides content, such as voice,
data, video, messaging, broadcast, etc., to multiple wireless users. The
communications system 100 may enable multiple wireless users to access such
content through the sharing of system resources, including wireless bandwidth. For
example, the communications systems 100 may employ one or more channel access
methods, such as code division multiple access (CDMA), time division multiple
2 5 JUL 2014
access (TDMA), frequency division multiple access (FDMA), orthogonal FDMA
(OFDMA), single-carrier FDMA (SCFDMA), and the like.
[0019] As shown in FIG. LA, the communications system 100 may include portable
communication devices (PCDs) 102a, 102b, 102c, 102d, a radio access network
(RAN) 104, a core network 106, a public switched telephone network (PSTN) 108,
the Internet 110, and other networks 112, though it will be appreciated that the
disclosed embodiments contemplate any number of PCDs, base stations, networks,
andlor network elements. Each of the PCDs 102a, 102b, 102c, 102d may be any type
of device configured to operate andlor communicate in a wireless environment. By
way of example, the PCDs 102a, 102b, 102c, 102d may be configured to transmit
andlor receive wireless signals and may include user equipment (UE), a mobile
station, a fixed or mobile subscriber unit, a pager, a cellular telephone, a personal
digital assistant (PDA), a smartphone, a laptop, a netbook, a personal computer, a
wireless sensor, consumer electronics, and the like.
[0020] The communications system 100 may also include a base station 114a and a
base station 114b. Each of the base stations 114a, 114b may be any type of device
configured to wirelessly interface with at least one of the PCDs 102a, 102b, 102c,
102d to facilitate access to one or more communication networks, such as the core
network 106, the Internet 110, andlor the other networks 112. By way of example,
the base stations 114a, 114b may be a base transceiver station (BTS), a Node-B, an
eNode B, a Home Node B, a Home eNode B, a site controller, an access point (AP), a
wireless router, and the like. While the base stations 114a, 114b are each depicted
as a single element, it will be appreciated that the base stations 114a, 114b may
include any number of interconnected base stations andlor network elements.
[0021] The base station 114a may be part of the RAN 104, which may also include
other base stations andlor network elements (not shown), such as a base station
controller (BSC), a radio network controller (RNC), relay nodes, etc. The base
station 114a andlor the base station 114b may be configured to transmit and/or
receive wireless signals within a particular geographic region, which may be
referred to as a cell (not shown). The cell may further be divided into cell sectors.
For example, the cell associated with the base station 114a may be divided into
three sectors. Thus, in one embodiment, the base station 114a may include three
transceivers, i.e., one for each sector of the cell. In another embodiment, the base
station 114a may employ multiple-input multiple output (MIMO) technology and,
therefore, may utilize multiple transceivers for each sector of the cell.
[0022] The base stations 114a, 114b may communicate with one or more of the
PCDs 102a, 102b, 102c, 102d over an air interface 116, which may be any suitable
wireless communication link (e.g., radio frequency (RF), microwave, infrared (IR),
ultraviolet 0v,isible light, etc.). The air interface 116 may be established using
any suitable radio access technology (RAT).
[0023] More specifically, as noted above, the communications system 100 may be a
multiple access system and may employ one or more channel access schemes, such
as CDMA, TDMA, FDMA, OFDMA, SC-FDMA, and the like. For example, the base
station 114a in the RAN 104 and the PCDs 102a, 102b, 102c may implement a radio
technology such as Universal Mobile Telecommunications System (UMTS)
Terrestrial Radio Access (UTRA), which may establish the air interface 116 using
wideband CDMA (WCDMA). WCDMA may include communication protocols such
as High-Speed Packet Access (HSPA) and/or Evolved HSPA (HSPA+). HSPA may
include High-Speed Downlink Packet Access (HSDPA) and/or High-Speed Uplink
Packet Access (HSUPA).
[0024] In another embodiment, the base station 114a and the PCDs 102a, 102b,
102c may implement a radio technology such as Evolved UMTS Terrestrial Radio
Access (E-UTRA), which may establish the air interface 116 using Long Term
Evolution (LTE) and 1 or LTE-Advanced (LTE-A).
[0025] In other embodiments, the base station 114a and the PCDs 102a, 102b, 102c
may implement radio technologies such as IEEE 802.16 ( i . . , Worldwide
Interoperability for Microwave Access (WiMAX)), CDMA2000, CDMA2000 lX,
CDMA2000 EV-DO, Interim Standard 2000 (IS-2000), Interim Standard 95 (IS-95),
Interim Standard 856 (IS-856), Global System for Mobile communications (GSM),
Enhanced Data rates for GSM Evolution (EDGE), GSM EDGE ( G E R A N ) , -t~h~e ~
like.
[0026] The base station 114b in FIG. 1A may be a wireless router, Home Node B,
Home eNode B, or access point, for example, and may utilize any suitable RAT for
facilitating wireless connectivity in a localized area, such as a place of business, a
home, a vehicle, a campus, and the like. In one embodiment, the base station 114b
and the PCDs 102c, 102d may implement a radio technology such as IEEE 802.11 to
establish a wireless local area network (WLAN). In another embodiment, the base
station 114b and the PCDs 102c, 102d may implement a radio technology such as
IEEE 802.15 to establish a wireless personal area network (WPAN). In yet another
embodiment, the base station 114b and the PCDs 102c, 102d may utilize a cellular
based RAT (e.g., WCDMA, CDMA2000, GSM, LTE, LTE-A, etc.) to establish a
picocell or femtocell. As shown in FIG. LA, the base station 114b may have a direct
connection to the Internet 110. Thus, the base station 114b may not be required to
access the Internet 110 via the core network 106.
[0027] The RAN 104 may be in communication with the core network 106, which
may be any type of network configured to provide voice, data, applications, and/or
voice over internet protocol (VoIP) services to one or more of the PCDs 102a, 102b,
102c, 102d. For example, the core network 106 may provide call control, billing
services, mobile location-based services, pre-paid calling, Internet connectivity,
video distribution, etc., and/or perform high-level security functions, such as user
authentication. Although not shown in FIG. lA, it will be appreciated that the RAN
104 and/or the core network 106 may be in direct or indirect communication with
other RANs that employ the same RAT as the RAN 104 or a different RAT. For
example, in addition to being connected to the RAN 104, which may be utilizing an
E-UTRA radio technology, the core network 106 may also be in communication with
another RAN (not shown) employing a GSM radio technology.
[0028] The core network 106 may also serve as a gateway for the PCDs 102a, 102b,
102c, 102d to access the PSTN 108, the Internet 110, and 1 or other networks 112.
The PSTN 108 may include circuit-switched telephone networks that provide plain
5 ,dub 28\1 old telephone service (POTS). The Internet 110 may include a global &ste o
interconnected computer networks and devices that use common communication
protocols, such as the transmission control protocol (TCP), user datagram protocol
(UDP) and the internet protocol (IP) in the TCPIIP internet protocol suite. The
other networks 112 may include wired or wireless communications networks owned
and / or operated by other service providers. For example, the other networks 112
may include another core network connected to one or more RANs, which may
employ the same RAT as the RAN 104 or a different RAT.
[0029] Some or all of the PCDs 102a, 102b, 102c, 102d in the communications
system 100 may include multi-mode capabilities, i.e., the PCDs 102a, 102b, 102c,
102d may include multiple transceivers for communicating with different wireless
networks over different wireless links. For example, the PCD 102c shown in FIG.
1A may be configured to communicate with the base station 114a, which may
employ a cellular-based radio technology, and with the base station 114b, which
may employ an IEEE 802 radio technology.
[0030] FIG. 1B is a system diagram of an example PCD 102. As shown in FIG. lB,
the PCD 102 may include a processor 118, a transceiver 120, a transmit I receive
element 122, a speaker 1 microphone 124, a keypad 126, a display 1 touchpad 128,
non-removable memory 130, removable memory 132, a power source 134, a global
positioning system (GPS) chipset 136, and other peripherals 138. It will be
appreciated that the PCD 102 may include any sub-combination of the foregoing
elements while remaining consistent with an embodiment.
[0031] The processor 118 may be a general purpose processor, a special purpose
processor, a conventional processor, a digital signal processor (DSP), a plurality of
microprocessors, one or more microprocessors in association with a DSP core, a
controller, a microcontroller, Application Specific Integrated Circuits (ASICs), Field
Programmable Gate Array (FPGAs) circuits, any other type of integrated circuit
(IC), a state machine, and the like. The processor 118 may perform signal coding,
data processing, power control, input 1 output processing, and / or any other
functionality that enables the PCD 102 to operate in a wireless environment. The
2 5 JUL 2014
processor 118 may be coupled to the transceiver 120, which may be coupled to the
transmit / receive element 122. In one embodiment, the an ARDAU unit is
configured with the processor 118. While FIG. 1B depicts the processor 118 and the
transceiver 120 as separate components, it will be appreciated that the processor
118 and the transceiver 120 may be integrated together in an electronic package or
chip.
[0032] The transmit I receive element 122 may be configured to transmit signals to,
or receive signals from, a base station (e.g., the base station 114a) over the air
interface 116. For example, in one embodiment, the transmit / receive element 122
may be an antenna configured to transmit and / or receive RF signals. In another
embodiment, the transmit / receive element 122 may be an emitter / detector
configured to transmit and / or receive IR, UV, or visible light signals, for example.
In yet another embodiment, the transmit / receive element 122 may be configured to
transmit and receive both RF and light signals. It will be appreciated that the
transmit / receive element 122 may be configured to transmit and / or receive any
combination of wireless signals.
[0033] In addition, although the transmit / receive element 122 is depicted in
FIG.1B as a single element, the PCD 102 may include any number of transmit I
receive elements 122. More specifically, the PCD 102 may employ MIMO
technology. Thus, in one embodiment, the PCD 102 may include two or more
transmit / receive elements 122 (e.g., multiple antennas) for transmitting and
receiving wireless signals over the air interface 116.
[0034] The transceiver 120 may be configured to modulate the signals that are to
be transmitted by the transmit / receive element 122 and to demodulate the signals
that are received by the transmit / receive element 122. As noted above, the PCD
102 may have multi-mode capabilities. Thus, the transceiver 120 may include
multiple transceivers for enabling the PCD 102 to communicate via multiple RATS,
such as UTRA and IEEE 802.11, for example.
[0035] The processor 118 of the PCD 102 may be coupled to, and may receive user
input data from, the speaker / microphone 124, the keypad 126, and / or the display
/ touchpad 128 (e.g., a liquid crystal display (LCD) display unit or organic light
emitting diode (OLED) display unit). The processor 118 may also output user data
to the speaker I microphone 124, the keypad 126, and / or the display I touchpad
128. In addition, the processor 118 may access information from, and store data in,
any type of suitable memory, such as the non-removable memory 130 and I or the
removable memory 132. The non-removable memory 130 may include randomaccess
memory (RAM), read-only memory (ROM), a hard disk, or any other type of
memory storage device. The removable memory 132 may include a subscriber
identity module (SIM) card, a memory stick, a secure digital (SD) memory card, and
the like. In other embodiments, the processor 118 may access information from, and
store data in, memory that is not physically located on the PCD 102, such as on a
server or a home computer (not shown).
[0036] The processor 118 may receive power from the power source 134, and may
be configured to distribute and I or control the power to the other components in the
PCD 102. The power source 134 may be any suitable device for powering the PCD
102. For example, the power source 134 may include one or more dry cell batteries
(e.g., nickel-cadmium (NiCd), nickel-zinc (NiZn), nickel metal hydride (NiMH),
lithiumion (Li-ion), etc.), solar cells, fuel cells, and the like.
[0037] The processor 118 may also be coupled to the GPS chipset 136, which may
be configured to provide location information (e.g., longitude and latitude) regarding
the current location of the PCD 102. In addition to, or in lieu of, the information
from the GPS chipset 136, the PCD 102 may receive location information over the
air interface 116 from a base station (e.g., base stations 114a, 114b) and I or
determine its location based on the timing of the signals being received from two or
more nearby base stations. It will be appreciated that the PCD 102 may acquire
location information by way of any suitable location-determination method while
remaining consistent with an embodiment.
[0038] The processor 118 may further be coupled to other peripherals 138, which
may include one or more software and I or hardware modules that provide
additional features, functionality andlor wired or wireless connectivity. For
example, the other peripherals 138 may include an accelerometer, an e lokp!3!& J0'l
satellite transceiver, a digital camera (for photographs or video), a universal serial
bus (USB) port, a vibration device, a television transceiver, a hands free headset, a
BluetoothTM module, a frequency modulated (FM) radio unit, a digital music player,
a media player, a video game player module, an Internet browser, and the like.
[0039] FIG. 1C is a system diagram of the RAN 104 and the core network 106
according to an embodiment. As noted above, the RAN 104 may employ an E-UTRA
radio technology to communicate with the PCDs 102a, 102b, 102c over the air
interface 116. The RAN 104 may also be in communication with the core network
106.
[0040] The RAN 104 may include eNode-Bs 140a, 140b, 140c, though it will be
appreciated that the RAN 104 may include any number of eNode-Bs while
remaining consistent with an embodiment. The eNode-Bs 140a, 140b, 140c may
each include one or more transceivers for communicating with the PCDs 102a, 102b,
102c over the air interface 116. In one embodiment, the eNode-Bs 140a, 140b, 140c
may implement MIMO technology. Thus, the eNode-B 140a, for example, may use
multiple antennas to transmit wireless signals to, and receive wireless signals from,
the PCD 102a.
[0041] Each of the eNode-Bs 140a, 140b, 140c may be associated with a particular
cell (not shown) and may be configured to handle radio resource management
decisions, handover decisions, scheduling of users in the uplink and/or downlink,
and the like. As shown in FIG. lC, the eNode-Bs 140a, 140b, 140c may communicate
with one another over an X2 interface.
[0042] The core network 106 shown in FIG. 1C may include a mobility
management gateway (MME) 142, a serving gateway 144, and a packet data
network (PDN) gateway 146. While each of the foregoing elements are depicted as
part of the core network 106, it will be appreciated that any one of these elements
may be owned and/or operated by an entity other than the core network operator.
[0043] The MME 142 may be connected to each of the eNode-Bs 140a, 140b, 140c in
the RAN 104 via an S1 interface and may serve as a control node. For example, the
(--JRJ .w r,-pJAL
2 5 JUL 2014
c- fP""\ &JfP""J\ &n\ ivC I b El. A 3
MME 142 may be responsible for authenticating users of the PCDs 102a, 102b,
102~b)e arer activatioddeactivation, selecting a particular serving gateway during
an initial attach of the PCDs 102a, 102b) 102c, and the like. The MME 142 may also
provide a control plane function for switching between the RAN 104 and other
RANs (not shown) that employ other radio technologies, such as GSM or WCDMA.
[0044] The serving gateway 144 may be connected to each of the eNode-B's 140a,
140b, 140c in the RAN 104 via the S l interface. The serving gateway 144 may
generally route and forward user data packets to 1 from the PCDs 102a, 102b, 102c.
[0045] The serving gateway 144 may also perform other functions, such as
anchoring user planes during inter-eNode-B handovers, triggering paging when
downlink data is available for the PCDs 102a, 102b, 102c, managing and storing
contexts of the PCDs 102a, 102b, 102c, and the like.
[0046] The serving gateway 144 may also be connected to the PDN gateway 146,
which may provide the PCDs 102a, 102b, 102c with access to packet-switched
networks, such as the Internet 110, to facilitate communications between the PCDs
102a, 102b, 102c and IP-enabled devices.
[0047] The core network 106 may facilitate communications with other networks.
For example, the core network 106 may provide the PCDs 102a, 102b, 102c with
access to circuit-switched networks, such as the PSTN 108, to facilitate
communications between the PCDs 102a, 102b, 102c and traditional land-line
communications devices. For example, the core network 106 may include, or may
communicate with, an IP gateway (e-g., an IP multimedia subsystem OMS) server)
that serves as an interface between the core network 106 and the PSTN 108. In
addition, the core network 106 may provide the PCDs 102a, 102b, 102c with access
to the other networks 112, which may include other wired or wireless networks that
are owned andlor operated by other service providers.
[0048] Embodiments described herein discuss a method for registering new user
using applications running on a Portable Computing Device (PCD). Users of PCDs,
such as a PCD including a mobile terminal, or a wireless transmit receive unit, or a
user equipment, are increasingly opting for the convenience of using their device for
accessing services via mobile applications offered by service providers. Typically
application providers require users to register before using the mobile application
and its services. Users need to go through a multi-step / manual process of
registration. In one step, user may be required to provide their phone number along
with other information. The application provider then sends a unique code back to
the user provided phone number via a short messaging service (SMS). In another
step, a user may need to read the SMS, and enter it manually to complete the
registration process within a certain time period. This may cause a challenge and
inconvenience to a novice user for using the mobile application.
[0049] Earlier mechanisms that dealt with this issue for controlling the rights
and/or behavior of applications were also problematic and required user input at
multiple stages. In one such mechanism, at least some of the messages generated
by an application resided in a terminal and destined for a communication network,
were diverted to an independent controlling entity also residing in the terminal. In
the controlling entity, the messages were controlled before being transmitted to the
network. Depending on the application and its behavior in the terminal, the control
entity could modify the messages or even prevent their sending to the network. The
modification may include inserting control data, such as a digest, which could be
used to authenticate the application. However, this has a disadvantage that the
controlling entity resided in the terminal itself and that messaging was controlled.
[0050] In another earlier mechanism, a device was required to be authenticated
separately before an application could be authenticated. In this mechanism,
authentication of a client device utilized remote multiple access to a server device
that included multiple authenticating devices, positioned within a client device, and
within a server device. This mechanism has a problem that multiple authenticating
devices are required for authentication of: first a communication terminal, and then
an application residing on the communication terminal.
[0051]In another earlier mechanism, for providing secure access to a target server
by a client apparatus over an IP network, utilized receiving an IP request from the
client apparatus destined for the target server, sending a request for authentication
information to the client, receiving the requested authenticated information,
performing a validation process for the authentication information, and passing on
the IP request from the client to the target server and returning data from the
target server to the client dependent upon the outcome of the validation process.
This process is dependent upon a specific protocol to be followed and is not platform
or device independent.
[0052]These problems as described in the earlier methods 1 mechanisms are
overcome using the described embodiments.
[0053] In one embodiment described, a mechanism to automatically register a new
user using dual authentication from an application in any PCD or user equipment is
provided. This mechanism may be configured appropriately for faster registration
in any application supported by a PCD capable of running an application.
[0054] In another embodiment, a use of dual authentication mechanism of sending
and receiving a SMS - text message to and from a SMS gateway and using that
unique code to complete the registration process from the application running on a
PCD is provided. The registration process is completed using a single click and
provides an automated way of completing the registration process without
intervention by a user-for all types of mobile terminals from very low-end models to
highly sophisticated ones.
[0055] The problems as described are address by providing an Automatic user
registration system for users, service providers, and application providers. The
system, running on the PCD communicates with external systems involved to
complete the registration process. A Mobile Server Platform (MSP) provides a
"Security Token" for each SMS registration request coming from the PCD.
[0056] The embodiments described automatically request an application provider's
SMSC gateway to generate a security token. Once the security token is received,
the system automatically uses this security token to complete the registration with
the application providers back end systems. A user may simply click an "Activate"
or "Register" button from a mobile application. After entering the registration
information, the embodiment Automatic Registration Dual Authentication Unit
OF,-.~ -?t- y -lp A- 2 5 JUL 2011
"3 a sn.; ,.+ -
.lr 2-h-v -l 6 s ; $L* a (ARDAU), processes the registration request in the PCD. The Messaging Request
Sender Module (MRSM) embedded in the ARDAU sends a request to the SMS
gateway.
[0057] The Security Token Receiver Module (STRM) intercepts the message
received from the SMS gateway and invokes a Registration Request Processor
Module (RRPM). The embedded RRPM makes registration request to Mobile Server
Platform (MSP) to complete the registration process by sending the security token
along with the registration information. This process of registering a user and
device from an application makes is comparatively easier for novice users. The
described auto registration method also assists service providers by providing a
common platform to reach all networks.
[0058] FIG.2 represents an overall structure of entire Automatic Registration Dual
Authentication System. It also shows the flow of communication between the
different parts of the described embodiments. The embodiments described for the
automatic registration system are denoted in four separate modules: a Registration
Request Initiator Module @RIM), Registration Request Processor Module @RPM),
Messaging Request Sender Module (MRSM) and Security Token Receiver Module
(STRM).
[0059] FIG. 3 illustrates a PCD, and includes a processor [Pr(c)] (that may be but
not limited to a CPU or microchip), a Memory Device [MD(c)] (that may be but not
limited to a RAM or other suitable computing memory), a communication
interface[CI (c)], a storage module [SM (c)], input 1 output port interfaces [IOP (c)],
an expansion port interface [EpI (c)], a graphic user interface (GUI), an input/
output device (IOD),an application library (AL), an operating system [OS( c)] and an
Automatic Registration Dual Authentication Unit (ARDAU).
[0060] The ARDAU contains four separate modules: Registration Request Initiator
Module (RRIM), Registration Request Processor Module (RRPM), Messaging
Request Sender Module (MRSM) and Security Token Receiver Module (STRM)
designed to initiate and complete the registration request by interacting with an
application provider network.
[0061] FIG. 4 diagrammatically represents the work flow during the registration
phase. When the registration request is initiated from an application the ARDAU
takes control and processes the request. It first interacts with the SMS gateway to
get the security token. Upon receiving the security token, ARDAU interfaces with
Mobile Server Platform (MSP) to complete the registration process.
[0062] Figure 5 shows the flow diagram of user registration from an application by
integrating with SMS gateway and Mobile Server Platform modules. The RRIM
accepts user registration request by allowing user to enter registration information.
The RRPM takes this request and invokes MRSM. The MRSM sends a security
token request via SMS to a pre-configured short code. The SMS gateway forwards
this request to RRH. The RRH authenticates this request by looking at the user
phone number and generates a security token. The security token is send back to
SMS gateway to deliver it to PCD. The STRM intercepts the security token sent by
SMS gateway. The STRM notifies the RRPM that security token is available for this
registration request. The RRPM module then sends a registration request to UAE
with registration details and security token. The RRH processes this information by
authenticating using the previously send security token for this phone number.
Once authentication is successful it completes the registration and sends the
confirmation for this process which is handled by RRPM.
[0063] In one embodiment, the system described is used to auto complete user
registration using dual authentication from an application installed on a PCD. The
ARDAU is embedded in a client application along with other application module to
discover services. The client application, when downloaded, is installed and stored
in the Storage Module found in the PCD. When a user is ready to register from an
application, the user may click on a register or activate link which invokes the
ARDAU module.
[0064] Security Token Request Phase: There are multiple ways to complete the
security token generation request by application provider. In one embodiment as
depicted in FIG. 5, a user's phone number is pre-registered in the application
provider's database. In this case, RRH first authenticates if user's phone number is
valid or not by looking in the database. Once validation is complete it generates the
security token and sends it back to PCD via SMS gateway.
[0065] In another embodiment, the RRH may choose not to authenticate the user's
phone number if it is pre-registered or not pre-registered in the application
provider's database. Instead it directly generates the security token and sends it
back to the PCD via a SMS gateway.
[0066] A request to send the security token may also follow different routes to
accommodate various types of mobile terminals, and their method of working for
affecting different types of security token request is also provided.
[0067] In one embodiment, the MRSM sends encoded or plain text SMS (Short
Message Service) message to request for security token to SMS gateway. The client
PCD that is compatible with SMS technology to send SMS message. In another
embodiment, the MRSM may choose to send a WAP (Wireless Application Protocol)
Push message to request for security token to WAP gateway. The client PCD is
compatible with WAP push technology to send WAF' push message.
[0068]In another embodiment, the MRSM may choose to send security token
request message to gateway via different channels depending upon the supported
platform of the PCD. This includes but not limited to Apple Push Notification
Service (APNS) for iOS devices, Cloud to Device Messaging Framework (C2DM) for
Android devices and Microsoft Push Notification Service (MPNS) for Windows
Phone Devices.
[0069] Security Token Intercept phase: During the intercept phase the
embodiment, as depicted in figure4, intercepts the SMS message received from the
SMS gateway. After receiving an SMS, the STRM intercepts and parses the security
token. Optionally, the security token is deleted so that it is not stored in the PCD.
The STRM invokes RRPM with this security token. The RRPM sends security token
and optionally, the user's registration request information to mobile server platform
module UAE. The UAE validates the provided security token against the
previously stored security token for this user's requested phone number. If it
matches then it completes the registration.
[0070] Similar to security token request sent from MRSM, the response received in
STRM as security token may follow different routes to accommodate various types
of mobile terminals and their method of working is also provided.
[0071] In one such embodiment, the STRM receives encoded or plain text SMS
(Short Message Service) message that consists of security token from SMS gateway.
The SMS message is intercepted by STRM and used by RPM to complete the
registration.
[0072] In another method, the STRM receives WAP (Wireless Application Protocol)
message that consists of security token from WAP gateway. The WAP message is
intercepted by STRM and used by RRPM to complete the registration.
[0073] The STRM may receive message that consists of security token via different
channels depending upon the supported platform of the PCD. This includes but not
limited to Apple Push Notification Service (APNS) for iOS devices, Cloud to Device
Messaging Framework (C2DM) for Android devices and Microsoft Push Notification
Service (MPNS) for Windows Phone Devices. The message is intercepted by STRM
and used by PPM to complete the registration.
[0074] The network interaction functions as processed by the MRSM, are done by
integrating the working of the SMS, USSD, WAP push, SMS , APNS, C2DM, MPNS
formats. The functioning of the STRM is not limited to SMS, WAP push, APNS,
CBDM, MPNS formats, and could any other standard based format. The MRSM
module is operated based on an user input and the user input is not limited to
keypad, touchpad, touch screen, or voice commands and gestures.
[0075]FIG.6 describes a flow diagram of the process followed by a PCD or a
messaging gateway to authenticate and register an application. Either a PCD or a
gateway may receive a request for a security token. This request may be generated
in response to either a user input or directly by a device. In response to the request,
a security token is generated. In another embodiment, a set of security tokens may
be pre-generated. The generated security token is then sent to the requesting
device or the gateway. The received token is then authenticated. This
authentication may be done using a pre-existing system including a subscriber
identification module (SIM) or by any other method for authentication. In response
to a successful authentication, registration information is sent with the security
token. The device or the gateway, then registers an application and send a
confirmation of the successful registration to the original requesting device. In
another embodiment, only a successful registration confirmation may be sent. In
another embodiment, the selected applications may be pre-registered but may
require only an authentication. For others, the applications themselves might be
pre-authenticated but may require only a registration.
[0076]In another embodiment, it is possible that the ARDAU and it's constituents
are a part of a messaging gateway. When the ARDAU is a part of a messaging
gateway, it would be apparent that the flows as described would be reversed and an
application authenticated directly from the messaging gateway.
[0077]It would be apparent to one skilled in the art that the various embodiments
described herein are platform and technology independent.
[0078] EMBODIMENTS: An embodiment for registering and authenticating an
application on a portable computing device (PCD), including a receiving a request
step to get a security token from the application, interpreting the received security
token, authenticating the application based on the interpretation of the received
security token. An embodiment as in the preceding embodiment where the
interpretation and authentication of the received security token is performed at an
Automatic Registration Dual Authentication Unit (ARDAU). An embodiment as in
any of preceding embodiments wherein the ARDAU includes a Messaging Request
Sender Module (MRSM), a Security Token Receiver Module (STRM), a Registration
Request Processor Module (RRPM), and a User Authentication Engine (UAE). An
embodiment as in any of preceding embodiment, where the registering and
authentication is platform and technology independent.
[0079] Although features and elements are described above in particular
combinations, one of ordinary skill in the art will appreciate that each feature or
element can be used alone or in any combination with the other features and
elements. In addition, the methods described herein may be implemented in a
computer program, software, or firmware incorporated in a computer-readable
medium for execution by a computer or processor. Examples of computer-readable
media include electronic signals (transmitted over wired or wireless connections)
and computer readable storage media. Examples of computer-readable storage
media include, but are not limited to, a read only memory (ROM), a random access
memory (RAM), a register, cache memory, semiconductor memory devices, magnetic
media such as internal hard disks and removable disks, magneto-optical media, and
optical media such as CD-ROM disks, and digital versatile disks (DVDs). A
processor in association with software may be used to implement a radio frequency
transceiver for use in a PCD, UE, terminal, base station, RNC, or any host
computer.
CLAIMS
I claim 1 We claim:
1. A method for registering and authenticating an application on a portable
computing device (PCD), including a processor, a memory, and configurable
application specific integrated circuits (ASICS), comprising:
receiving a request to get a security token from the application;
receiving the security token from a messaging gateway;
interpreting the received security token; and
authenticating the application based on the interpretation of the
received security token.
2. The method of claim 1, wherein the interpretation and authentication of the
received security token is performed at an Automatic Registration Dual
Authentication Unit (ARDAU).
3. The method of claim 2, wherein the ARDAU includes:
a Messaging Request Sender Module (MRSM);
a Security Token Receiver Module (STRM);
a Registration Request Processor Module (RRPM); and
a User Authentication Engine (UAE).
4. The method of claim 1, wherein the request to get a security token originates
from an application installed on the PCD.
5. The method of claim 1, wherein the request to get a security token is
performed by a Messaging Request Sender Module (MRSM).
2 5 JUL ?o\i
6. The method of claim 1, wherein the security token is received at a Security
Token Receiver Module (STRM).
7. The method of claim 1, wherein a Registration Request Processor Module
(RRPM) is configured to send registration information associated with the
application with security token to a User Authentication Engine (UAE) to complete
the registration and authentication process.
8. The method of claim 3, wherein the order of processing a request to register
and authenticate an application is technology and platform independent.
9. The method of claim 3, wherein the order of processing a request to register
and authenticate an application is technology dependent, and depends on a
configuration of service provider messaging gateway.
10. The method of claim 9, wherein the configuration of the service provider
messaging gateway is based on a channel access method including any of: code
division multiple access (CDMA), time division multiple access (TDMA), frequency
division multiple access (FDMA), orthogonal FDMA (OFDMA), single-carrier FDMA
(SCFDMA), or any other method.
11. A portable computing device (PCD), for registering and authenticating an
application, the PCD including a processor, a memory, and configurable application
specific integrated circuits (ASICS) comprising:
receiving a request to get a security token from the application generated by
a Messaging Request Sender Module (MRSM);
receiving the security token from a messaging gateway by a Security Token
Receiver Module (STRM);
2 5 JUL 2014
O K i ~ ~ALNb
interpreting the received security token at a Registration Request Processor
Module (RRPM), and sending registration information associated with an
application with the security token for further processing; and
authenticating the application based on the interpretation of the received
security token at a User Authentication Engine (UAE).
12. The PCD ofclaim 11, wherein the MRSM, the STRM, the RRPM, and the
UAE are configured within an Automatic Registration Dual Authentication Unit
(ARDAU) .
13. The PCD of claim 11, configured as a part of a messaging gateway.
14. The PCD of claim 11, wherein the PCD registers and authenticates
application in a platform and technology independent manner.
15. The method of claim 3, implemented at a messaging gateway.
Dated this the 25 July, 2014
(Jp+
rima Sahney)
Agent for the Applicant
Of Saikrishna & Associates