Dynamic passcodes in association with a wireless access point

US 10,313,351 B2
Filed: 02/22/2016
Issued: 06/04/2019
Est. Priority Date: 02/22/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

during a usage period of a first passcode that enables access to a network and for an initial access request during the usage period for each user device that sends a valid access request to access the network based on the first passcode during the usage period, adding, at an access point, an identifier of the user device to a device list for the first passcode;

after expiration of the first passcode, receiving, at the access point, a first access request from a first device, the first access request encrypted based on the first passcode;

in response to the first access request and before expiration of a usage time of the device list for the first passcode, determining at the access point, whether an identifier of the first device is included in the device list for the first passcode; and

in response to the determining indicating that the identifier of the first device is included in the device list for the first passcode;

generating, at the access point, data representing a second passcode by encrypting the second passcode based on the first passcode;

sending the data representing the second passcode to the first device from the access point; and

removing, at the access point, the identifier for the first device from the device list for the first passcode.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes, after expiration of a first passcode, receiving, at an access point, a first access request from a first device. The first access request may be encrypted based on the first passcode. The method further includes determining whether an identifier of the first device is included in a device list associated with the first passcode. The device list includes identifiers of devices that accessed the access point using encryption based on the first passcode before the expiration of the first passcode. The method also includes, in response to a determination that the identifier of the first device is included in the device list generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode. The method further includes sending the data representing the second passcode to the first device from the access point.

25 Citations

View as Search Results

20 Claims

1. A method comprising:
- during a usage period of a first passcode that enables access to a network and for an initial access request during the usage period for each user device that sends a valid access request to access the network based on the first passcode during the usage period, adding, at an access point, an identifier of the user device to a device list for the first passcode;
  
  after expiration of the first passcode, receiving, at the access point, a first access request from a first device, the first access request encrypted based on the first passcode;
  
  in response to the first access request and before expiration of a usage time of the device list for the first passcode, determining at the access point, whether an identifier of the first device is included in the device list for the first passcode; and
  
  in response to the determining indicating that the identifier of the first device is included in the device list for the first passcode;
  
  generating, at the access point, data representing a second passcode by encrypting the second passcode based on the first passcode;
  
  sending the data representing the second passcode to the first device from the access point; and
  
  removing, at the access point, the identifier for the first device from the device list for the first passcode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - before the expiration of the first passcode, receiving a second access request from the first device, the second access request encrypted based on the first passcode;
      
      determining, based on the second access request, whether the identifier of the first device is included in a trusted devices list; and
      
      in response to the trusted devices list including the identifier of the first device, enabling the identifier of the first device to be included in the device list for the first passcode.
  - 3. The method of claim 2, wherein the trusted devices list includes identifiers of devices designated as trusted devices by an administrator of a local area network supported by the access point.
  - 4. The method of claim 2, further comprising, in response to expiration of the usage time of the device list for the first passcode:
    - removing, from the trusted devices list, first identifiers corresponding to the identifiers in the device list; and
      
      inhibiting subsequent access to the device list for the first passcode.
  - 5. The method of claim 4, wherein the inhibiting subsequent access to the device list for the first passcode comprises deleting the device list for the first passcode from a memory of the access point.
  - 6. The method of claim 2, further comprising, in response to the trusted devices list not including the identifier of the first device, blocking addition of the identifier of the first device to the device list for the first passcode.
  - 7. The method of claim 1, further comprising, after the expiration of the first passcode and during the usage time of the device list for the first passcode:
    - receiving, at the access point, a second access request from a second device, the second access request encrypted based on the first passcode; and
      
      in response to a second determination that an identifier of the second device is not included in the device list for the first passcode, denying the second access request.
  - 8. The method of claim 1, further comprising, after the expiration of the first passcode and the expiration of the usage time of the device list for the first passcode:
    - receiving a second access request, the second access request based on the first passcode; and
      
      denying the second access request.
  - 9. The method of claim 1, further comprising:
    - receiving, from a device associated with an administrator of a local area network supported by the access point, an indication to add a particular device to a trusted devices list for devices configured to generate updated passcodes; and
      
      responsive to the indication, sending passcode generation data to the particular device, wherein the passcode generation data enables the particular device to generate a valid passcode based on a previously valid passcode.
  - 10. The method of claim 1, wherein the access point generates the second passcode by applying a polynomial to the first passcode.

11. A system comprising:
- a processor of an access point;
  
  a memory coupled to the processor, the memory including instructions executable by the processor to perform operations, the operations including;
  
  during a usage period of a first passcode that enables access to a network and for an initial access request during the usage period for each user device that sends a valid access request to access the network based on the first passcode during the usage period, adding an identifier of the user device to a device list for the first passcode;
  
  after expiration of the first passcode, receiving, from a first device, a first access request to access a local area network, the first access request encrypted based on the first passcode;
  
  in response to the first access request and before expiration of a usage time of the device list for the first passcode, determining whether an identifier of the first device is included in the device list for the first passcode; and
  
  in response to the determining indicating that the identifier of the first device is included in the device list for the first passcode;
  
  generating data representing a second passcode by encrypting the second passcode based on the first passcode;
  
  sending the data representing the second passcode to the first device; and
  
  removing, at the access point, the identifier for the first device from the device list for the first passcode.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein the operations further include:
    - receiving, from a device associated with a network administrator of the local area network, a first instruction to add an identifier associated with a second device to a trusted devices list; and
      
      based on the first instruction, adding the identifier of the second device to the trusted devices list.
  - 13. The system of claim 11, wherein the operations further include:
    - receiving, from a device associated with a network administrator of the local area network, a first instruction to add an identifier associated with a third device to a trusted devices list for devices configured to generate updated passcodes; and
      
      based on the first instruction, sending first passcode generation data to the third device, wherein the first passcode generation data enables the third device to generate a valid passcode based on a previously valid passcode.
  - 14. The system of claim 13, wherein the operations further include:
    - in response to a determination to remove an entry for a particular device from the trusted devices list for devices configured to generate updated passcodes;
      
      sending second passcode generation data to each device identified in the trusted devices list after removal of the entry for the particular device from the trusted devices list; and
      
      generating a new passcode using the second passcode generation data and a previous passcode, wherein the new passcode cannot be generated using the first passcode generation data and the previous passcode.

15. A processor-readable storage device storing instructions that, when executed by a processor of an access point, cause the processor to perform operations, the operations comprising:
- during a usage period of a first passcode that enables access to a network and for an initial access request during the usage period for each user device that sends a valid access request to access the network based on the first passcode during the usage period, adding an identifier of the user device to a device list for the first passcode;
  
  after expiration of the first passcode, receiving a first access request from a first device, the first access request encrypted based on the first passcode;
  
  in response to the first access request and before expiration of a usage time of the device list for the first passcode, determining whether that an identifier of the first device is included in the device list for the first passcode; and
  
  in response to the determining indicating that the identifier of the first device is included in the device list for the first passcode;
  
  generating data representing a second passcode by encrypting the second passcode based on the first passcode;
  
  sending the data representing the second passcode to the first device; and
  
  removing, at the access point, the identifier for the first device from the device list for the first passcode.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The processor-readable storage device of claim 15, wherein the operations further comprise:
    - before the expiration of the first passcode, receiving a second access request from the first device, the second access request encrypted based on the first passcode;
      
      determining, based on the second access request, whether the identifier of the first device is included in a trusted devices list; and
      
      in response to the trusted devices list including the identifier of the first device, enabling the identifier of the first device to be included in the device list for the first passcode.
  - 17. The processor-readable storage device of claim 16, wherein the operations further comprise:
    - in response to expiration of the usage time of the device list for the first passcode;
      
      removing, from the trusted devices list, first identifiers corresponding to the identifiers in the device list for the first passcode; and
      
      inhibiting subsequent access to the device list for the first passcode.
  - 18. The processor-readable storage device of claim 15, wherein the operations further comprise, in response to the determining that the identifier of the first device is included in the device list for the first passcode, deleting an entry associated with the first device from the device list for the first passcode.
  - 19. The processor-readable storage device of claim 15, wherein the first access request is a portion of a handshake procedure.
  - 20. The processor-readable storage device of claim 15, wherein each device identified in the device list for the first passcode is also identified in a trusted devices list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.), AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Meredith, Sheldon Kent, Cottrill, William, Hilliard, Brandon B.
Primary Examiner(s)
Schmidt, Kari L

Application Number

US15/049,773
Publication Number

US 20170244712A1
Time in Patent Office

1,198 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/101   Access control lists [ACL]

H04L 63/108   when the policy decisions a...

H04L 9/0891   Revocation or update of sec...

H04L 9/3228   One-time or temporary data,...

H04L 9/3268   using certificate validatio...

H04W 12/06   Authentication

H04W 12/08   Access security

Dynamic passcodes in association with a wireless access point

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic passcodes in association with a wireless access point

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links