Device-specific authorization at distributed locations

US 10,320,806 B2
Filed: 09/09/2014
Issued: 06/11/2019
Est. Priority Date: 07/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request at a server from a client device via an access point, the request received via a first network, wherein the request identifies a network resource available from a second server via a second network, wherein the second server is distinct from the server, and wherein the second network is different than the first network;

responsive to the receiving the request, determining, at the server, whether access to the network resource is conditioned upon authentication;

transmitting an authentication request from the server to the client device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed;

receiving authentication information at the server from the client device, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed;

computing, at the server, a second result of the one-way hash function based on the authentication seed;

performing a first comparison of the first result to the second result;

in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the client device based on the access point;

determining whether the client device is permitted to access the second network from the location; and

in response to a second determination by the server that the client device is permitted to access the second network from the location, enabling, via the server, the client device to access the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving authentication information for a client device at a server. The authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret. The method includes computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location.

Citations

20 Claims

1. A method comprising:
- receiving a request at a server from a client device via an access point, the request received via a first network, wherein the request identifies a network resource available from a second server via a second network, wherein the second server is distinct from the server, and wherein the second network is different than the first network;
  
  responsive to the receiving the request, determining, at the server, whether access to the network resource is conditioned upon authentication;
  
  transmitting an authentication request from the server to the client device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed;
  
  receiving authentication information at the server from the client device, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed;
  
  computing, at the server, a second result of the one-way hash function based on the authentication seed;
  
  performing a first comparison of the first result to the second result;
  
  in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the client device based on the access point;
  
  determining whether the client device is permitted to access the second network from the location; and
  
  in response to a second determination by the server that the client device is permitted to access the second network from the location, enabling, via the server, the client device to access the second network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the determining whether the client device is permitted to access the second network from the location is based on a geographic location of the access point.
  - 3. The method of claim 2, wherein the geographic location includes global positioning system information, a fast-food restaurant location, a coffee shop location, a room identification, a room number, a room name, or a combination thereof.
  - 4. The method of claim 2, wherein information identifying the geographic location is received from the access point.
  - 5. The method of claim 1, wherein the one-way hash function includes a message-digest 2 function, a message-digest 4 function, a message-digest 5 function, a race integrity primitives evaluation message digest function, an abreast davies-meyer function, a davies-meyer function, a haval function, a gost hash function, a n-hash function, a secure hash algorithm, a snefru function, or a combination thereof.
  - 6. The method of claim 1, wherein the request is received by intercepting a message communicated from the first network to the second network.

7. A computer-readable storage device including instructions that, when executed by a processing system, cause the processing system to perform operations, the operations comprising:
- receiving a request from a computing device via an access point, the request received via a first network, wherein the request identifies a network resource available from a server via a second network, wherein the server is distinct from the processing system, and wherein the second network is different than the first network;
  
  responsive to the receiving the request, determining whether access to the network resource is conditioned upon authentication;
  
  transmitting an authentication request to the computing device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed;
  
  receiving, from the computing device, authentication information, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed;
  
  computing a second result of the one-way hash function based on the authentication seed;
  
  performing a first comparison of the first result to the second result;
  
  in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the computing device based on the access point;
  
  determining whether the computing device is permitted to access the second network from the location; and
  
  in response to a second determination that the computing device is permitted to access the second network from the location, enabling the computing device to access the second network.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The computer-readable storage device of claim 7, wherein the operations further comprise comparing an identifier of the network resource to an access control list, wherein access to the network resource is determined to not be conditioned upon authentication in response to the identifier being included in the access control list.
  - 9. The computer-readable storage device of claim 7, wherein the operations further comprise:
    - receiving a second request from the computing device, wherein the second request identifies a second network resource available on the second network; and
      
      transmitting the second request to the second network resource in response to determining that access to the second network resource is not conditioned upon authentication.
  - 10. The computer-readable storage device of claim 7, wherein the authentication request includes an authentication network address.
  - 11. The computer-readable storage device of claim 7, wherein the second result is further based on a shared secret of a plurality of shared secrets, and wherein the operations further comprise:
    - using the authentication seed and a different shared secret of the plurality of shared secrets to compute a new second result; and
      
      determining that the computing device is permitted access to the second network based on the first result matching the new second result and that the computing device is permitted network access.
  - 12. The computer-readable storage device of claim 7, wherein the authentication request comprises an extensible markup language document.
  - 13. The computer-readable storage device of claim 7, wherein the second result is further based on a media access control address of the computing device.
  - 14. The computer-readable storage device of claim 7, wherein the computing device comprises a cash register, a point of sale terminal, a smart card reader, a camera, a bar code reader, a radio frequency identification reader, a credit card reader, a remote order placing device, or a combination thereof.
  - 15. The computer-readable storage device of claim 7, wherein the computing device comprises a portable computer, a personal digital assistant, a mobile communication device, a wearable computing device, an internet device, or a combination thereof.

16. A system comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory includes program instructions executable by the processor to perform operations, the operations including;
  
  receiving a request from a computing device via an access point, the request received via a first network, wherein the request identifies a network resource available from a server via a second network, wherein the server is distinct from the processor, and wherein the second network is different than the first network;
  
  responsive to the receiving the request, determining whether access to the network resource is conditioned upon authentication;
  
  transmitting an authentication request to the computing device in response to determining that access to the network resource is conditioned upon authentication, wherein the authentication request includes an authentication seed;
  
  receiving authentication information from the computing device, wherein the authentication information includes a first result of a one-way hash function based on the authentication seed from the computing device;
  
  computing a second result of the one-way hash function based on the authentication seed;
  
  performing a first comparison of the first result to the second result;
  
  in response to a first determination based on the first comparison that the first result matches the second result, determining a location associated with the computing device based on the access point;
  
  determining whether the computing device is permitted to access the second network from the location; and
  
  in response to a second determination that the computing device is permitted to access the second network from the location, enabling the computing device to access the second network.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the determining whether the computing device is permitted to access the second network from the location is based on a geographic location of the access point.
  - 18. The system of claim 16, wherein the second network includes the Internet.
  - 19. The system of claim 16, wherein the operations further include transmitting a particular shared secret to the computing device.
  - 20. The system of claim 16, wherein the second result is based on a particular shared secret, and wherein the operations further include:
    - receiving a shared secret request for the particular shared secret from the computing device; and
      
      transmitting the particular shared secret to the computing device in response to the shared secret request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayport, Inc. (AT&T, Inc.)
Original Assignee
Wayport, Inc. (AT&T, Inc.)
Inventors
Keeler, James D., Melendez, John R.
Primary Examiner(s)
Nguyen, Trong H

Application Number

US14/481,376
Publication Number

US 20140380435A1
Time in Patent Office

1,736 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04W 12/06   Authentication

H04W 12/106   Packet or message integrity

H04W 8/26   Network addressing or numbe...

Device-specific authorization at distributed locations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device-specific authorization at distributed locations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links