Zero sign-on authentication

US 10,616,628 B2
Filed: 10/25/2018
Issued: 04/07/2020
Est. Priority Date: 12/31/2009
Status: Active Grant

First Claim

Patent Images

1. A method of providing zero sign-on (ZSO) authentication comprising:

determining an access request from a first device requesting access to a service associated with a service provider, the access request being transmitted using signaling through an access point;

determining a location for the access point as a function of information included within the access request;

determining a level of trust for a second device determined to be at the location; and

enabling the first device ZSO authentication sufficient to access the service if the level of trust is sufficient and denying the first device or operating system ZSO authentication if the level of trust is insufficient.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticating system and process for authenticating user devices to a access a service where access to certain portions of the service may be limited according to a access point or other device used by a user device to facilitate interfacing a user with the service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.

Citations

20 Claims

1. A method of providing zero sign-on (ZSO) authentication comprising:
- determining an access request from a first device requesting access to a service associated with a service provider, the access request being transmitted using signaling through an access point;
  
  determining a location for the access point as a function of information included within the access request;
  
  determining a level of trust for a second device determined to be at the location; and
  
  enabling the first device ZSO authentication sufficient to access the service if the level of trust is sufficient and denying the first device or operating system ZSO authentication if the level of trust is insufficient.
- View Dependent Claims (2, 3, 4, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 further comprising providing the first device ZSO authentication by enabling the first device access to the service without requiring the user to contemporaneously input a username and password combination to access the service.
  - 3. The method of claim 2 further comprising providing the first device sign-on (SO) authentication sufficient to access the service when the level of trust is insufficient for ZSO authentication.
  - 4. The method of claim 2 further comprising determining the level of trust for the second device as a function of a credential transmitted to the service provider via signaling sent independently of the access point.
  - 9. The method of claim 1 further comprising:
    - receiving a nonce signed by the second device via signaling transmitted from the first device through the access point; and
      
      determining the level of trust for the second device as a function of information associated with the nonce if a signature of the nonce is verified to be that of the second device.
  - 10. The method of claim 9 further comprising:
    - determining a port being used by the second device to listen for messages carried over a network at the location; and
      
      directing the first device to transmit the nonce to the port for signature by the second device.
  - 11. The method of claim 10 wherein the access point provides network address translation (NAT) for the network such that the first and second devices are each assigned a unique inside address when communicating over the network and a same outside address when communicating outside of the network, the access request being transmitted through the access point outside of the network.
  - 12. The method of claim 1 further comprising selecting the second device from a plurality of devices, each of the plurality of devices being associated with an Internet Protocol (IP) address used by the access point to facilitate signaling over an outside network operating independently of an inside network connecting the first and second devices to the access point.
  - 13. The method of claim 12 further comprising determining the IP addresses for the plurality of devices as a function of signaling initiated with a dial home application operating thereon, the dial home application instructing the plurality of devices to contact the service provider for the purposes of determining the IP address.

5. The method of 1 further comprising determining the level of trust for the second device as a function of information included within a credential transmitted therefrom.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5 further comprising receiving the credential within signaling transmitted from the second device to the service provider through the access point.
  - 7. The method of claim 5 further comprising receiving the credential through signaling transmitted independently of the access point.
  - 8. The method of claim 7 further comprising receiving the credential through signaling transmitted over a private network of the service provider, the access point being unable to facilitate signaling over the private network.

14. A non-transitory computer-readable medium having a plurality of instructions executable with a processor to facilitate providing zero sign-on (ZSO) authentication, the plurality of instructions being sufficient for:
- determining an access request from a first application requesting access to a service associated with a service provider, the access request being transmitted through a device;
  
  determining a location for the device as a function of information included within the access request;
  
  determining a level of trust for a second application determined to be at the location; and
  
  enabling the first application ZSO authentication sufficient to access the service if the level of trust is sufficient and denying the first application ZSO authentication if the level of trust is insufficient.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer-readable medium of claim 14 further comprising instructions sufficient for:
    - instructing the first application to request the second application to sign a nonce provided from the first application for purposes of generating a signed nonce;
      
      instructing the first application to transmit the signed nonce; and
      
      verifying the signed nonce as having been previously signed by the second application before determining the level of trust to be sufficient for the ZSO authentication.
  - 16. The non-transitory computer-readable medium of claim 14 further comprising instructions sufficient for:
    - determining a credential from the second application; and
      
      determining the level of trust for the second application as a function of information included within the credential.
  - 17. The non-transitory computer-readable medium of claim 14 further comprising instructions sufficient for:
    - determining a nonce communicated from the first application, the nonce being previously signed by the second application; and
      
      determining the level of trust for the second application as a function of information associated with the nonce if a signature of the nonce is verified to be that of the second application or the second operating system.

18. A method for conferring authorizations to access content comprising:
- determining a first device requiring an authorization to access content;
  
  determining an access point utilized by the first device to request access to the content;
  
  determining a second device having the authorization being at a location associated with the access point; and
  
  conferring the authorization of the second device to the first device to enable the first device access to the content.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 further comprising:
    - determining a third device at the location additionally requesting access to the content;
      
      determining a number of devices conferred the authorization of the second device; and
      
      conferring the authorization of the second device to the third device if the number is less than a threshold.
  - 20. The method of claim 19 further comprising determining the threshold to be proportional a level of trust determined for the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Durbha, Seetharama R., Marcia, Oscar, Hoggan, Stuart, Krauss, Simon
Primary Examiner(s)
Doan, Duyen M

Application Number

US16/170,690
Publication Number

US 20190069012A1
Time in Patent Office

530 Days
Field of Search

709203, 709225
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/1012   to domains

H04L 47/70   Admission control; Resource...

H04L 61/256   NAT traversal

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

H04L 65/1023   Media gateways

H04N 21/25816   involving client authentica...

H04N 21/25841   involving the geographical ...

Zero sign-on authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Zero sign-on authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links