Authorization and authentication of user access to a distributed network communication system with roaming features

US 20030233580A1
Filed: 01/14/2003
Published: 12/18/2003
Est. Priority Date: 05/29/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, the method comprising:

using client software on a client computer to perform a get operation on a server, wherein the client computer is communicatively coupled to a first access point;

in response to the get operation, returning an activation response message to the client software on the client computer from the network provider, wherein the activation response message comprises a router address;

the client software sending a username and a password to the network provider at the router address, wherein the username and password are usable to authorize access to the network for a user account;

sending the username and password from the network provider to a roaming partner;

the roaming partner determining whether the user account is authenticated;

sending an authentication response from the roaming partner to the network provider;

if the authentication response indicates that the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and

if the authentication response indicates that the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing roaming access on a network are disclosed. The network includes a plurality of wireless and/or wired access points. A user may access the network by using client software on a client computer (e.g., a portable computing device) to initiate an access procedure. In response, a network management device operated by a network provider may return an activation response message to the client. The client may send the user'"'"'s username and password to the network provider. The network provider may rely on a roaming partner, another network provider with whom the user subscribes for internet access, for authentication of the user. Industry-standard methods such as RADIUS, CHAP, or EAP may be used for authentication. The providers may exchange pricing and service information and account information for the authentication session. A customer may select a pricing and service option from a list of available options.

174 Citations

72 Claims

1. A method for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, the method comprising:
- using client software on a client computer to perform a get operation on a server, wherein the client computer is communicatively coupled to a first access point;
  
  in response to the get operation, returning an activation response message to the client software on the client computer from the network provider, wherein the activation response message comprises a router address;
  
  the client software sending a username and a password to the network provider at the router address, wherein the username and password are usable to authorize access to the network for a user account;
  
  sending the username and password from the network provider to a roaming partner;
  
  the roaming partner determining whether the user account is authenticated;
  
  sending an authentication response from the roaming partner to the network provider;
  
  if the authentication response indicates that the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and
  
  if the authentication response indicates that the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and password to an authentication authority.
  - 3. The method of claim 1, further comprising:
    - the network provider billing the roaming partner for access to the network by the user account.
  - 4. The method of claim 1, wherein the activation response message is returned to the client software as an HTTP redirect message.
  - 5. The method of claim 1, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 6. The method of claim 5, wherein the authorization response comprises a logoff address which is usable by the client software to initiate a logoff for the user account.

7. A method for providing access to a network, the method comprising:
- using client software at a first access point on the network to send an access request to a network provider;
  
  the network provider returning a network address to the client software in response to the access request;
  
  the client software sending a username and a password to the network provider at the network address, wherein the username and password correspond to a user account;
  
  sending the username and password from the network provider to a roaming partner;
  
  the roaming partner determining whether the user account is authenticated;
  
  if the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and
  
  if the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and password to an authentication authority.
  - 9. The method of claim 7, further comprising:
    - the network provider billing the roaming partner for access to the network by the user account.
  - 10. The method of claim 7, wherein the network address is returned to the client software with an HTTP redirect message.
  - 11. The method of claim 7, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 12. The method of claim 11, wherein the authorization response comprises a logoff address which is usable by the client software to initiate a logoff for the user account.

13. A system comprising:
- a network, wherein a network provider and a roaming partner are communicatively coupled to the network;
  
  a plurality of access points coupled to the network, wherein at least one of the plurality of access points is operable to communicate with a client computer, wherein the client computer stores client software which is executable by the client computer;
  
  wherein the client software is executable by the client computer to perform a get operation on a server;
  
  wherein the network provider is configured to return an activation response message to the client software in response to the get operation, wherein the activation response message comprises a router address;
  
  wherein the client software is executable by the client computer to send a username and a password to the network provider at the router address, wherein the username and password are usable to authorize access to the network for a user account;
  
  wherein the network provider is configured to send the username and password to the roaming partner;
  
  wherein the roaming partner is configured to determine whether the user account is authenticated and send an authentication response to the network provider;
  
  wherein the network provider is configured to authorize access to the network for the user account if the authentication response indicates that the user account is authenticated by the roaming partner; and
  
  wherein the network provider is configured to deny access to the network for the user account if the authentication response indicates that the user account is not authenticated by the roaming partner.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and password to an authentication authority.
  - 15. The system of claim 13, wherein the network provider is operable to bill the roaming partner for access to the network by the user account.
  - 16. The system of claim 13, wherein the activation response message is returned to the client software as an HTTP redirect message.
  - 17. The system of claim 13, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 18. The system of claim 17, wherein the authorization response comprises a logoff address which is usable by the client software to initiate a logoff for the user account.

19. A system comprising:
- a network, wherein a network provider and a roaming partner are communicatively coupled to the network;
  
  a plurality of access points coupled to the network, wherein at least one of the plurality of access points is operable to communicate with a client computer, wherein the client computer stores client software which is executable by the client computer;
  
  wherein the client software is executable by the client computer to send an access request to the network provider;
  
  wherein a network provider is configured to return a network address to the client software in response to the get operation;
  
  wherein the client software is executable by the client computer to send a username and a password to the network provider at the network address, wherein the username and password correspond to a user account;
  
  wherein the network provider is configured to send the username and password to the roaming partner;
  
  wherein the roaming partner is configured to determine whether the user account is authenticated;
  
  wherein the network provider is configured to authorize access to the network for the user account if the user account is authenticated by the roaming partner; and
  
  wherein the network provider is configured to deny access to the network for the user account if the user account is not authenticated by the roaming partner.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and password to an authentication authority.
  - 21. The system of claim 19, wherein the network provider is operable to bill the roaming partner for access to the network by the user account.
  - 22. The system of claim 19, wherein the network address is returned to the client software as an HTTP redirect message.
  - 23. The system of claim 19, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 24. The system of claim 23, wherein the authorization response comprises a logoff address which is usable by the client software to initiate a logoff for the user account.

25. A carrier medium comprising program instructions for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, wherein the program instructions are computer-executable to implement:
- performing a get operation on a server using client software on a client computer to, wherein the client computer is communicatively coupled to a first access point;
  
  in response to the get operation, returning an activation response message to the client software on the client computer from the network provider, wherein the activation response message comprises a router address;
  
  sending a username and a password from the client software to the network provider at the router address, wherein the username and password are usable to authorize access to the network for a user account;
  
  sending the username and password from the network provider to a roaming partner, wherein the roaming partner is configured to determine whether the user account is authenticated;
  
  the network provider receiving an authentication response from the roaming partner;
  
  if the authentication response indicates that the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and
  
  if the authentication response indicates that the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The carrier medium of claim 25, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and password to an authentication authority.
  - 27. The carrier medium of claim 25, wherein the program instructions are computer-executable to implement:
    - the network provider billing the roaming partner for access to the network by the user account.
  - 28. The carrier medium of claim 25, wherein the activation response message is returned to the client software as an HTTP redirect message.
  - 29. The carrier medium of claim 25, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 30. The carrier medium of claim 29, wherein the authorization response comprises a logoff address which is usable by the client software to initiate a logoff for the user account.

31. A carrier medium comprising program instructions for providing access to a network, wherein the program instructions are computer-executable to implement:
- sending an access request to a network provider from client software at a first access point on the network;
  
  returning a network address from the network provider to the client software in response to the access request;
  
  sending a username and a password from the client software to the network provider at the network address, wherein the username and password correspond to a user account;
  
  sending the username and password from the network provider to a roaming partner, wherein the roaming partner is configured to determine whether the user account is authenticated;
  
  if the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and
  
  if the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The carrier medium of claim 31, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and password to an authentication authority.
  - 33. The carrier medium of claim 31, wherein the program instructions are computer-executable to implement:
    - the network provider billing the roaming partner for access to the network by the user account.
  - 34. The carrier medium of claim 31, wherein the network address is returned to the client software with an HTTP redirect message.
  - 35. The carrier medium of claim 31, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 36. The carrier medium of claim 35, wherein the authorization response comprises a logoff address which is usable by the client software to initiate a logoff for the user account.

37. A method for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, the method comprising:
- using client software on a client computer to perform a get operation on a server, wherein the client computer is communicatively coupled to a first access point;
  
  the network provider sending pricing and service option information to a roaming partner, wherein the pricing and service option information comprises a plurality of pricing and service options for access to the network;
  
  selecting a plurality of the pricing and service options to display to a user;
  
  displaying the selected pricing and service options to the user;
  
  receiving user input comprising a user selection of one of the pricing and service options; and
  
  sending the user-selected pricing and service option to the roaming partner.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
- - 38. The method of claim 37, wherein the pricing and service options comprise at least one option for minute-by-minute access.
  - 39. The method of claim 37, wherein the pricing and service options comprise at least one option for hourly access.
  - 40. The method of claim 37, wherein the pricing and service options comprise at least one option for byte-based access.
  - 41. The method of claim 37, wherein at least one of the pricing and service options comprises a maximum bandwidth limit.
  - 42. The method of claim 37, wherein at least one of the pricing and service options comprises a maximum time limit.
  - 43. The method of claim 37, further comprising:
    - the network provider monitoring network usage according to the user-selected pricing and service option.
  - 44. The method of claim 37, further comprising:
    - the network provider billing the roaming partner for access to the network according to the user-selected pricing and service option.

45. A method for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, the method comprising:
- using client software on a client computer to communicate with a network access controller coupled to a first access point;
  
  a roaming partner sending account information for a customer to the network access controller; and
  
  the network provider enabling service for the customer based on the account information sent by the roaming partner.
- View Dependent Claims (46, 47, 48)
- - 46. The method of claim 45, wherein the account information comprises a username and a password for the customer.
  - 47. The method of claim 45, wherein the account information comprises usage restrictions for the customer.
  - 48. The method of claim 45, the network provider calculating a maximum amount of access time available on the first access point for a prepaid card, wherein the prepaid card is associated with the account information;
    - and the network provider ending the user session when the maximum amount of access time is reached.

49. A system comprising:
- a network, wherein a network provider and a roaming partner are communicatively coupled to the network;
  
  a plurality of access points coupled to the network, wherein at least one of the plurality of access points is operable to communicate with a client computer, wherein the client computer stores client software which is executable by the client computer;
  
  wherein the client software is executable by the client computer to perform a get operation on a server;
  
  wherein the network provider is configured to send pricing and service option information to the roaming partner, wherein the pricing and service option information comprises a plurality of pricing and service options for access to the network;
  
  wherein the roaming partner is configured to select a plurality of the pricing and service options to display to a user;
  
  wherein the client software is executable by the client computer to display the selected pricing and service options to the user;
  
  wherein the client software is executable by the client computer to receive user input comprising a user selection of one of the pricing and service options; and
  
  wherein the network provider is configured to send the user-selected pricing and service option to the roaming partner.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
- - 50. The system of claim 49, wherein the pricing and service options comprise at least one option for minute-by-minute access.
  - 51. The system of claim 49, wherein the pricing and service options comprise at least one option for hourly access.
  - 52. The system of claim 49, wherein the pricing and service options comprise at least one option for byte-based access.
  - 53. The system of claim 49, wherein at least one of the pricing and service options comprises a maximum bandwidth limit.
  - 54. The system of claim 49, wherein at least one of the pricing and service options comprises a maximum time limit.
  - 55. The system of claim 49, wherein the network provider is configured to monitor network usage according to the user-selected pricing and service option.
  - 56. The system of claim 49, wherein the network provider is configured to bill the roaming partner for access to the network according to the user-selected pricing and service option.

57. A system comprising:
- a network, wherein a network provider and a roaming partner are communicatively coupled to the network;
  
  a network access controller coupled to the network;
  
  a plurality of access points coupled to the network access controller, wherein at least one of the plurality of access points is operable to communicate with a client computer, wherein the client computer stores client software which is executable by the client computer;
  
  wherein the roaming partner is configured to send account information for a customer to the network access controller; and
  
  wherein the network provider is configured to enable service for the customer based on the account information sent by the roaming partner.
- View Dependent Claims (58, 59, 60)
- - 58. The system of claim 57, wherein the account information comprises a username and a password for the customer.
  - 59. The system of claim 57, wherein the account information comprises usage restrictions for the customer.
  - 60. The system of claim 57, wherein the network provider is configured to calculate a maximum amount of access time available on the first access point for a prepaid card, wherein the prepaid card is associated with the account information;
    - and wherein the network provider is configured to end the user session when the maximum amount of access time is reached.

61. A carrier medium comprising program instructions for providing access to a network, wherein the program instructions are computer-executable to implement:
- using client software on a client computer to perform a get operation on a server, wherein the client computer is communicatively coupled to a first access point;
  
  a network provider sending pricing and service option information to a roaming partner, wherein the pricing and service option information comprises a plurality of pricing and service options for access to the network;
  
  selecting a plurality of the pricing and service options to display to a user;
  
  displaying the selected pricing and service options to the user;
  
  receiving user input comprising a user selection of one of the pricing and service options; and
  
  sending the user-selected pricing and service option to the roaming partner.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68)
- - 62. The carrier medium of claim 61, wherein the pricing and service options comprise at least one option for minute-by-minute access.
  - 63. The carrier medium of claim 61, wherein the pricing and service options comprise at least one option for hourly access.
  - 64. The carrier medium of claim 61, wherein the pricing and service options comprise at least one option for byte-based access.
  - 65. The carrier medium of claim 61, wherein at least one of the pricing and service options comprises a maximum bandwidth limit.
  - 66. The carrier medium of claim 61, wherein at least one of the pricing and service options comprises a maximum time limit.
  - 67. The carrier medium of claim 61, wherein the program instructions are computer-executable to implement:
    - the network provider monitoring network usage according to the user-selected pricing and service option.
  - 68. The carrier medium of claim 61, wherein the program instructions are computer-executable to implement:
    - the network provider billing the roaming partner for access to the network according to the user-selected pricing and service option.

69. A carrier medium comprising program instructions for providing access to a network, wherein the program instructions are computer-executable to implement:
- using client software on a client computer to communicate with a network access controller coupled to a first access point;
  
  a roaming partner sending account information for a customer to the network access controller; and
  
  a network provider enabling service for the customer based on the account information sent by the roaming partner.
- View Dependent Claims (70, 71, 72)
- - 70. The carrier medium of claim 69, wherein the account information comprises a username and a password for the customer.
  - 71. The carrier medium of claim 69, wherein the account information comprises usage restrictions for the customer.
  - 72. The carrier medium of claim 69, wherein the program instructions are computer-executable to implement:
    - the network provider calculating a maximum amount of access time available on the first access point for a prepaid card, wherein the prepaid card is associated with the account information; and
      
      the network provider ending the user session when the maximum amount of access time is reached.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayport, Inc. (AT&T, Inc.)
Original Assignee
Wayport, Inc. (AT&T, Inc.)
Inventors
Krenzer, Matthew M., Keeler, James D.

Application Number

US10/341,761
Publication Number

US 20030233580A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 30/0206   Price or cost determination...

H04L 12/14   Charging , metering or bill...

H04L 12/1446   inter-operator billing

H04L 12/1467   involving prepayment

H04L 12/2898   Subscriber equipments DSL m...

H04L 12/5692   Selection among different n...

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04L 63/101   Access control lists [ACL]

H04L 67/52   specially adapted for the l...

H04M 15/00   Arrangements for metering, ...

H04M 15/8038   Roaming or handoff

H04M 2215/7442   Roaming

H04W 12/088   using filters or firewalls

H04W 4/00   Services specially adapted ...

H04W 4/02   Services making use of loca...

H04W 4/24   Accounting or billing

H04W 48/18   Selecting a network or a co...

H04W 60/04   using triggered events

H04W 80/00 : Wireless network protocols ...

View All

Authorization and authentication of user access to a distributed network communication system with roaming features

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

174 Citations

72 Claims

Specification

Use Cases

Quick Links

Others

Authorization and authentication of user access to a distributed network communication system with roaming features

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

174 Citations

72 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others