Methods for common authentication and authorization across independent networks

US 20040193712A1
Filed: 03/31/2003
Published: 09/30/2004
Est. Priority Date: 03/31/2003
Status: Active Grant

First Claim

Patent Images

1. A method of providing authentication and authorization (AA) common to at least two independent networks, comprising:

receiving a set of AA credentials from a user attempting to gain access to either one of said at least two networks; and

using a subscriber database of one of two independent access networks to verify said set of AA credentials to access another of said at least two networks.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Common authentication and authorization (AA) between networks having disparate access technologies may enable a seamless user transition between the networks. A set of AA credentials from a user attempting to gain access to one of the networks may be received, and a subscriber database of another of the networks may be used to verify the set of AA credentials. A communication protocol common to the networks may be used. Additionally, the user may employ a single set of authentication and authorization (AA) credentials, usable over multiple communication protocol layers. Further, a user may perform a single authentication and authorization (AA) operation when roaming across two or more networks by gathering user'"'"'s key material during an AA challenge and reply session at a data link layer. The gathered material may be used for an AA challenge at an upper network layer or another network as the user transitions between networks.

Citations

30 Claims

1. A method of providing authentication and authorization (AA) common to at least two independent networks, comprising:
- receiving a set of AA credentials from a user attempting to gain access to either one of said at least two networks; and
  
  using a subscriber database of one of two independent access networks to verify said set of AA credentials to access another of said at least two networks.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said set of AA credentials enable access to either of said at least two independent networks.
  - 3. The method of claim 1, further comprising assigning said set of AA credentials to the user, wherein at least one of said at least two networks is the user'"'"'s home network.
  - 4. The method of claim 3, wherein said assigning further includes assigning a single user identification and password common to said at least two networks.
  - 5. The method of claim 1, wherein said at least two networks include a wireless local area network (WLAN) and a wide area cellular communication system.
  - 6. The method of claim 5, wherein said wide area cellular communication system is one of a GPRS, cdma2000 system and UMTS.

7. A method of providing authentication and authorization (AA) common to at least two independent networks, comprising:
- receiving a set of AA credentials from a user attempting to gain access to either one of said at least two networks; and
  
  using a communication protocol common to said at least two networks to authenticate and authorize the AA credentials of the user.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The method of claim 7, wherein said at least two networks include a wireless local area network (WLAN) and a wide area cellular communication system.
  - 9. The method of claim 8, wherein said wide area cellular communication system is one of a GPRS, cdma2000 system and UMTS.
  - 10. The method of claim 7, wherein said using further comprises using the common communication protocol for accessing a subscriber database that is shared by said at least two networks to verify the user'"'"'s set of AA credentials against a stored set of AA credentials.
  - 11. The method of claim 10, further comprising:
    - assigning a single user identification and password to said at least two networks; and
      
      assigning said set of AA credentials to the user, wherein at least one of said two networks is the user'"'"'s home network.
  - 12. The method of claim 10, further comprising:
    - assigning a single user identification and password to one of said at least two networks; and
      
      assigning said set of AA credentials to the user, wherein at least one of said two networks is the user'"'"'s home network.
  - 13. The method of claim 12, wherein one of said at least two networks is a visited network receiving said user'"'"'s AA'"'"'s credentials, the method further comprising:
    - forwarding said user'"'"'s set of AA credentials as part of an authentication request from the visited network to an independent proxy AAA server; and
      
      relaying the authentication request from the proxy AAA server to the user'"'"'s home network.
  - 14. The method of claim 13, wherein said visited network uses the common communication protocol to contact the proxy AAA server.
  - 15. The method of claim 13, wherein said forwarding further includes using different attributes within the common protocol to carry said user set of AA credentials and identifying information of the visited network to the proxy AAA server;
    - and said relaying further includes said proxy AAA server mapping said set of AA credentials from the received attributes to attributes used by the user'"'"'s home network.

16. A method by which a user accesses two or more independent networks, comprising:
- employing a single set of authentication and authorization (AA) credentials, usable over multiple communication protocol layers, to access either one of said at least two networks.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein said employing further includes using the same AA credentials for authentication at a data link layer and authentication at a network layer.
  - 18. The method of claim 16, wherein said AA credentials include user identification information and authentication key information or key material that can be used to gain access to said at least two networks.
  - 19. The method of claim 16, wherein said at least two networks include a wireless local area network (WLAN) and a wide area cellular communication system.
  - 20. The method of claim 19, wherein said wide area cellular communication system is one of a GPRS, cdma2000 system and UMTS.

21. A method by which a user performs a single authentication and authorization (AA) operation when roaming across at least two independent networks, comprising:
- gathering user authentication and key material during an AA challenge and reply session at a data link layer; and
  
  using the key material for a subsequent AA challenge, as the user transitions from one network to another network.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21, wherein the subsequent challenge is at one of the same layer and a higher layer.
  - 23. The method of claim 21, wherein said at least two networks include a wireless local area network (WLAN) and a wide area cellular communication system.
  - 24. The method of claim 23, wherein said wide area cellular communication system is one of a GPRS, cdma2000 system and UMTS.
  - 25. The method of claim 21, wherein said using further includes using the key material for data encryption or using the gathered key material of the user during another network challenge, said at least two networks include a visited network and the user'"'"'s home network, and said at least two networks use different attributes of a common protocol.
  - 26. The method of claim 25, wherein said communicating is performed without user involvement.

27. A method of providing authentication and authorization (AA) common to at least two independent networks, comprising:
- receiving a set of AA credentials from a user attempting to gain access to a visited network;
  
  forwarding said user'"'"'s set of AA credentials as part of an authentication request from the visited network to an independent proxy AAA server;
  
  relaying the authentication request from the proxy AAA server to the user'"'"'s public home network; and
  
  forwarding said user'"'"'s set of AA credentials as part of an authentication request from the user'"'"'s public home network to a private home network of the user.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27, wherein said forwarding further comprises:
    - forwarding said user'"'"'s set of AA credentials as part of an authentication request from the user'"'"'s public home network to another independent proxy AAA server; and
      
      relaying the authentication request from said another independent proxy AAA server to the user'"'"'s private home network.
  - 29. The method of claim 27, wherein said user'"'"'s public home network is a cellular service provider for the user, said user'"'"'s private home network is the user'"'"'s enterprise network, the method further comprising:
    - using a subscriber database of the user'"'"'s enterprise network to verify said set of AA credentials.
  - 30. The method of claim 29, wherein the subscriber database is owned by the user'"'"'s enterprise network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Feder, Peretz Moshes, Martin-Leon, Silvia, Lee, Nancy Yushan, Shapira, Reuven, Benenati, David

Granted Patent

US 7,774,828 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 80/00   Wireless network protocols ...

H04W 80/04   Network layer protocols, e....

Methods for common authentication and authorization across independent networks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for common authentication and authorization across independent networks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links