Method and device for authenticated access of a station to local data networks in particular radio data networks

US 20050048950A1
Filed: 10/24/2002
Published: 03/03/2005
Est. Priority Date: 10/24/2001
Status: Active Grant

First Claim

Patent Images

1. A method for authenticated access by a station compatible with a data network, where access of the station is to an access point for such a data network, comprising:

transmitting identification information to the access point;

providing and transmitting an identifier via an interface to an authenticated devices of a system or network external to the access point, having an authenticating function, whereby the identification information is directly assigned to the device authenticated in the external system or network and, access to data of the authenticated device is available at a location of the station or of the access point;

transmitting the identifier sent to the authenticated device to the station;

transmitting the identifier to the access point;

comparing the transmitted identifier with the sent identifier; and

if the comparison is positive, enabling access of the station at least some services and functions at the access-point end or at the network end.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to methods, devices and systems for the authenticated access to a data network by means of a station (WH) compatible with a data network (WLAN), which permit an authentication of the station and user. A device, for example a mobile radio device, is used for the above, which is authenticated in another system. In addition to the authentication, in particular a charging of services in a data network or another communication system (GSM) which is accessible by means of the data network is thus possible.

283 Citations

21 Claims

1. A method for authenticated access by a station compatible with a data network, where access of the station is to an access point for such a data network, comprising:
- transmitting identification information to the access point;
  
  providing and transmitting an identifier via an interface to an authenticated devices of a system or network external to the access point, having an authenticating function, whereby the identification information is directly assigned to the device authenticated in the external system or network and, access to data of the authenticated device is available at a location of the station or of the access point;
  
  transmitting the identifier sent to the authenticated device to the station;
  
  transmitting the identifier to the access point;
  
  comparing the transmitted identifier with the sent identifier; and
  
  if the comparison is positive, enabling access of the station at least some services and functions at the access-point end or at the network end.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the identifier is randomly generated or is randomly selected from a list with a large number of redefined passwords or another entity at the access-point end or at the network end.
  - 3. The method according to claim 1, wherein the transmission of the identifier is carried out by a short message service.
  - 4. The method according to claim 1, wherein the transmission of the identifier is carried out by an indirect use of authentication functions in the system or network external to the access point or data network with the authenticated device.
  - 5. The method according to claim 1, wherein a mobile station or a subscriber identification card of a cellular mobile radiocommunication system is used as the authenticated device of the system or network external to the access point or data network.
  - 6. The method according to claim 1, wherein after authentication of the station compatible with the data network, the station accessing the access point to the data network, data relevant to charging is recorded at the access-point end or in a data network at the access-point end by the or an independent entity when the station accesses the access point, the data network and/or services.
  - 7. The method according to claim 6, wherein in a first charging unit basic charging information is recorded and transmitted to a second charging unit which determines from the basic charging information charges to be billed.
  - 8. The method according to claim 6, wherein the data relevant to charging is forwarded to an external charging entity of a third party or to a charging unit, interposed for authentication, of the system or network external to the access point or external to the data network, wherein either the third party and the charging unit are not involved in the authentication procedure or the authentication procedure is carried out independently of the charging method autonomously between the station and the access point or the entity at the access-point end.
  - 9. The method according to claim 6, wherein charging information of a charging-relevant connection occurs as charging access to an IN-based payment system.

10. A data network, comprising:
- at least one interface-type access point for access to the data network by stations compatible with the data network at the subscriber end;
  
  an access control unit with an authentication memory in which authorized stations are registered;
  
  a first external network interfaces for access by the data network to an external system or network that is incompatible with the data network, wherein the access control unit which is configured to generate an identifier and to emit the identifier via the external system or network is provided; and
  
  a transmission device for transmitting the identifier transmitted via the external network or system to an authenticated device of the external network or system to the station and via the station for authentication of the station to the access control unit.

11. A modem or access point for access by means of stations compatible with a data network at a subscriber end to a wireless data network comprising:
- an interface for the data network;
  
  at least one additional interface for access to a network or system external to the data network; and
  
  an access control unit for independently checking an authentication status of the station and, where authentication is inadequate, for activating authentication of the station.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The modem or access point according to claim 11, wherein the access control unit is, where authentication is inadequate, configured to establish a connection to a separate authentication device or to carry out the authentication procedure independently.
  - 13. The modem or access point according to claim 11, wherein the interface for the data network is configured for connecting the wireless data network to one of the stations or for connecting one of the stations directly.
  - 14. The modem or access point according to claim 11, wherein the at least one additional interface is configured as a retrofittable or replaceable module which is adapted to the network or system external to the data network.
  - 15. The modem or access point according to claim 11, wherein the access control unit is configured for generating an identifier after receipt of an identification information via the interface from the data network, emitting the identifier via the interface to the external network or system subsequently receiving the identifier transmitted via the external network or system via the local area network, and comparing the emitted and received identifier for deciding the approval of access to the data network.
  - 16. The modem or access point according to claim 11, wherein the access control unit has equipment and functions for authentication and an interface module, wherein the interface module is configured as a modular device for connecting to at least one communication system or network external to the data network with secure authentication.

17. An authentication and/or charging system for a data network comprising:
- a station compatible with the data network accesses the data network;
  
  an authenticated device or an authenticated subscriber of the system or network external to the data network, wherein at the data-network end, authentication of the station is checked and arranged autonomously so as to enable direct or indirect assignment thereto.

18. An authentication and/or charging system for a data network comprising:
- a station compatible with the data network accesses the data network; and
  
  an identifier is sent from the data network via a system or network external to the data network to an authenticated station external to the data network of the external system or network, wherein the identifier is transmitted from the authenticated station to the station and is transmitted further from the station to the data network, and in the data network a comparison is carried out of the sent and received identifier for indirect authentication.
- View Dependent Claims (19, 20, 21)
- - 19. The charging and authentication system according to claim 18 for a data network, further comprising:
    - a first authentication of the system in which charges accrue, with regard to the authenticity of the station compatible with the data network accessing the data network; and
      
      a second authentication with regard to the authenticity of the system in which charges accrue, is initiated in relation to an additional system receiving charging data.
  - 20. The charging and authentication system for a data network according to a claim 18, wherein charging information relating to an accessing station is sent from the data network for charging to a device external to the data network, whereby charging is carried out independently of the authentication of the station.
  - 21. The charging and authentication system for a data network or for an access point for a station compatible with the data network, according to claim 18, wherein a service provider offers access for a station compatible with the data network and prompts or carries out independently an authentication of the accessing station which is compatible with the data network, and transmits charging data to a charging unit of an external system or to a charging organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Monarch Networking Solutions LLC (Acacia Research Corporation)
Original Assignee
Siemens AG
Inventors
Morper, Hans-Jochen

Granted Patent

US 7,756,507 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/18   using different networks or...

H04M 15/00   Arrangements for metering, ...

H04M 15/51   for resellers, retailers or...

H04M 15/68   Payment of value-added serv...

H04M 2215/0196   Payment of value-added serv...

H04M 2215/22   Bandwidth or usage-sensitve...

H04M 2215/54   Resellers-retail or service...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 12/72   Subscriber identity

H04W 4/12   Messaging; Mailboxes; Annou...

Method and device for authenticated access of a station to local data networks in particular radio data networks

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

283 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for authenticated access of a station to local data networks in particular radio data networks

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

283 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links