Arrangement and a method relating to IP network access
First Claim
1. An arrangement, for providing an end user with access to an IP network, comprising a user station, an access server of an access network, a web server and an authentication server, an end user station with first means for communication with an access server and a web server, second means for communication with an authentication server over a mobile telecommunications system, an access/login procedure comprising a first and a second phase, wherein the authentication server controls the first phase, said first phase comprising a one-time password (OTP) login sequence, and wherein the second login phase is performed by creating/modifying a temporary account for which user credentials are defined in order to log in the end user at the access server.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to an arrangement and a method respectively for providing an end user with access to an IP network (login). It comprises a user station, an access server of an access network, a web server and an authentication server. The end user station comprises first means for communication with the access server and second means for communication over a moile telecommunication system with the authentication server. The access/login procedure comprises a first and a second phase, the authentication server controls the first phase comprising a one-time-password (OTP) login sequence, and, if the one time password (OTP) is valid, the second login phase is performed in order to login the end user at the access server, by creating a temporary account for which user credentials are defined.
-
Citations
33 Claims
-
1. An arrangement, for providing an end user with access to an
IP network, comprising a user station, an access server of an access network, a web server and an authentication server, an end user station with first means for communication with an access server and a web server, second means for communication with an authentication server over a mobile telecommunications system, an access/login procedure comprising a first and a second phase, wherein the authentication server controls the first phase, said first phase comprising a one-time password (OTP) login sequence, and wherein the second login phase is performed by creating/modifying a temporary account for which user credentials are defined in order to log in the end user at the access server.
-
24. An access server in an access network communicating with an end user station for providing said end user station with access to an IP network, with a web server and with an authentication server,
wherein the access server allows any user to perform an access attempt to the web server, e.g. by using a white list function, a login link to the operator, and supports authentication server roaming, and in that the access server supports a second phase of a login procedure following on a first phase during which a one-time-password is given, and in that for said second phase a temporary user account is created/modified, the password and user name of which are defined and uniquely associated with the one-time-password given by the authentication server and provided to the user station over a mobile communication system e.g. as an SMS, voice message or similar in the first phase.
-
26. A method for providing an end user with access to an IP network over an access network comprising an access server, comprising
performing a first phase of a login procedure whereby a one-time-password (OTP) is provided by an authentication server and transferred to the end user over a mobile communication system, checking the validity/authenticity of the one-time-password, and if valid, adding/modifying a temporary account in the authentication server, for a second phase of the login procedure, defining a user name and a password uniquely tied to the one-time-password of the first phase, checking the validity of the user name and the password in the authentication server, and if valid, allowing the user login request, removing/disabling the temporary user account after lapse of a predetermined time period.
Specification