Automatic, connection-based terminal or user authentication in communication networks

US 20060165226A1
Filed: 12/19/2003
Published: 07/27/2006
Est. Priority Date: 12/19/2002
Status: Active Grant

First Claim

Patent Images

1. Method for automatically identifying an access right to protected areas in a first network using a unique connection identifier of a second network, with the following procedural steps:

dynamic or static assignment of a unique identifier of the first network for a terminal, during or prior to the latter'"'"'s connection to the first network by means of the second network;

storage of a combination of at least the unique connection identifier of the second network by means of which the connection was made, and the unique identifier of the first network in an authentication unit;

the provider of the protected area requesting the authentication unit to determine the unique connection identifier of the second network using the unique identifier of the first network when the terminal would like access to the protected area;

authentication and/or communication exclusively of the unique identifier of the second network to the provider of the protected area by means of the authentication unit;

checking whether an access right for the protected area exists for the unique connection identifier of the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The aim of the invention is to permit the automatic identification of access rights to protected areas in networks, in particular on the Internet. This is achieved by a method for automatically identifying access rights to protected areas in a first network (2) using a unique connection identifier of a second network (1), in particular in the interconnection of networks that constitutes the Internet. According to the invention: a unique identifier of the first network (2) is dynamically or statically assigned to a terminal, during or prior to the latter'"'"'s connection to the first network (2); a combination of at least the unique connection identifier of the second network (1) and the unique identifier of the first network (2), said combination being stored in an authentication unit (16), is polled when the terminal requests access to the protected area, in order to determine the unique connection identifier of the second network (1) using the unique identifier of the first network (2); and the existence of access rights to the protected area for the unique connection identifier of the second network (1) is then verified.

130 Citations

23 Claims

1. Method for automatically identifying an access right to protected areas in a first network using a unique connection identifier of a second network, with the following procedural steps:
- dynamic or static assignment of a unique identifier of the first network for a terminal, during or prior to the latter'"'"'s connection to the first network by means of the second network;
  
  storage of a combination of at least the unique connection identifier of the second network by means of which the connection was made, and the unique identifier of the first network in an authentication unit;
  
  the provider of the protected area requesting the authentication unit to determine the unique connection identifier of the second network using the unique identifier of the first network when the terminal would like access to the protected area;
  
  authentication and/or communication exclusively of the unique identifier of the second network to the provider of the protected area by means of the authentication unit;
  
  checking whether an access right for the protected area exists for the unique connection identifier of the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 22, 23)
- - 2. Method in accordance with claim 1, wherein the combination stored in the current authentication unit contains further data in addition.
  - 3. Method in accordance with claim 2, characterized in that the additional data has at least one of the following:
    - the dial-in number into the first network, a user name (login) and a password.
  - 4. Method in accordance with claim 1, wherein the authentication unit is only run temporarily.
  - 5. Method in accordance with claim 4, wherein the combination of data is deleted from the authentication unit as soon as the terminal ends its connection with one of the two networks.
  - 6. Method in accordance with claim 1, wherein the unique identifier of the second network is a call-up number.
  - 7. Method in accordance with claim 1, wherein the protected area includes the provision of an online individual connection identification.
  - 8. Method in accordance with claim 7, wherein a individual connection identification takes place automatically for the unique connection identifier of the second network.
  - 9. Method in accordance with claim 7, wherein, before release of a individual connection identification, a further entry on the terminal is necessary in addition.
  - 10. Method in accordance with claim 9, wherein the further entry includes the entry of an invoice number and/or a customer number and/or a PIN.
  - 11. Method in accordance with claim 1, wherein only authorised services have access to the authentication unit.
  - 12. Method in accordance with claim 1, wherein the protected area includes at least one of the following services:
    - provision of contents, electronic trade (e-commerce), payment or settlement services and authorized services.
  - 13. Method in accordance with claim 12, wherein with a payment service, the costs arising are automatically invoiced by means of the unique connection identifier of the second network.
  - 14. Method in accordance with claim 1, characterized in that further data are automatically called up from the terminal and/or further procedural steps are initiated in the protected area using the unique connection identifier of the second network.
  - 15. Method in accordance with claim 1, wherein further personalisation of the terminal takes place by entering a PIN.
  - 22. Method in accordance with claim 1 or 16, wherein the first and second networks are based on different protocols.
  - 23. Method in accordance with claim 1 or 16, wherein the first network is the internet, and the second network is a telephone network.

16. Method for providing data for automatic identification of access rights to protected areas in networks, with the following procedural steps:
- provision of at least one unique identifier respectively from at least two different networks while a connection to both networks exists, whereby the connection to one of the networks happens by means of the other network;
  
  storage of a combination of the different identifiers in an authentication unit;
  
  authentication and/or issue exclusively of one of the unique identifiers when a corresponding enquiry is made regarding the other unique identifiers;
  
  deletion of the data from the authentication unit as soon as a connection with at least one of the two networks has ended.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. Method in accordance with claim 16, wherein at least one of the identifiers is an IP number and/or a unique connection identifier of a terminal.
  - 18. Method in accordance with claim 16, wherein it is checked whether the enquiry originates from an authorised place or from an authorised service.
  - 19. Method in accordance with claim 16, wherein the combination stored in the current authentication unit contains further information in addition.
  - 20. Method in accordance with claim 19, wherein the additional data have at least one of the following:
    - a dial-in number into one of the networks, a user name (login) and a password.
  - 21. Method in accordance with claim 16, wherein a call-up number block or a target number block is identified by means of the authentication unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BT GmbH & Company OHG (BT Group PLC)
Original Assignee
BT GmbH & Company OHG (BT Group PLC)
Inventors
Ernst, Matthias, Stotter, Tobias, Elbs, Stefan

Granted Patent

US 8,127,339 B2
Time in Patent Office

Days
Field of Search
US Class Current

379/114.10
CPC Class Codes

H04L 61/4535   using an address exchange p...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04M 15/00   Arrangements for metering, ...

H04M 15/41   Billing record details, i.e...

H04M 15/43   Billing software details

H04M 15/46   Real-time negotiation betwe...

H04M 15/8207   Time based data metric aspe...

H04M 2215/0164   Billing record, e.g. Call D...

H04M 2215/56   On line or real-time flexib...

H04M 2215/7813   Time based data, e.g. VoIP ...

Automatic, connection-based terminal or user authentication in communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

130 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Automatic, connection-based terminal or user authentication in communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others