Network user authentication system and method

US 20070022469A1
Filed: 07/20/2006
Published: 01/25/2007
Est. Priority Date: 07/20/2005
Status: Active Grant

First Claim

Patent Images

1. A network user authentication system, comprising:

a secure component physically connected to a building;

at least one user device in the building linked to the secure component;

a security server;

at least one network linking the security server to the secure component; and

the security server being configured to determine a physical connection identification (ID) for the secure component and to associate the physical connection ID with a network service subscriber using the user device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network user authentication system, a network user is identified for authentication purposes using the unique identifier for a dedicated physical communication line associated with the building in which the network user is located or a digital certificate which is associated with a secure component or communication line physically attached to a building. An authentication server initially verifies the identification of the dedicated communication line to be associated with a network service subscriber or issues a unique digital certificate to be associated with the dedicated communication line for authentication purposes. The digital certificate may be stored in a building gateway or in an edge site module which is connected to the secure components of a plurality of buildings and stores unique digital certificates for each building.

Citations

44 Claims

1. A network user authentication system, comprising:
- a secure component physically connected to a building;
  
  at least one user device in the building linked to the secure component;
  
  a security server;
  
  at least one network linking the security server to the secure component; and
  
  the security server being configured to determine a physical connection identification (ID) for the secure component and to associate the physical connection ID with a network service subscriber using the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The system as claimed in claim 1, wherein said secure component is a dedicated line connected to the building.
  - 3. The system as claimed in claim 2, wherein the line is a broadband telecommunication line having one end connected to the building.
  - 4. The system as claimed in claim 2, wherein the line is a digital subscriber line (DSL).
  - 5. The system as claimed in claim 2, wherein the line is a fiber line.
  - 6. The system as claimed in claim 2, wherein the line is a dedicated wireless link to the building.
  - 7. The system as claimed in claim 1, wherein the security server is a stand-alone server linked to the secure component over at least one network.
  - 8. The system as claimed in claim 1, further comprising a service provider network edge site and at least one connecting line providing communication between the edge site and the building, and a service provider data center linked to the edge site, the secure component comprising the connecting line from the edge site to the building.
  - 9. The system as claimed in claim 8, further comprising a building gateway module in the building linked to the connecting line, the building gateway module being configured to provide an interface between the connecting line and each user device in the building.
  - 10. The system as claimed in claim 9, wherein said user devices comprise at least one personal computer.
  - 11. The system as claimed in claim 10, wherein said user devices further comprise at least one set top box.
  - 12. The system as claimed in claim 10, wherein said user devices further comprise at least one wireless communication device.
  - 13. The system as claimed in claim 12, wherein the wireless device is selected from the group consisting of a mobile phone, a personal digital assistant, and a wireless computer.
  - 14. The system as claimed in claim 9, wherein the edge site server has dedicated connecting lines providing dedicated communications with a plurality of buildings in a local community, the edge site server having a processor module configured to store a plurality of unique digital certificates in said data storage module and to link each digital certificate with a respective dedicated line connected to the building with which said digital certificate is associated.
  - 15. The system as claimed in claim 14, further comprising a plurality of user devices in each building linked to said gateway module and configured for secure network communications using the unique digital certificate associated with the dedicated line connecting the respective building to the edge site server.
  - 16. The system as claimed in claim 14, wherein said gateway module has a first hardware security element associated with said unique digital certificate.
  - 17. The system as claimed in claim 16, wherein said hardware security element is selected from the group consisting of a universal serial bus (USB) dongle, a smart card, a SIM chip, and a trusted platform module (TPM).
  - 18. The system as claimed in claim 16, wherein the user device has a second hardware security element cryptographically aligned and synchronized with the first hardware security element in said gateway module.
  - 19. The system as claimed in claim 14, wherein said gateway module has at least one hardware security element associated with said unique digital certificate and each user device has a hardware security element cryptographically aligned and synchronized with a hardware security element in said gateway module.
  - 20. The system as claimed in claim 19, wherein at least one of said user devices is a wireless device having a security element comprising a first subscriber identity module (SIM) chip and the gateway module has a second SIM chip configured to communicate with said first SIM chip for authenticated wireless communication purposes.
  - 21. The system as claimed in claim 1, further comprising a session-based watermarking module associated with said user device and configured to insert a unique watermark payload into all content files received by said user device over a public network.
  - 22. The system as claimed in claim 21, wherein said session-based watermarking module is further configured to cryptographically sign the watermark payload with a user private key associated with a unique digital certificate.

23. A network user authentication system for authenticating a user device in a building, comprising:
- a secure component physically connected to a building and associated with the user device;
  
  an authentication server;
  
  at least one network linking the authentication server to the secure component;
  
  the authentication server having a trusted path certification module configured to create a client ID associated with the user device, to identify the secure component, and to associate a unique digital certificate with the secure component, and a data storage module for storing the client ID and associated digital certificate; and
  
  the authentication server further comprising a verification module for using the client ID and associated digital certificate for secure communications between the user device and other user devices over a public network.
- View Dependent Claims (24, 25, 26)
- - 24. The system as claimed in claim 23, wherein the secure component comprises a dedicated line connected to the building and the digital certificate comprises a network-based identification of the dedicated line.
  - 25. The system as claimed in claim 23, wherein the digital certificate comprises an X.509 based digital certificate.
  - 26. The system as claimed in claim 23, further comprising a control unit associated with said secure component having a processor module and a data storage module, the authentication server further comprises a certificate transfer module configured to transmit the digital certificate to the control unit, the processor module being configured to store said digital certificate in said data storage module and to use said digital certificate for secure communications between said user device and other web servers over a public network.

27. A method for authenticating network users for secure communication over a public network, comprising:
- receiving a request for building authentication from a user device in a building at an authentication server through a secure component physically attached to the building and at least one private network;
  
  determining a subscriber identification (subscriber ID) for a user of the user device;
  
  verifying a physical connection identification (physical connection ID) of the secure component;
  
  storing a record of the subscriber ID and associated physical connection ID;
  
  determining a current physical connection ID of the secure component used by a connecting subscriber at each request for service received from the connecting subscriber;
  
  comparing the current physical connection ID with a previously stored physical connection ID for the same subscriber ID for verification purposes; and
  
  supplying the service only if the verification is successful.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The method as claimed in claim 27, further comprising determining the physical connection identification from information available in a network data structure.
  - 29. The method as claimed in claim 27, further comprising associating a unique digital certificate with the physical connection, the digital certificate comprising the physical connection ID, storing the unique digital certificate in a data storage area associated with the physical connection, and using the unique digital certificate for verification purposes in network communications with prospective network partners over a public network.
  - 30. The method as claimed in claim 29, further comprising associating a first hardware security element in the secure component with the unique digital certificate, and cryptographically aligning a hardware security element in at least one user device in the building with the first hardware security element.
  - 31. The method as claimed in claim 27, further comprising inserting a unique watermark payload associated with the building into content files received by a user device in the building over a network.
  - 32. The method as claimed in claim 31, further comprising verifying the geographic location of the building using a location sensor at said secure component for determining the geographic coordinates of said secure component.
  - 33. The method as claimed in claim 32, wherein the geographic location of the building is verified each time a user device in the building initiates secure communications with a prospective network partner over a public network.

34. A network user authentication system, comprising:
- a secure component physically connected to a building and associated with at least one user device in the building;
  
  a control unit associated with said secure component, the control unit having a processor module and a data storage module associated with the processor module;
  
  an authentication server;
  
  at least one network linking the authentication server to the control unit;
  
  the authentication server being configured to associate a unique digital certificate with the secure component and to transmit the unique digital certificate to the control unit associated with the secure component; and
  
  the processor module being configured to store the unique digital certificate in said data storage module and to use the digital certificate for secure communications between the user device and other web servers over a public network.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 35. The system as claimed in claim 34, wherein the authentication server is a utility company server.
  - 36. The system as claimed in claim 34, wherein the control unit comprises an edge site server configured to provide authentication service to a plurality of buildings in a neighborhood, the edge site server having a plurality of dedicated lines each connected to a respective one of the buildings, the processor module being configured to store a plurality of unique digital certificates in said data storage module and to link each digital certificate with a respective dedicated line connected to the building with which said digital certificate is associated.
  - 37. The system as claimed in claim 36, wherein the authentication server is a utility company server linked to said edge site server.
  - 38. The system as claimed in claim 36, further comprising a utility company server linked to the edge site server over a utility company network, the authentication server comprising a separate server linked to the utility company server for communication with said edge site server.
  - 39. The system as claimed in claim 34, further comprising a gateway module in the building connected to said dedicated line, the gateway module being linked to the user device.
  - 40. The system as claimed in claim 39, further comprising a plurality of additional user devices in said building, said processor module being configured to communicate with said additional user devices in said building.
  - 41. The system as claimed in claim 34, wherein the secure component is a secure box physically connected to a structural component of the building, and the control unit is contained in said secure box, the processor module being configured for communication with said user device.
  - 42. The system as claimed in claim 41, wherein the control unit further comprises a location sensor connected to said processor module for providing geographic location coordinates, said processor module being configured to transmit said geographic location coordinates to said authentication server, and said authentication server being configured to use said geographic location coordinates to validate the building location.
  - 43. The system as claimed in claim 34, wherein said control unit further comprises a first hardware security element cryptographically aligned with said digital certificate.
  - 44. The system as claimed in claim 43, wherein the user device has a second hardware security element cryptographically aligned with said first hardware security element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verimatrix Incorporated (Verimatrix SA)
Original Assignee
Verimatrix Incorporated (Verimatrix SA)
Inventors
Kulakowski, Robert, Cooper, Robin

Granted Patent

US 8,181,262 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04K 1/00   Secret communication

H04L 12/2898   Subscriber equipments DSL m...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/608   Watermarking

H04L 2209/80   Wireless

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04N 21/25875   involving end-user authenti...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

Network user authentication system and method

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Network user authentication system and method

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links