METHOD AND APPARATUS FOR SECURE IMMEDIATE WIRELESS ACCESS IN A TELECOMMUNICATIONS NETWORK

US 20080026740A1
Filed: 03/26/2007
Published: 01/31/2008
Est. Priority Date: 03/04/2002
Status: Active Grant

First Claim

Patent Images

1. A bootstrap process for secure immediate wireless access by at least one non-active wireless device for exchange of information via one or more existing networks, comprising the steps of:

upon being powered on, said at least one non-active wireless device automatically requesting access to a wireless network, and, if said access request is accepted, being issued a limited profile from an enrollment server on said wireless network;

using said limited profile, said at least one non-active wireless device automatically registering on said wireless network;

from said wireless network said at least one wireless device automatically requesting access to an IP (internet protocol) network, wherein said at least one wireless device is assigned an IP address and granted access to said IP network, wherein said access to said IP network is limited to an activation realm for said non-active wireless device;

said non-active wireless device having limited access to said activation realm automatically initiating contact with an enrollment server on said activation realm; and

during an interaction with said enrollment server, assigning and programming device parameters to said wireless device;

wherein when said assigning and programming are complete, said at least one non-active wireless device is activated.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless telephone and messaging system provides Secure Immediate Wireless Access (SIWA) to wireless telephones onto existing wireless networks. The SIWA protocol uses existing wireless network messaging to exchange information between wireless devices and a network server, referred to herein as an Intelligent Service Manager (ISM). The ISM acts as a gateway between wireless devices and wireless service provider, and provides the wireless devices with an immediate limited or unlimited access to the wireless network. The ISM can also deny access to the wireless network from unauthorized wireless devices.

215 Citations

23 Claims

1. A bootstrap process for secure immediate wireless access by at least one non-active wireless device for exchange of information via one or more existing networks, comprising the steps of:
- upon being powered on, said at least one non-active wireless device automatically requesting access to a wireless network, and, if said access request is accepted, being issued a limited profile from an enrollment server on said wireless network;
  
  using said limited profile, said at least one non-active wireless device automatically registering on said wireless network;
  
  from said wireless network said at least one wireless device automatically requesting access to an IP (internet protocol) network, wherein said at least one wireless device is assigned an IP address and granted access to said IP network, wherein said access to said IP network is limited to an activation realm for said non-active wireless device;
  
  said non-active wireless device having limited access to said activation realm automatically initiating contact with an enrollment server on said activation realm; and
  
  during an interaction with said enrollment server, assigning and programming device parameters to said wireless device;
  
  wherein when said assigning and programming are complete, said at least one non-active wireless device is activated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The process of claim 1, wherein the step of said at least one non-active wireless device requesting access to said wireless network and being issued a limited profile from a server on said wireless network comprises the steps of:
    - requesting a terminal identifier by said at least one non-active wireless device from an access node base station, and receiving said terminal identifier;
      
      said at least one non-active wireless device and said access node base station negotiating a data link;
      
      said access node base station issuing an authentication challenge to said at least one non-active wireless device;
      
      said at least said at least one non-active wireless device responding to said to said challenge with a password and a Bootstrap Network Access Identifier (BNAI), wherein said BNAI is constructed using a unique device identifier, activation session information and an activation realm;
      
      said access node base station relaying said challenge response to an authentication server in an access request, wherein the authentication server recognizes the activation realm of the at least one non-active wireless device and proxies the access request to an activation server;
      
      said activation server extracting said unique device identifier and said activation session information from said BNAI, ensuring that the at least one non-active wireless device is entitled to activation, and, if said password is what it is expected to be, returning an access-accept message wherein a mobile node identifier (MN ID) is assigned to said least one non-active wireless device, wherein said MN ID is mapped to a Bootstrap Mobile Subscriber Identifier (BMSID); and
      
      receiving said access-accept message by said authentication server and relaying said access-accept message to the access node base station.
  - 3. The process of claim 2, wherein said step of said at least one non-active wireless device automatically registering on said wireless network using said limited profile comprises the steps of;
    - optionally, said access node base station requesting a hardware ID from said at least one non-active wireless device, wherein said wireless device responds with a message containing the wireless device'"'"'s electronic serial number (ESN);
      
      said access node base station directing a setup message including the BMSID and, optionally, the ESN to a packet control function (PCF), whereupon said PCF directs a registration request to a Packet Data Switching Node (PDSN);
      
      if it accepts said registration request, said PDSN directing a registration reply to said PCF, whereupon said PCF returns a connect message to the access base station, wherein a PPP connection is established between the at least one non-active wireless device and said PDSN.
  - 4. The process of claim 2, wherein said step of said at least one wireless device automatically requesting access to an IP (internet protocol) network from said wireless network comprises the steps of:
    - one or more mobility agents (BCS/PDSN/FA) directing at least one MIP (mobile IP) agent advertisement to said at least one non-active wireless device, wherein said wireless device receives the at least one MIP agent advertisements and determines its point of attachment to said IP network;
      
      said at least one non-active wireless device automatically directing a MIP registration request message including said BNAI activation realm to a BCS/PDSN/FA;
      
      said BCS/PDSN/FA directing an access request including said BNAI activation realm to an Authentication/Authorization and Accounting server (AAA) on said IP network;
      
      upon receipt of the access request, said AAA validating said BNAI activation realm and returning an access accept message to said BCS/PDSN/FA;
      
      said BCS/PDSN/FA routing a MIP registration request to a Home Agent (HA);
      
      said HA recognizing said BNAI activation realm and assigning an Access Control list (ACL) to restrict traffic from the at least one non-active wireless device to the activation realm only; and
      
      said HA directing a MIP registration reply to the BCS/PDSN/FA;
      
      the BCS/PDSN/FA in turn routing the MIP registration reply to the at least one non-active wireless device;
      
      wherein the at least one non-active wireless device, having been assigned an IP address, is granted limited access to said IP network within said activation realm.
  - 5. The process of claim 4, further comprising the step of:
    - said AAA optionally assigning a HA IP address for the MIP session.
  - 6. The process of claim 4, further comprising the steps of:
    - the BSC/PDSN/FA monitoring activity related to the assigned IP address by generating Usage Detail Records (UDRs) of the IP address; and
      
      directing an Accounting-Request-Start to the AAA.
  - 7. The method of claim 2, wherein said step of said at least one non-active wireless device having limited access to said activation realm automatically initiating contact with an enrollment server on said activation realm comprises the steps of:
    - said at least one non-active wireless device and said enrollment server mutually authenticating each other.
  - 8. The process of claim 7, wherein said step of said at least one non-active wireless device and said enrollment server mutually authenticating each other comprises the steps of:
    - said at least one non-active wireless device issuing a server challenge including a Secure Instant Wireless Access ID (Siwa ID) and the BMSID;
      
      said enrollment server calculating a server response and generating a device challenge, including a session ID, server response and client challenge;
      
      said at least one non-active wireless device checking said server challenge and calculating a device response and directing a device response challenge to the enrollment server;
      
      said enrollment server validating said device response, whereupon said wireless device is authenticated on said enrollment server.
  - 9. The process of claim 8, further comprising the steps of:
    - said enrollment server optionally instructing said at least one non-active wireless device to launch a client application and providing URL of an enrollment application;
      
      said device receiving said instruction and launching a client application and directing said client application to said enrollment application.
  - 10. The process of claim 9, wherein said client application comprises a browser.
  - 11. The process of claim 2, wherein said step of assigning and programming device parameters to said wireless device during an interaction with said enrollment server comprises the steps of:
    - directing a request to said enrollment server to program device parameters to said at least one non-active wireless device;
      
      said enrollment server sending a program request to said at least one non-active wireless device including parameters to program;
      
      said device programming itself with said included parameters to program and returning a programming response to said enrollment server; and
      
      said server validating said programming response and indicating activation completion to a self-service signup application.
  - 12. The process of claim 11, further comprising the steps of:
    - said enrollment server optionally instructing said at least one non-active wireless device to direct a user of said device to said self-service signup application, wherein said enrollment server may select a self-service signup application from a set of enrollment applications;
      
      said user interacting with said self-service signup application to perform tasks related to session purchase; and
      
      said at least one non-active wireless device and said enrollment server exchanging a heartbeat at regular intervals during the user interaction.
  - 13. The process of claim 11, wherein said at least one non-active wireless device is assigned any of:
    - a Network Access Identifier (NAI);
      
      an AAA (Authentication-Authorization-Accounting) secret;
      
      a Mobile Device Number (MDN); and
      
      a Mobile Subscriber Identifier (MSID).
  - 14. The process of claim 2, wherein said activation session information comprises a Bootstrap Mobile Subscriber Identifier (BMSID) required by said network for mobility and billing purposes.
  - 15. The process of claim 1, wherein said wireless network comprises any of a EV-DO (Evolution-Data Optimized), WiFi (Wireless Fidelity) and WIMAX (Worldwide Interoperability for Microwave Access).
  - 16. The process of claim 1, wherein a network protocol for interaction with said IP network comprises any of SIP (simple IP) and MIP (mobile IP).
  - 17. The process of claim 1, wherein said at least one non-activated wireless device is provided either of limited and unlimited access to said wireless network after activation.
  - 18. The process of claim 1, further comprising any of the steps of:
    - providing service to a user without a need for manual provision of accounts;
      
      providing said wireless device with immediate access to said wireless network; and
      
      providing access to services offered by a wireless service provider to said user at the time they are needed by said user.
  - 19. The process of claim 1, further comprising the steps of:
    - once a wireless device selects a wireless network and before a network access attempt, said wireless device checking for a Wireless Session status;
      
      wherein if a non-active Wireless Session status is detected, said wireless device then changes its state to indicate that a bootstrap process is initiated.
  - 20. The process of claim 1, wherein said at least one non-active wireless device remains in a bootstrap state until a network identity is granted
  - 21. The process of claim 20, wherein said network identity grants user limited use which comprises any of:
    - a one time use, limited time use and limited usage use.
  - 22. The process of claim 20, further comprising the step of:
    - said activated wireless device re-initiating its network access using its new identity.

23. A secure immediate access wireless apparatus that enables at least one non-active wireless device to activate itself on a wireless network comprising:
- at least one server managing an activation session of said at least one non-active wireless device, means for said non-active wireless device to generate at least one temporary mandatory network identifier at the beginning of activation to be granted a limited profile for said wireless network with which said non-active wireless device gains access to an IP network from said wireless network;
  
  wherein upon gaining access to said IP network, said non-active wireless device is assigned an IP address and granted access to said IP network limited only to an activation realm for said non-active wireless device;
  
  means for securely exchanging information between said at least one non-active wireless device and an enrollment server during said activation session;
  
  wherein activation comprises the steps of;
  
  said non-active device detecting that it is not active generating at least one temporary mandatory network identifier;
  
  said non-active device gaining access to said wireless network using said limited profile, wherein said non-active device accesses said IP network by means of an interface between said wireless network and said IP network;
  
  said non-active device being assigned an IP address and given limited access only to an activation realm for said device on said IP network;
  
  said non-active wireless device authenticating said enrollment server;
  
  said enrollment server authenticating said non-active wireless device;
  
  said enrollment manager server allocating at least one mandatory network identifier for said non-active wireless device;
  
  wherein activation further comprises any of the steps of;
  
  said enrollment server programming said non-active wireless device with mandatory network identifiers and security key;
  
  said enrollment server interacting with a user via said wireless device immediately after authentication;
  
  said enrollment server triggering an additional network provisioning process; and
  
  said enrollment server providing feedback to said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Evolving Systems Labs Incorporated
Original Assignee
Telespree Communications (CCUR Holdings, Inc.)
Inventors
Netanel, Eran

Granted Patent

US 8,046,581 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/419
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04M 1/66   with means for preventing u...

H04W 12/069   using certificates or pre-s...

H04W 4/50   Service provisioning or rec...

H04W 8/205   Transfer to or from user eq...

H04W 8/265   for initial activation of n...

METHOD AND APPARATUS FOR SECURE IMMEDIATE WIRELESS ACCESS IN A TELECOMMUNICATIONS NETWORK

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

215 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURE IMMEDIATE WIRELESS ACCESS IN A TELECOMMUNICATIONS NETWORK

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

215 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links