System and method for providing secure network access in fixed mobile converged telecommunications networks

US 20080070571A1
Filed: 09/18/2006
Published: 03/20/2008
Est. Priority Date: 09/18/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing, by a fixed access device, a connection with a mobile terminal over an air interface;

establishing, by the fixed access device, a limited channel with a service provider network via a broadband interface, wherein the limited channel is restricted to messages needed for authenticating the mobile terminal in the service provider network;

authenticating the mobile terminal with the service provider network via the limited channel using authentication information associated with the mobile terminal, wherein the service provider network has a preexisting relationship with the mobile terminal; and

establishing a secure channel between the fixed access device and the service provider network after authenticating the mobile terminal, wherein the secure channel is not restricted to messages needed for authenticating the mobile terminal in the service provider network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates generally to systems and methods for providing secure network access in fixed mobile converged telecommunications systems. In one example, a method includes establishing, by a fixed access device, a connection with a mobile terminal over an air interface. The fixed access device may also establish a limited channel with a service provider network via a broadband interface. The limited channel is restricted to messages meeting one or more criterion. The mobile terminal may be authenticated with the service provider network via the limited channel using authentication information associated with the mobile terminal, and the service provider network has a preexisting relationship with the mobile terminal. A secure channel may be established between the fixed access device and the service provider network after the mobile terminal is authenticated. The secure channel may enable the mobile terminal to communicate with the service provider network using messages not meeting the criterion.

35 Citations

View as Search Results

20 Claims

1. A method comprising:
- establishing, by a fixed access device, a connection with a mobile terminal over an air interface;
  
  establishing, by the fixed access device, a limited channel with a service provider network via a broadband interface, wherein the limited channel is restricted to messages needed for authenticating the mobile terminal in the service provider network;
  
  authenticating the mobile terminal with the service provider network via the limited channel using authentication information associated with the mobile terminal, wherein the service provider network has a preexisting relationship with the mobile terminal; and
  
  establishing a secure channel between the fixed access device and the service provider network after authenticating the mobile terminal, wherein the secure channel is not restricted to messages needed for authenticating the mobile terminal in the service provider network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising sending a temporary credential associated with the fixed access device to the service provider network to establish the limited channel.
  - 3. The method of claim 2 wherein the temporary credential is a digest associated with an identification number of the fixed access device.
  - 4. The method of claim 1 wherein establishing the secure channel includes:
    - generating a temporary shared key by the service provider network;
      
      sending the temporary shared key to the fixed access device; and
      
      using the temporary shared key to establish the secure channel.
  - 5. The method of claim 1 further comprising rejecting, by the service provider network, a message received via the limited channel that is not needed for authenticating the mobile terminal in the service provider network.
  - 6. The method of claim 1 further comprising terminating the limited channel by the service provider network if a message received via the limited channel is not needed for authenticating the mobile terminal in the service provider network.
  - 7. The method of claim 1 further comprising terminating the limited channel by the service provider network if the mobile terminal is not authenticated within a predefined time period.

8. A method comprising:
- establishing, by a service provider network configured to provide a communication service to a mobile terminal, a limited channel with a fixed access device via a broadband network, wherein the limited channel is restricted to messages meeting at least one criterion;
  
  receiving, by the service provider network via the limited channel, authentication information associated with the mobile terminal, wherein the service provider network has a preexisting relationship with the mobile terminal;
  
  determining whether the authentication information is valid; and
  
  establishing, by the service provider network, a secure channel with the fixed access device via the broadband network if the authentication information is valid, wherein the secure channel enables the mobile terminal to communicate with the service provider network using messages not meeting the at least one criterion.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 wherein no authentication credential is received by the service provider network from the fixed access device prior to establishing the limited channel.
  - 10. The method of claim 8 further comprising:
    - receiving an authentication credential from the fixed access device prior to establishing the limited channel;
      
      determining whether the authentication credential is valid; and
      
      establishing the limited channel only if the authentication credential is valid.
  - 11. The method of claim 8 further comprising rejecting, by the service provider network, a message not meeting the criterion that is received via the limited channel.
  - 12. The method of claim 8 further comprising terminating the limited channel by the service provider network if a message received via the limited channel does not meet the criterion.
  - 13. The method of claim 8 wherein establishing the secure channel includes generating a temporary shared key by the service provider network and using the temporary shared key by the fixed access device to establish the secure channel.

14. A method comprising:
- establishing, by a fixed access device, a connection with a mobile terminal over an air interface;
  
  establishing, by the fixed access device, a limited channel with a service provider network via a broadband interface, wherein the limited channel is restricted to messages meeting at least one criterion;
  
  passing authentication information from the mobile terminal to the service provider network through the fixed access device;
  
  receiving, by the fixed access device, a temporary credential by the service provider network; and
  
  establishing a secure channel between the fixed access device and the service provider network using the temporary credential, wherein the secure channel enables the mobile terminal to communicate with the service provider network using messages not meeting the at least one criterion.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 further comprising:
    - receiving, by the fixed access device, an initiation message from the mobile terminal indicating that the mobile terminal is requesting access to the service provider network; and
      
      sending a request from the fixed access device to the service provider network to establish the limited channel in response to the initiation message.
  - 16. The method of claim 14 wherein no authentication information is sent by the fixed access device to the service provider network prior to establishing the limited channel.
  - 17. The method of claim 14 further comprising sending, by the fixed access device, authentication information to the service provider network prior to establishing the limited channel.

18. A device comprising:
- a wireless interface configured to couple the device with a mobile terminal;
  
  a broadband interface configured to couple the device with a broadband network;
  
  a processor configured to process a plurality of executable instructions;
  
  a memory configured to store the plurality of executable instructions; and
  
  the plurality of executable instructions including instructions for;
  
  establishing a connection with the mobile terminal over the wireless interface;
  
  establishing a limited channel with a service provider network via the broadband interface, wherein the limited channel is restricted to messages needed for authenticating the mobile terminal in the service provider network;
  
  passing authentication information from the mobile terminal to the service provider network; and
  
  establishing a secure channel with the service provider network after the mobile terminal is authenticated by the service provider network, wherein the secure channel enables the mobile terminal to communicate with the service provider network using messages not needed for authenticating the mobile terminal in the service provider network.
- View Dependent Claims (19, 20)
- - 19. The device of claim 18 further comprising:
    - at least one authentication credential stored in the memory; and
      
      instructions for sending the at least one authentication credential to the service provider network before to establishing the limited channel.
  - 20. The device of claim 18 further comprising instructions for:
    - receiving temporary authentication information from the service provider network; and
      
      using the temporary authentication information when establishing the secure channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Nguyen, Nhut, Wu, Matt

Granted Patent

US 8,611,859 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/435.1
CPC Class Codes

H04W 12/041   Key generation or derivation

H04W 12/068   using credential vaults, e....

H04W 88/06   adapted for operation in mu...

System and method for providing secure network access in fixed mobile converged telecommunications networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing secure network access in fixed mobile converged telecommunications networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links