Method and System For Transparently Authenticating a Mobile User to Access Web Services
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network. The system includes a mobile station connected to a cellular network and apt to generate access-request messages enclosed in data packets, the access-request messages being expressed with a syntax that complies with an application-level protocol; an allocation server apt to allocate an address in the second network to the subscriber and to provide a mapping between the subscriber'"'"'s address and a first subscriber'"'"'s identifier; a gateway which interfaces the first network to the second network and assigns the subscriber'"'"'s address to the mobile station; a service token injector linked with the gateway and apt to intercept the data packets generated from the endpoint station and directed to the second network through the gateway and to capture in the data packet at least the subscriber'"'"'s address, and an identity authority logical entity linked with the service token injector.
165 Citations
76 Claims
-
1-38. -38. (canceled)
-
39. A method for authenticating a subscriber of a first network to access an application service through a second network, wherein the second network is a packet data network and the access to the application services is in the form of access-request messages enclosed in a data packet, said data packet comprising an address in said second network allocated to a subscriber'"'"'s address and said access-request message expressed with a syntax that complies with an application-level protocol, comprising the steps of:
-
a) intercepting an access-request message to the second network; b) recognising the application-level protocol; c) providing a mapping between the subscriber'"'"'s address and a first subscriber'"'"'s identifier in the first network; d) generating a first authentication token including a second subscriber'"'"'s identifier; e) associating the first authentication token to the access-request message; and f) transmitting the access-request message with said first associated authentication token to the second network. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
63. A system for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network, comprising:
-
a subscriber station coupled to the first network and capable of generating access-request messages enclosed in data packets, said access-request messages being expressed with a syntax that complies with an application-level protocol; an allocation server capable of allocating an address in said second network to a subscriber'"'"'s address and to provide a mapping between the subscriber'"'"'s address and a first subscriber'"'"'s identifier in the first network; a gateway capable of performing the following functions;
to receive the access-request messages from the subscriber station, to interface the first network to the second network, and to assign the subscriber'"'"'s address to the subscriber station;a first logical entity linked with the gateway and capable of intercepting the data packets generated from the subscriber station and directed to the second network through the gateway and to capture in the data packet at least the subscriber'"'"'s address; and a second logical entity linked with the first logical entity and capable of performing the following functions; to receive the subscriber'"'"'s address and the access-request message from the first logical entity, to recognize the application-level protocol of the access-request message, to request the first subscriber'"'"'s identifier to the allocation server, and to generate a first authentication token according to the application-level protocol, said token including a second subscriber'"'"'s identifier, wherein the first logical entity or the second logical entity is capable of associating said first authentication token with the access-request message. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76)
-
Specification