Systems, methods and computer program products for authorising ad-hoc access

US 20090199009A1
Filed: 06/07/2005
Published: 08/06/2009
Est. Priority Date: 06/07/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for granting a requesting device ad-hoc access to a network, said method comprising the steps of:

sending an access pre-token via an unsecured communication channel to said requesting device;

sending an access token associated with said access pre-token via a secure communications channel to a proxy device having a security association with said requesting device; and

granting ad-hoc network access to said requesting device subject to said requesting device providing information derived from said access token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products for authorizing ad-hoc access are disclosed. A method for ad-hoc authorization comprising the steps of sending a pre-token via an unsecured communication channel to a device requesting ad-hoc authorization, sending a token associated with the pre-token via a secure communications channel to a proxy for the device, receiving evidence of access by the device to the token and determining the ad-hoc authorization based on the evidence. The systems and computer program products disclosed provide means for practicing the methods disclosed.

36 Citations

View as Search Results

31 Claims

1. A method for granting a requesting device ad-hoc access to a network, said method comprising the steps of:
- sending an access pre-token via an unsecured communication channel to said requesting device;
  
  sending an access token associated with said access pre-token via a secure communications channel to a proxy device having a security association with said requesting device; and
  
  granting ad-hoc network access to said requesting device subject to said requesting device providing information derived from said access token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 14)
- - 2. The method of claim 1, wherein said information derived from said access token comprises information specific to said access token.
  - 3. The method of claim 1, wherein said information derived from said access token comprises cryptographic key information retrieved from said access token.
  - 4. The method of claim 3, comprising the further step of forming a security association with said requesting device using said cryptographic key information.
  - 5. The method of claim 1, comprising the further step of receiving a request for ad-hoc network access from the requesting device via an unsecured communication channel, and wherein said access pre-token and said access token are sent in response to said request.
  - 6. The method of claim 1, comprising the further steps of:
    - issuing a challenge to said requesting device; and
      
      receiving a response to said challenge, said response comprising information derived from said access token.
  - 7. The method of claim 6, wherein said challenge comprises a random number and said step of granting ad-hoc network access to said requesting device is further subject to said response comprising information relating to said random number.
  - 14. The system of claim 6, wherein said challenge comprises a random number and said authorization is further subject to said response comprising information relating to said random number.

8. A system for granting a requesting device ad-hoc access to a network, said system comprising:
- an authorization authority for authorizing access to said network by said requesting device; and
  
  an authorization controller for granting ad-hoc network access to said authorized requesting device;
  
  wherein an access token is sent by said authorization controller via a secure channel to a distribution proxy having a secure association with said requesting device; and
  
  wherein said authorization is subject to said authorization controller receiving information derived from said access token from said requesting device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein said information derived from said access token comprises information specific to said access token.
  - 10. The system of claim 8, wherein said information derived from said access token comprises cryptographic key information retrieved from said access token.
  - 11. The system of claim 10, further comprising means for forming a security association with said requesting device using said cryptographic key information.
  - 12. The system of claim 8, wherein said authorization authority comprises:
    - reception means for receiving a request for ad-hoc network access from said requesting device via an unsecured communication channel; and
      
      transmission means for sending an access pre-token and an access token in response to said request.
  - 13. The system of claim 8, wherein said authorization controller further comprises:
    - transmission means for issuing a challenge to said requesting device; and
      
      reception means for receiving a response to said challenge from said requesting device.

15. A computer program product comprising a computer readable medium comprising a computer program recorded therein for granting a requesting device ad-hoc access to a network, said computer program product comprising:
- computer program code for sending an access pre-token via an unsecured communication channel to said requesting device;
  
  computer program code for sending an access token associated with said access pre-token via a secure communications channel to a proxy device having a security association with said requesting device; and
  
  computer program code for granting ad-hoc network access to said requesting device subject to said requesting device providing information derived from said access token.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product of claim 15, wherein said information derived from said access token comprises information specific to said access token.
  - 17. The computer program product of claim 15, wherein said information derived from said access token comprises cryptographic key information retrieved from said access token.
  - 18. The computer program product of claim 17, further comprising computer program code for forming a security association with said requesting device using said cryptographic key information.
  - 19. The computer program product of claim 15, further comprising computer program code for receiving a request for ad-hoc network access from the requesting device via an unsecured communication channel, and wherein said access pre-token and said access token are sent in response to said request.
  - 20. The computer program product of claim 15, further comprising:
    - computer program code for issuing a challenge to said requesting device; and
      
      computer program code for receiving a response to said challenge, said response comprising information derived from said access token.
  - 21. The computer program product of claim 20, wherein said challenge comprises a random number and said step of granting ad-hoc network access to said requesting device is further subject to said response comprising information relating to said random number.

22. A method for managing ad-hoc network access, said method comprising the steps of:
- receiving a request for ad-hoc access from a device, said request comprising a pre-token sent to said device via an unsecured communication channel;
  
  sending a token associated with said pre-token via a secure communications channel to a proxy for said device in response to said request;
  
  receiving a communication from said device; and
  
  determining whether to grant said ad-hoc access based on the content of said communication.

23. A system for managing ad-hoc network access, comprising:
- at least one communications interface for transmitting and receiving data;
  
  a memory unit for storing data and instructions to be performed by a processing unit; and
  
  a processing unit coupled to said at least one communications interface and said memory unit, said processing unit programmed to;
  
  receive a request for ad-hoc access from a device, said request comprising a pre-token sent to said device via an unsecured communication channel;
  
  send a token associated with said pre-token via a secure communications channel to a proxy for said device in response to said request;
  
  receive a communication from said device; and
  
  determine whether to grant said ad-hoc access based on the content of said communication.

24. A computer program product comprising a computer readable medium comprising a computer program recorded therein for managing ad-hoc network access, said computer program product comprising:
- computer program code for receiving a request for ad-hoc access from a device, said request comprising a pre-token sent to said device via an unsecured communication channel;
  
  computer program code for sending a token associated with said pre-token via a secure communications channel to a proxy for said device in response to said request;
  
  computer program code for receiving a communication from said device; and
  
  computer program code for determining whether to grant said ad-hoc access based on the content of said communication.

25. A token for granting a requesting device ad-hoc access to an unsecured network, said token comprising:
- an access pre-token for said requesting device to identify itself to an authorization controller during an ad-hoc request; and
  
  an access token for enabling said requesting device to validly respond to a challenge issued by said authorization controller to gain ad-hoc access to said unsecured network.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The token of claim 25, wherein said access pre-token is sent to said requesting device via an unsecured communications channel and said access token is sent to a proxy for said requesting device via a secured communications channel.
  - 27. The token of claim 25, wherein said access pre-token comprises identification information for matching said access pre-token to said access token.
  - 28. The token of claim 25, wherein said access pre-token comprises a key for securing a communication channel during an ad-hoc access request.
  - 29. The token of claim 25, wherein said access token comprises:
    - information for identifying a network location of an authorization controller to said requesting device issuing said ad-hoc access request;
      
      identification information for matching said access pre-token to said access token; and
      
      a key for securing a communication channel between the authorization controller and the requesting device.
  - 30. The token of claim 29, wherein said access token comprises one or more items selected from the group of items consisting of:
    - a validity tag for indicating validity or invalidity of said access token; and
      
      a validity time for indicating a validity lifetime of said access token.
  - 31. The token of claim 29, wherein said access pre-token is used to secure a communications channel when said requesting device issues a request for ad-hoc access to said unsecured network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Chia, Pei Yen, Tan, Pek Yew

Application Number

US11/916,740
Publication Number

US 20090199009A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04W 12/082   using revocation of authori...

H04W 48/18   Selecting a network or a co...

H04W 84/18   Self-organising networks, e...

Systems, methods and computer program products for authorising ad-hoc access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Systems, methods and computer program products for authorising ad-hoc access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others