TICKET-BASED SPECTRUM AUTHORIZATION AND ACCESS CONTROL

US 20100070760A1
Filed: 09/12/2008
Published: 03/18/2010
Est. Priority Date: 09/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method for spectrum authorization and access control, comprising:

obtaining a first authorization ticket for a first device issued by a trusted third party;

receiving from a second device a second authorization ticket for the second device, the second authorization ticket is issued by the trusted third party or another trusted party; and

establishing a validated communication session with the second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects describe spectrum authorization, access control, and configuration parameters validation. Devices in an ad-hoc or peer-to-peer configuration can utilize a licensed spectrum if the devices are authorized to use the spectrum, which can be determined automatically. Aspects relate to distribution of authorization tickets by an authorization server as a result of validating a device'"'"'s credentials and services to which the device is entitled. An exchange and verification of authorization tickets can be performed by devices as a condition for enabling a validated wireless link using the spectrum.

96 Citations

View as Search Results

40 Claims

1. A method for spectrum authorization and access control, comprising:
- obtaining a first authorization ticket for a first device issued by a trusted third party;
  
  receiving from a second device a second authorization ticket for the second device, the second authorization ticket is issued by the trusted third party or another trusted party; and
  
  establishing a validated communication session with the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprises validating the second authorization ticket for the second device before establishing the validated communication session with the second device.
  - 3. The method of claim 2, wherein the second authorization ticket includes a validity time and a cryptographic signature of the trusted third party or the another trusted party and wherein validating the second authorization ticket includes verifying the validity time and the cryptographic signature.
  - 4. The method of claim 2, wherein validating the second authorization ticket comprises verifying possession of a private key associated with both a public key and an identity included in a digital certificate.
  - 5. The method of claim 2, wherein a failure to validate the second authorization ticket for the second device results in tearing down a communication link between the first device and the second device.
  - 6. The method of claim 1, further comprises transmitting the first authorization ticket to the second device before establishing the validated communication session with the second device.
  - 7. The method of claim 1, further comprises securing the validated communication session based on information contained in the first authorization ticket and the second authorization ticket.
  - 8. The method of claim 1, wherein the first authorization ticket comprises an identifier of the first device, a signature of the trusted third party, and a validity time.
  - 9. The method of claim 1, wherein the validated communication session is configured to carry data of a type and manner specified in a list of allowed services included in the first authorization ticket and the second authorization ticket.
  - 10. The method of claim 1, wherein the first authorization ticket comprises services allowed to be accessed by the first device and the second authorization ticket comprises services allowed to be accessed by the second device.
  - 11. The method of claim 1, wherein at least one of the first authorization ticket and the second authorization ticket are embodied as a traditional digital certificate.

12. A wireless communications apparatus, comprising:
- a memory that retains instructions related to obtaining a first authorization ticket for a first device issued by a trusted third party, receiving from a second device a second authorization ticket for the second device, and establishing a validated communication session with the second device, wherein the second authorization ticket is issued by the trusted third party or another trusted party; and
  
  a processor, coupled to the memory, configured to execute the instructions retained in the memory.
- View Dependent Claims (13, 14, 15)
- - 13. The wireless communications apparatus of claim 12, the memory further retains instructions related to validating the second authorization ticket for the second device before establishing the validated communication session, wherein the validated communication session is configured to carry data of a type and manner specified in a list of allowed services included in the first authorization ticket and the second authorization ticket.
  - 14. The wireless communications apparatus of claim 13, wherein a failure to validate the second authorization ticket for the second device results in tearing down a communication link between the first device and the second device.
  - 15. The wireless communications apparatus of claim 12, the memory further retains instructions related to conveying the first authorization ticket to the second device before establishing the validated communication session with the second device, wherein the first authorization ticket comprises an identifier of the first device, a signature of the trusted third party, and a validity time.

16. A wireless communications apparatus that facilitates spectrum authorization and access control, comprising:
- means for obtaining a first authorization ticket for a first device issued by a trusted third party;
  
  means for conveying the first authorization ticket to a second device;
  
  means for receiving from the second device a second authorization ticket for the second device, the second authorization ticket is issued by the trusted third party or another trusted third party;
  
  means for validating the second authorization ticket for the second device; and
  
  means for establishing a validated communication session with the second device if the validation of the second authorization ticket is successful.
- View Dependent Claims (17)
- - 17. The wireless communications apparatus of claim 16, wherein the first authorization ticket comprise an identifier of the first device and a signature of the trusted third party and the second authorization ticket comprises an identifier of the second device and a signature of the trusted third party or the another trusted party.

18. A computer program product, comprising:
- a computer-readable medium comprising;
  
  a first set of codes for causing a computer to obtain a first authorization ticket for a first device issued by a trusted third party;
  
  a second set of codes for causing the computer to receive from a second device a second authorization ticket for the second device, the second authorization ticket is issued by the trusted third party or another trusted party;
  
  a third set of codes for causing the computer to validate the second authorization ticket; and
  
  a fourth set of codes for causing the computer to establish a validated communication with the second device if the second authorization ticket is valid.

19. At least one processor configured to provide spectrum authorization and access control, comprising:
- a first module for obtaining a first authorization ticket for a first device issued by a trusted third party;
  
  a second module for transmitting the first authorization ticket to a second device;
  
  a third module for receiving from the second device a second authorization ticket for the second device, the second authorization ticket is issued by the trusted third party or another trusted third party;
  
  a fourth module for validating the second authorization ticket for the second device; and
  
  a fifth module for establishing a validated communication session with the second device if the validation of the second authorization ticket is successful.
- View Dependent Claims (20)
- - 20. The at least one processor of claim 19, wherein the first authorization ticket comprises services allowed to be accessed by the first device and wherein the validated communication session is configured to carry data of a type and manner specified in a list of allowed services included in the first authorization ticket and the second authorization ticket.

21. A method for spectrum authorization and access control, comprising:
- receiving a request from a first device for system access;
  
  performing authentication of the first device;
  
  determining system access that can be authorized for the first device; and
  
  creating an authorization ticket for the first device based on the authorized system access.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method of claim 21, wherein the first device authentication is obtained externally from a network device over a secure communication link.
  - 23. The method of claim 21, wherein determining system access comprises consulting a configuration parameters database that contains a listing of a plurality of devices that are authorized to access the system.
  - 24. The method of claim 21, wherein the authentication or the authorized system access is determined by credentials associated with the first device.
  - 25. The method of claim 24, wherein the credentials are at least one of shared secret keys, public keys, authorization information, a list of services, billing information, or combinations thereof.
  - 26. The method of claim 21, wherein the authorization ticket comprises an identity of the first device.
  - 27. The method of claim 21, wherein the authorization ticket comprises an identity of the first device and a validity range during which the authorization ticket is valid.
  - 28. The method of claim 21, wherein the authorization ticket comprises an identity of the first device, a validity range during which the authorization ticket is valid, and a cryptographic signature.

29. A wireless communications apparatus, comprising:
- a memory that retains instructions related to receiving a request from at least a first device for system access, performing authentication of the at least a first device, determining system access that can be authorized for the first device, and generating an authorization ticket for the at least a first device based in part on the authorized system access; and
  
  a processor, coupled to the memory, configured to execute the instructions retained in the memory.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The wireless communications apparatus of claim 29, wherein authentication of the at least a first device is obtained over a secure communication link from a network device.
  - 31. The wireless communications apparatus of claim 29, wherein determining system access comprises consulting a configuration parameters database that contains a listing of a plurality of devices that are authorized to access the system.
  - 32. The wireless communications apparatus of claim 29, wherein the authentication or the authorized system access is determined by credentials associated with the first device, the credentials are at least one of shared secret keys, public keys, authorization information, a list of services, billing information, or combinations thereof.
  - 33. The wireless communications apparatus of claim 29, wherein the authorization ticket comprises an identity of the first device, a validity period during which the authorization ticket is valid, and a cryptographic signature.

34. A wireless communications apparatus that provides spectrum authorization, comprising:
- means for receiving a request from at least a first device for system access;
  
  means for performing authentication of the at least a first device;
  
  means for determining system access that can be provided to the at least a first device; and
  
  means for generating an authorization ticket for the at least a first device based in part on the authorized system access.
- View Dependent Claims (35, 36)
- - 35. The wireless communications apparatus of claim 34, wherein the authorization ticket comprises an identity of the first device, a validity range during which the authorization ticket is valid, and a cryptographic signature.
  - 36. The wireless communications apparatus of claim 34, further comprising:
    - means for consulting a configuration parameters database that contains a listing of a plurality of devices that are authorized to access the system.

37. A computer program product, comprising:
- a computer-readable medium comprising;
  
  a first set of codes for causing a computer to receive a request from a first device for system access;
  
  a second set of codes for causing the computer to perform authentication of the first device;
  
  a third set of codes for causing the computer to determine system access that can be authorized for the first device; and
  
  a fourth set of codes for causing the computer to generate an authorization ticket for the first device based on the authorized system access.
- View Dependent Claims (38)
- - 38. The computer program product of claim 37, wherein determining system access comprises consulting a configuration parameters database that contains a listing of a plurality of devices that are authorized to access the system and wherein the authentication or the authorized system access is determined based on credentials associated with the first device, the credentials are at least one of shared secret keys, public keys, authorization information, a list of services, billing information, or combinations thereof.

39. At least one processor configured to provide spectrum authorization, comprising:
- a first module for receiving a request from at least a first device for system access;
  
  a second module for performing authentication of the at least a first device;
  
  a third module for determining system access that can be authorized for the at least a first device; and
  
  a fourth module for generating an authorization ticket for the at least a first device based in part on the authorized system access, wherein the authorization ticket comprises an identity of the at least a first device, a validity range during which the authorization ticket is valid, and a cryptographic signature.
- View Dependent Claims (40)
- - 40. The at least one processor of claim 39, wherein the fourth module utilizes credentials associated with the first device to determine the system access that can be authorized, wherein the credentials are at least one of shared secret keys, public keys, authorization information, a list of services, billing information, or combinations thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Xiao, Lu, Vanderveen, Michaela

Granted Patent

US 8,862,872 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 84/18   Self-organising networks, e...

TICKET-BASED SPECTRUM AUTHORIZATION AND ACCESS CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

TICKET-BASED SPECTRUM AUTHORIZATION AND ACCESS CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links