METHOD AND SYSTEM FOR WIRELESS CONNECTING A MOBILE DEVICE TO A SERVICE PROVIDER THROUGH A HOSTING WIRELESS ACCESS NODE

US 20120045060A1
Filed: 04/30/2009
Published: 02/23/2012
Est. Priority Date: 04/30/2009
Status: Active Grant

First Claim

Patent Images

1. Method for commissioning a wireless connection with a related authentication to a remote relay node, whereto an electronic mobile device (1) is connected through at least one wireless communication module (11) to a hosting wireless access node (2) for transmitting/receiving data to/from a service provider (5) available on the Internet by means of a commissioned relay access node (4) selected by an authentication and commissioning manager (3), the method comprisingan association phase performed at OSI layer 2 initiated by the mobile device wireless communication module (11) to establish a connection with at least one wireless communication module (21) of the hosting wireless access node (2);

an identification phase performed at OSI layer 2 initiated by an authentication module (24) of the hosting wireless access node (2) to retrieve from a client authentication module (12) of the mobile device (1) at least its authentication credentials provided by an authentication credentials module (13);

an access verification phase initiated by the hosting wireless access node authentication module (24) to retrieve from an authentication server (31) of the authentication and commissioning manager (3) the commissioned relay access node (4) to be used;

a commissioned relay access node selection phase initiated by the authentication server (31) to retrieve from a commissioned relay access node selector (32) of the authentication and commissioning manager (3) the commissioned relay access node (4) to be used;

a tunnel creation phase initiated by a tunnel/optimization module (22) of the hosting wireless access node (2) to establish a tunnel with a tunneling/optimization module (41) of the commissioned relay access node (4);

a transfer of the authentication state phase initiated by the hosting wireless access node authentication module (24) to transfer at least the mobile device authentication credentials to an authentication module (43) of the selected commissioned relay access node (4);

the transfer being encapsulated into the tunnel;

an authentication phase performed at OSI layer 2 initiated by the commissioned relay access node authentication module (43) to handshake with the mobile device client authentication module the authentication data used to establish a trusted connection between the commissioned relay access node (4) and the mobile device (1);

the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node (4) and the hosting wireless access node (2);

a data transfer phase to transfer data between the mobile device (1) and the service provider (5);

the data exchanged by the mobile device 1, contained in OSI layer 2 data units and transmitted on the wireless connection with the hosting wireless access node 2, is encapsulated into the tunnel between the hosting wireless access node (2) and the commissioned relay access node (4);

the data is then extracted from the OSI layer 2 data units and finally forwarded by the commissioned relay access node (4) to the service provider (5);

the service provider (5) thereby is exchanging data with the commissioned relay access node (4) and not directly with the hosting wireless access node (2).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for commissioning a wireless connection with a related authentication and the eventual encryption to a remote relay node, whereto an electronic mobile device is connected to a hosting wireless access node for transmitting/receiving data to/from a service provider available on the Internet by means of a commissioned relay access node selected by an authentication and commissioning manager. The data transfer between the mobile device and the service provider is encapsulated into the tunnel between the hosting wireless access node and the commissioned relay access node and is finally forwarded by the commissioned relay access node to the service provider. The service provider thereby is exchanging data with the commissioned relay access node and not directly with the hosting wireless access node.

49 Citations

View as Search Results

28 Claims

1. Method for commissioning a wireless connection with a related authentication to a remote relay node, whereto an electronic mobile device (1) is connected through at least one wireless communication module (11) to a hosting wireless access node (2) for transmitting/receiving data to/from a service provider (5) available on the Internet by means of a commissioned relay access node (4) selected by an authentication and commissioning manager (3), the method comprisingan association phase performed at OSI layer 2 initiated by the mobile device wireless communication module (11) to establish a connection with at least one wireless communication module (21) of the hosting wireless access node (2);
- an identification phase performed at OSI layer 2 initiated by an authentication module (24) of the hosting wireless access node (2) to retrieve from a client authentication module (12) of the mobile device (1) at least its authentication credentials provided by an authentication credentials module (13);
  
  an access verification phase initiated by the hosting wireless access node authentication module (24) to retrieve from an authentication server (31) of the authentication and commissioning manager (3) the commissioned relay access node (4) to be used;
  
  a commissioned relay access node selection phase initiated by the authentication server (31) to retrieve from a commissioned relay access node selector (32) of the authentication and commissioning manager (3) the commissioned relay access node (4) to be used;
  
  a tunnel creation phase initiated by a tunnel/optimization module (22) of the hosting wireless access node (2) to establish a tunnel with a tunneling/optimization module (41) of the commissioned relay access node (4);
  
  a transfer of the authentication state phase initiated by the hosting wireless access node authentication module (24) to transfer at least the mobile device authentication credentials to an authentication module (43) of the selected commissioned relay access node (4);
  
  the transfer being encapsulated into the tunnel;
  
  an authentication phase performed at OSI layer 2 initiated by the commissioned relay access node authentication module (43) to handshake with the mobile device client authentication module the authentication data used to establish a trusted connection between the commissioned relay access node (4) and the mobile device (1);
  
  the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node (4) and the hosting wireless access node (2);
  
  a data transfer phase to transfer data between the mobile device (1) and the service provider (5);
  
  the data exchanged by the mobile device 1, contained in OSI layer 2 data units and transmitted on the wireless connection with the hosting wireless access node 2, is encapsulated into the tunnel between the hosting wireless access node (2) and the commissioned relay access node (4);
  
  the data is then extracted from the OSI layer 2 data units and finally forwarded by the commissioned relay access node (4) to the service provider (5);
  
  the service provider (5) thereby is exchanging data with the commissioned relay access node (4) and not directly with the hosting wireless access node (2).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. Method according to the claim 1 characterized by the fact that the authentication phase initiated by the commissioned relay access node authentication module (43) is followed by a keys negotiation phase performed at OSI layer 2 to handshake with the mobile device client authentication module (12) at least one session key to be used for the data encryption from a cryptography module (14) of the mobile device (1) and a cryptography module (47) of the commissioned relay access node (4);
    - the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node and the hosting wireless access node.
  - 3. Method according to the claim 1 characterized by the fact that said commissioned relay access node selector module (32) selects the hosting wireless access node (2) as the commissioned relay access node thereby skipping the tunnel creation phase and the transfer phase of the authentication state;
    - in addition the authentication phase is initiated by the hosting wireless access node authentication module (24) and the data is directly forwarded to the service provider (5) by the hosting wireless access node (2) instead of being encapsulated in a tunnel.
  - 4. Method according to the claim 3 characterized by the fact that the authentication phase initiated by the hosting wireless access node authentication module (24) is followed by a keys negotiation phase performed at OSI layer 2 to handshake with the mobile device client authentication module (12) at least one session key to be used for the data encryption from a cryptography module (14) of the mobile device (1) and a cryptography module (28) of the hosting wireless access node (2).
  - 5. Method according to the claim 1 or 2 characterized by the fact that the access verification phase comprisesan access request, sent by the authentication module (24) of the hosting wireless access node (2) to the authentication server (31) of the authentication and commissioning server (3), containing at least the authentication credentials of the mobile device (1) and at least the access node authentication credentials provided by an authentication credentials module (25) of said hosting wireless access node (2);
    - an access response, generated by the authentication server (31) provided by the authentication and commissioning manager (3), containing at least one IP address and at least one tunnel port to be used by the tunneling/optimization module (22) of the hosting wireless access node (2) to establish a tunnel with the tunneling/optimization module (41) of the commissioned relay access node (4) to be used.
  - 6. Method according to the claims 3 or 4 and 5 characterized by the fact that the access response contains at least a code indicating to the hosting wireless access node (2) that it has been selected as the commissioned relay access node and so it has to manage directly the traffic coming by the mobile device (1).
  - 7. Method according to the claim 5 characterized in that the commissioned relay access node selector (32) selects the commissioned relay access node to be used by the mobile device (1) and its availability with a commissioned relay access node selection phase comprisingthe identification, by the commissioned relay access node selector (32), of at least one commissioned relay access node candidate on the basis of a static or dynamic mapping of the mobile device 1 authentication credentials to at least one access node authentication credentials contained in an access nodes repository (34) of the authentication and commissioning manager (3);
    - an availability request sent by the commissioned relay access node selector (32) to an access nodes availability server (33);
      
      the availability request containing at least the authentication credentials of at least one commissioned relay access node candidate;
      
      an availability response generated by the access node availability server, containing for each commissioned relay access node candidate at least one IP address and at least one tunnel port;
      
      the selection of only one of the available commissioned relay access node candidates to be used by the mobile device.
  - 8. Method according to the claim 7 characterized in that the access nodes availability server (33) contains a static or dynamic mapping between each access node authentication credentials and at least one IP address and at least one tunnel port on which the access node can be contacted to establish a tunnel.
  - 9. Method according to the claim 7 characterized in that the access response contains at least a code indicating to the authentication module (24) of the hosting wireless access node (2) that the mobile device authentication process should be aborted in case the mobile device authentication credentials are not mapped to any one of the access node authentication credentials contained in the access nodes repository (34).
  - 10. Method according to the claim 8 characterized in that the availability response contains at least a code indicating to the commissioned relay access node selector (32) that no one of the commissioned relay access node candidates is available and so the access response should contain at least a code indicating to the authentication module (24) of the hosting wireless access node (2) that the mobile device authentication process should be aborted.
  - 11. Method according to the claim 8 characterized in that the access nodes availability server (33) is updated by an availability client module (26 and 45) of an access node and by an availability data cleaner (35) of the authentication and commissioning manager (3).
  - 12. Method according to the claim 11 characterized in that the availability client module (26 and 45) of an access node, triggered by a timer (27 and 46) of the same access node, sends an availability update message to the access nodes availability server (33) containing at least the authentication credentials retrieved from an authentication credentials module (25 and 44) of the same access node and at least one IP address retrieved from a WAN communication module (23 and 42) of the same access node and at least one tunnel port retrieved from a tunneling/optimization module (22 and 41) of the same access node.
  - 13. Method according to the claim 11 characterized in that the availability data cleaner (35), triggered by a timer (36) of the authentication and commissioning manager, retrieves from the access nodes repository (34) at least the list of the access nodes it contains and then sends a request to the access nodes availability server (33) for resetting, on the basis of the age of the entries, the at least one IP address and the at least one tunnel port mapped to the oldest access nodes authentication credentials entries;
    - this data being eventually updated by the availability client module of an access node with an availability update.
  - 14. Method according to any one of the claims 1 to 13 characterized in that a plurality of mobile devices can be simultaneously connected to the same hosting wireless access node (2);
    - the traffic of each one, if not directly managed, being redirected, encapsulated in tunnels, to the commissioned relay access nodes selected by the commissioned relay access node selector (32) of the authentication and commissioning manager (3).
  - 15. Method according to any one of the claims 1 to 14 characterized in that a plurality of access nodes can be managed by the same authentication and commissioning manager (3).

16. System for commissioning a wireless connection with a related authentication to a remote relay node, whereto an electronic mobile device (1) is able to establish a connection with a hosting wireless access node (2) for transmitting/receiving data to/from a service provider (5) available on the Internet by means of a commissioned relay access node (4) selected by an authentication and commissioning manager (3), characterized in thatthe electronic mobile device (1) comprises at least one wireless communication module (11) to establish a connection with the hosting wireless access node (2) and at least one client authentication module (12) providing means to authenticate the mobile device connection, by exchanging OSI layer 2 identification requests and responses with an authentication module (24) of the hosting wireless access node (2) and by exchanging OSI Layer 2 authentication requests and responses with an authentication module (43) of the commissioned relay access node (4), and at least one authentication credentials module (13) providing means to univocally identify the mobile device or its user;
- the hosting wireless access node (2) comprises at least one wireless communication module (21) providing means to manage at least one wireless connection and at least one WAN communication module (23) providing means to reach the Internet and at least one authentication module (24) providing means to retrieve at OSI layer 2 from the mobile device client authentication module (12) at least its authentication credentials and means to retrieve from the authentication and commissioning manager (3) the commissioned relay access node (4) to be used and means to transfer to the commissioned relay node (4) the retrieved mobile device authentication credentials;
  
  furthermore the hosting wireless access node (2) comprises at least one tunneling/optimization module (22) providing means to manage and eventually optimize at least one tunnel connection with a commissioned relay access node (4) and means to encapsulate and send into this tunnel the mobile device authentication credentials and means to encapsulate/decapsulate the OSI Layer 2 authentication requests and responses exchanged between the mobile device (1) and the commissioned relay access node (4) and means to encapsulate the data, contained in OSI layer 2 data units and received on the wireless connection, sent from the mobile device (1) to the service provider (5) and finally means to decapsulate and forward to the mobile device (1) the data, included in OSI layer 2 data units received from the commissioned relay access node 4, sent from the service provider (5);
  
  the authentication and commissioning manager (3) comprises at least one commissioned relay access node selector (32) providing means to statically or dynamically map each mobile device authentication credentials to at least one access node authentication credentials and at least one authentication server (31) providing means to communicate to the hosting wireless access node authentication module (24) the access node to be used to manage the traffic generated by the mobile device (1);
  
  the commissioned relay access node (4) comprises at least one WAN communication module (42) providing means to reach the Internet and at least one authentication module (43) providing means to authenticate the connected mobile device (1), in order to obtain a trusted connection, by retrieving the mobile device authentication credentials from the hosting wireless access node authentication module (24) and by exchanging OSI layer 2 authentication requests and responses with the mobile device client authentication module (12);
  
  furthermore the commissioned relay access node (4) comprises at least one tunneling/optimization module (41) providing means to manage and eventually optimize at least one tunnel connection with a hosting wireless access node (2) and means to decapsulate the mobile device authentication credentials received and make them available to the authentication module (43) and means to encapsulate/decapsulate the OSI layer 2 authentication requests and responses exchanged with the mobile device (1) and means to encapsulate the data from the service provider (5), after including it into OSI layer 2 data units, to the mobile device (1) and finally means to decapsulate and forward to the service provider (5) the data sent from the mobile device (1).
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. System according to the claim 16 characterized in that the mobile device comprises at least one cryptography module (14) providing means to encrypt/decrypt the data exchanged with a commissioned relay access node;
    - the commissioned relay access node (4) comprises at least one cryptography module (47) providing means to encrypt/decrypt the data exchanged with the mobile device (1);
      
      the client authentication module (12) of the mobile device (1) and the authentication module (43) of the commissioned relay access node (4) provide further means to exchange at OSI layer 2 keys negotiation requests and responses, via the tunnel between the commissioned relay access node (4) and the hosting wireless access node (2), in order to define at least one session key to be used for the encryption/decryption process.
  - 18. System according to the claim 16 characterized in thatthe hosting wireless access node (2) provides means to directly forward to the service provider (5) the traffic generated by the mobile device (1) if the authentication and commissioning manager (3) identifies the hosting wireless access node (2) as the commissioned relay access node;
    - the hosting wireless access node authentication module (24) provides further means to exchange authentication requests and responses with the mobile device client authentication module (12).
  - 19. System according to the claim 18 characterized in thatthe hosting wireless access node (2) comprises at least one cryptography module (28) providing means to encrypt/decrypt the data exchanged with the mobile device (1);
    - the authentication module (24) of the hosting wireless access node (2) provide further means to exchange at OSI layer 2 keys negotiation requests and responses with the client authentication module (12) of the mobile device (1) in order to define at least one session key to be used for the encryption/decryption process.
  - 20. System according to the claim 16 or 17 characterized in thatthe hosting wireless access node (2) comprises at least an authentication credentials module (25) providing means to univocally identify the access node;
    - the authentication module (24) of the hosting wireless access node (2) provides further means to send to the authentication server (31) of the authentication and commissioning server (3) at least the authentication credentials of the mobile device (1) and at least the access node authentication credentials provided by the authentication credentials module (25);
      
      the authentication server (31) of the authentication and commissioning manager (3) provides further means to send to the authentication module (24) of the hosting wireless access node (2) at least the one IP address and at least one tunnel port to be used by the tunneling/optimization module (22) of the hosting wireless access node (2) to establish a tunnel with the tunneling/optimization module (41) of the commissioned relay access node (4) to be used.
  - 21. System according to the claims 18 or 19 and 20 characterized in that the authentication server (31) of the authentication and commissioning manager (3) provides further means to send to the authentication module (24) at least a code indicating that it has been selected as the commissioned relay access node and so it has to manage directly the traffic coming by the mobile device (1).
  - 22. System according to the claim 20 characterized in thatthe authentication and commissioning manager (3) comprises at least one access nodes repository (34) providing means to statically or dynamically store at least the authentication credentials of the access nodes and at least one access nodes availability server (33) providing means to identify the available access nodes and means to associate each available access node authentication credentials to at least one IP address and at least one tunnel port on which the access node can be contacted to establish a tunnel;
    - the commissioned relay access node selector (32) of the authentication and commissioning manager (3) provides further means to retrieve from the access nodes availability server (33) at least one IP address and at least one tunnel port for each one of the access nodes mapped to the mobile device (1) authentication credentials and further means to select only one commissioned relay access node.
  - 23. System according to the claim 22 characterized in that the authentication server (31) of the authentication and commissioning manager (3) provides further means to communicate to the hosting wireless access node authentication module (24) at least a code indicating that the mobile device authentication process should be aborted if the mobile device (1) authentication credentials are not mapped to any one of the access node authentication credentials contained in the access node repository (34) or if no one of the access nodes mapped to the mobile device (1) authentication credentials is identified as available by the access nodes availability server (33).
  - 24. System according to the claim 22 characterized in thatthe hosting wireless access node (2) and the commissioned relay access node (4) comprises at least one availability client module (26 and 45) providing means to update the access nodes availability server (33) of the authentication and commissioning manager (3);
    - the authentication and commissioning manager (3) comprises at least one availability data cleaner (35) providing means to update the access nodes availability server (33).
  - 25. System according to the claim 24 characterized in thatthe hosting wireless access node (2) and the commissioned relay access node (4) comprises at least one timer (27 and 46) to trigger the availability client module (26 and 45) of the same access node;
    - the access node availability client module (26 and 45) provides further means to collect and to send to the access nodes availability server (33) of the authentication and commissioning manager (3), once triggered by the timer (27 or 46), at least the access node authentication credentials retrieved from the access node authentication credentials module (25 and 44) and at least one IP address retrieved from the access node WAN communication module (23 and 42) and at least one tunnel port retrieved from the access node tunneling/optimization module (22 and 41).
  - 26. System according to the claim 24 characterized in thatthe authentication and commissioning manager (3) comprises at least one timer (36) to trigger the availability data cleaner (35);
    - the availability data cleaner (35) of the authentication and commissioning manager (3) provides further means to retrieve from the access nodes repository (34), once triggered by the timer (36), at least the list of the access nodes it contains and further means to send a request to the access nodes availability server (33) for resetting the at least one IP address and the at least one tunnel port mapped to the oldest access nodes authentication credentials entries;
      
      those data being eventually updated by the access nodes availability client modules (26 and 45).
  - 27. System according to any one of the claims 16 to 26 characterized in that the hosting wireless access node (2) comprises means to support a plurality of mobile devices simultaneously connected and means to directly manage their traffic or redirect it, encapsulated in tunnels, to the commissioned relay access nodes selected by the commissioned relay access node selector (32) of the authentication and commissioning manager (3).
  - 28. System according to any one of the claims 16 to 27 characterized in that the authentication and commissioning manager (3) comprises means to support a plurality of access nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PeerTribe SA
Original Assignee
PeerTribe SA
Inventors
Maestrini, Angelo, de Vito, Fabio, Lenzarini, Davide

Granted Patent

US 8,428,264 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/274
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04W 12/06   Authentication

H04W 12/126   Anti-theft arrangements, e....

H04W 76/12   Setup of transport tunnels

H04W 88/02   Terminal devices

H04W 88/04   adapted for relaying to or ...

METHOD AND SYSTEM FOR WIRELESS CONNECTING A MOBILE DEVICE TO A SERVICE PROVIDER THROUGH A HOSTING WIRELESS ACCESS NODE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR WIRELESS CONNECTING A MOBILE DEVICE TO A SERVICE PROVIDER THROUGH A HOSTING WIRELESS ACCESS NODE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links