MULTI-ISP CONTROLLED ACCESS TO IP NETWORKS, BASED ON THIRD-PARTY OPERATED UNTRUSTED ACCESS STATIONS
First Claim
1. A method for performing mutual authentication and authorization of a user'"'"'s terminal device (U) and an Internet Service Provider (P) in order to establish secure communication between the terminal (U) and a trusted network element (T) to the Internet via an untrusted access station (A) comprising:
- establishing an association between a terminal (U) and an untrusted access station (A);
transmitting an ISP authentication packet from terminal (U) to ISP (P) via the untrusted access station (A);
sending a user authentication packet from said ISP (P) to said terminal (U) via said untrusted access station (A);
upon authentication of said terminal (U) and said ISP (P), said ISP performs the following;
generating a session key;
distributing said session key to said terminal (U) and a trusted network element (T), wherein said session key is used to encrypt traffic between the terminal (U) and the trusted network element (T);
establishing a secure tunnel such that the terminal (U) may communicate with the Internet via said trusted network element (T);
wherein said secure tunnel emulates a physical link between the terminal (U) and the trusted network element (T) such that traffic transmitted between the terminal (U) and said Internet via said trusted network element (T) is secure from modification or eavesdropping by said untrusted access station (A),wherein a connection is established between the terminal and the ISP for trusted network services without providing the terminal with direct access to the Internet.
0 Assignments
0 Petitions
Accused Products
Abstract
A mechanism that allows sharing of an existing infrastructure for access to public or private IP networks, such as the public Internet or private LANs is provided. Specifically, infrastructure owners lease the infrastructure resources on a short-term basis to different Internet Service Providers (ISPs). An ISP uses these resources to provide Internet services to subscribing customers or users. The ISP controls all aspects of the Internet service provided to the subscriber, including billing, bandwidth management, and e-mail. The ISP also ensures privacy for the subscriber by means of encryption. Leasing network resources from an existing network infrastructure frees the ISP from building an expensive access infrastructure itself while the infrastructure owner is given an opportunity to generate additional revenue from infrastructure. Importantly, neither the user, nor the ISP need to trust the access station (i.e.: the access station is untrusted) through which the access to the IP network is accomplished.
-
Citations
3 Claims
-
1. A method for performing mutual authentication and authorization of a user'"'"'s terminal device (U) and an Internet Service Provider (P) in order to establish secure communication between the terminal (U) and a trusted network element (T) to the Internet via an untrusted access station (A) comprising:
-
establishing an association between a terminal (U) and an untrusted access station (A); transmitting an ISP authentication packet from terminal (U) to ISP (P) via the untrusted access station (A); sending a user authentication packet from said ISP (P) to said terminal (U) via said untrusted access station (A); upon authentication of said terminal (U) and said ISP (P), said ISP performs the following; generating a session key; distributing said session key to said terminal (U) and a trusted network element (T), wherein said session key is used to encrypt traffic between the terminal (U) and the trusted network element (T); establishing a secure tunnel such that the terminal (U) may communicate with the Internet via said trusted network element (T); wherein said secure tunnel emulates a physical link between the terminal (U) and the trusted network element (T) such that traffic transmitted between the terminal (U) and said Internet via said trusted network element (T) is secure from modification or eavesdropping by said untrusted access station (A), wherein a connection is established between the terminal and the ISP for trusted network services without providing the terminal with direct access to the Internet. - View Dependent Claims (2, 3)
-
Specification