WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS

US 20130047218A1
Filed: 09/28/2012
Published: 02/21/2013
Est. Priority Date: 12/23/2005
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a mobile communication device on a network, the method comprising:

generating a set of tokens, each token of the set of tokens having a different expiry time;

transmitting the set of tokens to the mobile communication device over a first network;

receiving a request for access to a second network from the mobile communication devicereceiving a first token of the set of tokens from the mobile communication device;

verifying a user credential contained in the first token; and

authenticating the mobile communication device for access to the second network based on the by verifying the one of the plurality of tokens.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, and providing the device with a single-use token that can be used to sign on to a second network without requiring conventional re-authentication over the second network.

Citations

20 Claims

1. A method of authenticating a mobile communication device on a network, the method comprising:
- generating a set of tokens, each token of the set of tokens having a different expiry time;
  
  transmitting the set of tokens to the mobile communication device over a first network;
  
  receiving a request for access to a second network from the mobile communication devicereceiving a first token of the set of tokens from the mobile communication device;
  
  verifying a user credential contained in the first token; and
  
  authenticating the mobile communication device for access to the second network based on the by verifying the one of the plurality of tokens.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - receiving a second token of the set of tokens from the mobile communications device, wherein the second token has a later expiry time than the first token;
      
      verifying a user credential contained in the second token; and
      
      authenticating the mobile communications device for access to the second network beyond the expiry of the first token until the expiry of the second token.
  - 3. The method of claim 1, further comprising:
    - receiving a request for access to a third network from the mobile communications device upon the mobile communications device entering an area served by the third network;
      
      receiving a second token of the set of tokens from the mobile communications;
      
      verifying a user credential contained in the second token; and
      
      authenticating the mobile communications device for access to the third network based on the beyond the expiry of the first token until the expiry of the second token.
  - 4. The method of claim 3, wherein providing the encryption keys comprises providing the encryption keys with the plurality of tokens.
  - 5. The method of claim 1, wherein providing the plurality of tokens to the mobile communication device comprises generating at least one of the plurality of tokens at the request of the mobile communication device.
  - 6. The method of claim 1, wherein at least one of the plurality of tokens comprises a header and a token content and wherein providing the plurality of tokens to the mobile communication device further comprises encrypting the token contents.
  - 7. The method of claim 6, wherein encrypting the token contents comprises employing a PKI method.
  - 8. The method of claim 6, wherein authenticating the mobile communication device for access to the second network by verifying the token comprises decrypting the token contents.
  - 9. The method of claim 6, wherein encrypting the token contents comprises applying a hash function to the token contents.
  - 10. The method of claim 9, wherein the hash function is MD5 or SHA.

11. A communications network having authentication functions, comprising:
- an authentication system having a token generation module to provide a plurality of tokens to a mobile communication device over the communications network, the plurality of tokens having different expiry times; and
  
  an authenticator to receive one of the plurality of tokens from the mobile communication device over a separate network, to verify a token contents, and to grant the mobile communication device access to the separate network based on the verification of the token contents.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the token contents comprises a username and password for access to the second network.
  - 13. The system of claim 11, wherein the token generation module is further operable to receive a request from the mobile communication device.
  - 14. The system of claim 11, wherein the token generation module is further operable to encrypt the token contents.
  - 15. The system of claim 14, wherein to encrypt the token contents, the token generation module is operable to employ a PKI method.
  - 16. The system of claim 14, wherein the authenticator is further operable to decrypt the token.
  - 17. The system of claim 14, wherein the token generation module is further operable to apply a hash function to the token contents.

18. A method for authenticating mobile communication device to a heterogeneous network, comprising:
- receiving a set of tokens at a mobile communication device over a first network to which a mobile communication device is authenticated, each token of the set of tokens having a different expiry time;
  
  sending a first token the plurality of tokens from the mobile communication device to an authenticator over a second heterogeneous network; and
  
  receiving authorization to access the second network from the authenticator based on a verification of contents of the one of the plurality of tokens.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising:
    - upon entering an area served by a third network;
      
      transmitting a second token of the plurality of tokens from the mobile communication device to the authenticator; and
      
      receiving authorization to access the third network from the authenticator based on a verification of contents of the second token.
  - 20. The method of claim 18, the method further comprising:
    - if authentication to the second network fails based on the first token, then sending a second token of the plurality to the authenticator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
SMITH, Brian Norman

Granted Patent

US 8,959,598 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/18   using different networks or...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 12/068   using credential vaults, e....

WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

WIRELESS DEVICE AUTHENTICATION BETWEEN DIFFERENT NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links