Unattended Authentication in a Secondary Authentication Service for Wireless Carriers
First Claim
1. A method for a wireless device to send identity and credential information in an unsolicited HTTP(s) POST operation without first having a session established to a secondary authentication service (2AS), comprising:
- receiving an unsolicited HTTP(s) POST including a user identity and credentials from a wireless device which does not have a session with a relevant secondary authentication service;
using said user identity and credentials from said unsolicited HTTP(s) POST to complete interaction with a downstream management server on a wireless carrier network or in a private enterprise network;
receiving a response from an identity management server; and
based on said response, authorizing use of a private enterprise network resource protected by said secondary authentication service.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless device initiates a connection by sending an Unsolicited HTTP(s) POST that includes a user identity and credentials, not in response to a form that is provided to the wireless device from a secondary authentication service (2AS), so the 2AS does not have a session with the wireless device. An HTTP(s) session is handled by a home agent or enterprise home agent. The 2AS uses the user identity and credentials from the Unsolicited POST to complete interaction with a downstream identity management server, and takes appropriate action by either indicating to the home agent that authentication was successful and the device is authorized to use the private enterprise network resources protected by the 2AS process; or if the authentication was unsuccessful that the session(s) should be disconnected. In addition, the 2AS may communicate with the agent on the wireless device to send intermediate and final status of the attempt.
-
Citations
2 Claims
-
1. A method for a wireless device to send identity and credential information in an unsolicited HTTP(s) POST operation without first having a session established to a secondary authentication service (2AS), comprising:
-
receiving an unsolicited HTTP(s) POST including a user identity and credentials from a wireless device which does not have a session with a relevant secondary authentication service; using said user identity and credentials from said unsolicited HTTP(s) POST to complete interaction with a downstream management server on a wireless carrier network or in a private enterprise network; receiving a response from an identity management server; and based on said response, authorizing use of a private enterprise network resource protected by said secondary authentication service.
-
-
2. A secondary authentication service server, comprising:
-
an HTTP(s) POST receiver module to receive an unsolicited HTTP(s) POST including a user identity and credentials from a wireless device which does not have a session with a relevant secondary authentication service; an interaction module to use said user identity and credentials from said unsolicited HTTP(s) POST to complete interaction with a downstream management server on a wireless carrier network or in a private enterprise network; and an authorization module to authorize use of a private enterprise network resource protected by said secondary authentication service server based on a response from an identity management server. whereby a wireless device is enabled to send identity and credential information in an unsolicited HTTP(s) POST operation without first having a session established to said secondary authentication service (2AS).
-
Specification
-
- Resources
-
Current AssigneeTeleCommunication Systems Inc (Comtech Telecommunications Corporation)
-
Original AssigneeTeleCommunication Systems Inc (Comtech Telecommunications Corporation)
-
InventorsWells, William, Lean, Yoogin, McFarland, Keith A.
-
Application NumberUS13/706,515Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/4CPC Class CodesH04L 63/168 above the transport layerH04W 12/06 Authentication
