DEVICE-SPECIFIC AUTHORIZATION AT DISTRIBUTED LOCATIONS

US 20140380435A1
Filed: 09/09/2014
Published: 12/25/2014
Est. Priority Date: 07/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving authentication information at a server for a client device coupled to a first network, wherein the authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret;

receiving the authentication seed at the server;

retrieving a second secret at the server;

computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and the second secret; and

in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access a second network coupled to the first network based on the geographic location, enabling, via the server, the client device to access the second network, wherein the second network is different from the first network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving authentication information for a client device at a server. The authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret. The method includes computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location.

Citations

20 Claims

1. A method comprising:
- receiving authentication information at a server for a client device coupled to a first network, wherein the authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret;
  
  receiving the authentication seed at the server;
  
  retrieving a second secret at the server;
  
  computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and the second secret; and
  
  in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access a second network coupled to the first network based on the geographic location, enabling, via the server, the client device to access the second network, wherein the second network is different from the first network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the client device is authorized to access the second network from a first location, and wherein the client device is not authorized to access the second network from a second location.
  - 3. The method of claim 1, wherein the geographic location includes global positioning system information, a fast-food restaurant location, a coffee shop location, a room identification, a room number, a room name, or a combination thereof.
  - 4. The method of claim 1, wherein the geographic location is received from an access point or from the client device.
  - 5. The method of claim 1, wherein the one-way hash function includes a message-digest 2 function, a message-digest 4 function, a message-digest 5 function, a race integrity primitives evaluation message digest function, an abreast davies-meyer function, a davies-meyer function, a haval function, a gost hash function, a n-hash function, a secure hash algorithm, a snefru function, or a combination thereof.
  - 6. The method of claim 1, wherein the authentication seed comprises a number, a character, or a combination thereof.

7. A computer-readable storage device comprising instructions that, when executed by a processing system, cause the processing system to perform operations including:
- receiving, from a computing device coupled to a first network, a first result of a one-way hash function;
  
  computing a second result of the one-way hash function based on a combination including an authentication seed and a shared secret;
  
  determining that the first result matches the second result;
  
  determining a geographic location of the computing device;
  
  determining that the computing device is permitted network access from the geographic location; and
  
  determining that the computing device is permitted access to a second network based on the first result matching the second result and that the computing device is permitted network access from the geographic location.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The computer-readable storage device of claim 7, wherein the operations further include transmitting the authentication seed to the computing device.
  - 9. The computer-readable storage device of claim 7, wherein the operations further include transmitting the shared secret to the computing device.
  - 10. The computer-readable storage device of claim 7, wherein the shared secret is a particular shared secret of a plurality of shared secrets.
  - 11. The computer-readable storage device of claim 10, wherein the operations further include:
    - using the authentication seed and a different shared secret of the plurality of shared secrets to compute a new second result when the first result does not match the second result; and
      
      determining that the computing device is permitted access to the second network based on the first result matching the new second result and that the computing device is permitted network access from the geographic location.
  - 12. The computer-readable storage device of claim 7, wherein the operations further include receiving a shared secret update comprising a plurality of shared secrets.
  - 13. The computer-readable storage device of claim 7, wherein the combination further includes a media access control address of the computing device.
  - 14. The computer-readable storage device of claim 7, wherein the computing device comprises a cash register, a point of sale terminal, a smart card reader, a camera, a bar code reader, a radio frequency identification reader, a credit card reader, a remote order placing device, or a combination thereof.
  - 15. The computer-readable storage device of claim 7, wherein the computing device comprises a portable computer, a personal digital assistant, a mobile communication device, a wearable computing device, an internet device, or a combination thereof.

16. A system comprising:
- a processor; and
  
  a memory coupled to the processor,wherein the memory includes program instructions executable by the processor to perform operations including;
  
  sending an authentication seed via an access point and a first network to a computing device;
  
  receiving a first result of a one-way hash function from the computing device;
  
  selecting a shared secret from a plurality of shared secrets;
  
  computing a second result of the one-way hash function based on a combination including the authentication seed and the shared secret; and
  
  determining that the computing device is permitted access to a second network based on the first result matching the second result and based on a location of the computing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the access point is at a particular geographic location, and wherein determining that the computing device is permitted to access the second network based on the location of the computing device comprises using the particular geographic location as the location of the computing device.
  - 18. The system of claim 16, wherein the second network includes the Internet.
  - 19. The system of claim 16, wherein the operations further include transmitting the shared secret to the computing device.
  - 20. The system of claim 16, wherein the operations further include:
    - receiving a request for the shared secret from the computing device; and
      
      transmitting the shared secret to the computing device in response to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayport, Inc. (AT&T, Inc.)
Original Assignee
Wayport, Inc. (AT&T, Inc.)
Inventors
Keeler, James D., Melendez, John R.

Granted Patent

US 10,320,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04W 12/06   Authentication

H04W 12/106   Packet or message integrity

H04W 8/26   Network addressing or numbe...

DEVICE-SPECIFIC AUTHORIZATION AT DISTRIBUTED LOCATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE-SPECIFIC AUTHORIZATION AT DISTRIBUTED LOCATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links