ZERO SIGN-ON AUTHENTICATION

US 20170195703A1
Filed: 03/21/2017
Published: 07/06/2017
Est. Priority Date: 12/31/2009
Status: Active Grant

First Claim

Patent Images

1. A method of providing zero sign-on (ZSO) authentication comprising:

determining a media access request from a first device requesting access to a media service associated with a service provider, the media access request being transmitted using signaling through a gateway;

determining a location for the gateway as a function of information included within the media access request;

determining a level of trust for a second device determined to be at the location; and

enabling the first application or operating system ZSO authentication sufficient to access the media service if the level of trust is sufficient and denying the first application or operating system ZSO authentication if the level of trust is insufficient.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A authenticating system and process for authenticating user devices to a access a media service where access to certain portions of the media service may be limited according to a gateway or other device used by a user device to facilitate interfacing a user with the media service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.

Citations

20 Claims

1. A method of providing zero sign-on (ZSO) authentication comprising:
- determining a media access request from a first device requesting access to a media service associated with a service provider, the media access request being transmitted using signaling through a gateway;
  
  determining a location for the gateway as a function of information included within the media access request;
  
  determining a level of trust for a second device determined to be at the location; and
  
  enabling the first application or operating system ZSO authentication sufficient to access the media service if the level of trust is sufficient and denying the first application or operating system ZSO authentication if the level of trust is insufficient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method claim 1 further comprising providing the first device ZSO authentication by enabling the first device access to the media service without requiring the user to input a username and password combination to the first device and without requiring communication of the username and password combination via the signaling being transmitted through the gateway from the first device to facilitate transmitting the media access request.
  - 3. The method claim 2 further comprising providing the first device sign-on (SO) authentication sufficient to access the media service following transmission of the username and password combination from the first device via the gateway when the level of trust is insufficient for ZSO authentication.
  - 4. The method of claim 2 further comprising determining the level of trust for the second device as a function of a credential transmitted to the service provider via signaling sent independently of the gateway such that the level of trust is determined independently of the gateway and without assessing trustworthiness of the gateway, including determining the level of trust to be sufficient if the credential includes information or data indicating the second device is within a domain of the service provider.
  - 5. The method claim 1 further comprising:
    - receiving a credential from the second device; and
      
      determining the level of trust for the second device as a function of information included within the credential.
  - 6. The method claim 5 further comprising receiving the credential within signaling transmitted from the second device to the service provider through the gateway proximate in time to the media request transmitted from the first device to the service provider through the gateway.
  - 7. The method of claim 5 further comprising receiving the credential through signaling transmitted independently of the gateway.
  - 8. The method claim 7 further comprising receiving the credential through signaling transmitted over a private network of the service provider, the gateway being unable to facilitate signaling over the private network.
  - 9. The method claim 1 further comprising:
    - receiving a nonce signed by the second device via signaling transmitted from the first device through the gateway; and
      
      determining the level of trust for the second device as a function of information associated with the nonce if a signature of the nonce is verified to be that of the second device.
  - 10. The method of claim 9 further comprising:
    - determining a port being used by the second device to listen for messages carried over a network at the location; and
      
      directing the first device to transmit the nonce to the port for signature by the second device.
  - 11. The method claim 10 wherein the gateway provides network address translation (NAT) for the network such that the first and second devices are each assigned a unique inside address when communicating over the network and a same outside address when communicating outside of the network, the media access request being transmitted through the gateway outside of the network.
  - 12. The method of claim 1 further comprising selecting the second device from a plurality of devices, each of the plurality of devices being associated with an Internet Protocol (IP) address used by the gateway to facilitate signaling over an outside network operating independently of an inside network connecting the first and second devices to the gateway.
  - 13. The method of claim 12 further comprising determining the IP addresses for the plurality of devices as a function of signaling initiated with a dial home application operating thereon, the dial home application instructing the plurality of devices to contact the service provider for the purposes of determining the IP address.

14. A non-transitory computer-readable medium having a plurality of instructions executable with a processor to facilitate providing zero sign-on (ZSO) authentication, the plurality of instructions being sufficient for:
- determining a media access request from a first application or operating system requesting access to a media service associated with a service provider, the media access request being transmitted using signaling through a gateway or a device;
  
  determining a location for the gateway or the device as a function of information included within the media access request;
  
  determining a level of trust for a second application or operating system determined to be at the location; and
  
  enabling the first application or operating system ZSO authentication sufficient to access the media service if the level of trust is sufficient and denying the first application or operating system ZSO authentication if the level of trust is insufficient.

15. The non-transitory computer-readable medium of claim 15 further comprising instructions sufficient for:
- instructing the first application or operating system to request the second application or operating system to sign a nonce provided from the first application or operating system for purposes of generating a signed nonce;
  
  instructing the first application or operating system to transmit the signed nonce; and
  
  verifying the signed nonce as having been previously signed by the second application or operating system before determining the level of trust to be sufficient for the ZSO authentication.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer-readable medium of claim 15 further comprising instructions sufficient for:
    - determining a credential from the second application or operating system; and
      
      determining the level of trust for the second application or operating system as a function of information included within the credential.
  - 17. The non-transitory computer-readable medium of claim 15 further comprising instructions sufficient for:
    - determining a nonce communicated from the first application or operating system, the nonce being previously signed by the second application or operating system and transmitted to the first application or operating system; and
      
      determining the level of trust for the second application or operating system as a function of information associated with the nonce if a signature of the nonce is verified to be that of the second application or operating system.

18. A non-transitory computer-readable medium having a plurality of instructions executable with a processor to facilitate providing zero sign-on (ZSO) authentication, the plurality of instructions being sufficient for:
- providing a credential to a first device following successful completion of a sign-on (SO) operation;
  
  determining a media access request from a second device requesting access to a media service associated with a service provider, the media access request including the credential provided to the first device;
  
  determining a level of trust for the first device as a function of the credential included within the media access request; and
  
  enabling the first device ZSO authentication sufficient to access the media service if the level of trust is sufficient and denying the first device ZSO authentication if the level of trust is insufficient.

19. The non-transitory computer-readable medium of claim 19 further comprising instructions sufficient for:
- determining the media access request form signaling communicated through a gateway in wireless communication with both of the first and second devices; and
  
  determining the credential through signaling transmitted over a private network of the service provider, the gateway being unable to facilitate signaling over the private network.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19 further comprising instructions sufficient for issuing a redirect to the first device to facilitate enabling the first device ZSO authentication sufficient to access the media service, the redirect being sufficient for automatically directing the first device to the media service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart, Marcia, Oscar, Krauss, Simon, Durbha, Seetharama R.

Granted Patent

US 10,116,980 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/1012   to domains

H04L 47/70   Admission control; Resource...

H04L 61/256   NAT traversal

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

H04L 65/1023   Media gateways

H04N 21/25816   involving client authentica...

H04N 21/25841   involving the geographical ...

ZERO SIGN-ON AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ZERO SIGN-ON AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links