DYNAMIC PASSCODES IN ASSOCIATION WITH A WIRELESS ACCESS POINT

US 20170244712A1
Filed: 02/22/2016
Published: 08/24/2017
Est. Priority Date: 02/22/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

after expiration of a first passcode, receiving, at an access point, a first access request from a first device, the first access request encrypted based on the first passcode;

determining whether an identifier of the first device is included in a device list associated with the first passcode, wherein the device list includes identifiers of devices that accessed the access point using encryption based on the first passcode before the expiration of the first passcode; and

in response to a determination that the identifier of the first device is included in the device list;

generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and

sending the data representing the second passcode to the first device from the access point.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes, after expiration of a first passcode, receiving, at an access point, a first access request from a first device. The first access request may be encrypted based on the first passcode. The method further includes determining whether an identifier of the first device is included in a device list associated with the first passcode. The device list includes identifiers of devices that accessed the access point using encryption based on the first passcode before the expiration of the first passcode. The method also includes, in response to a determination that the identifier of the first device is included in the device list generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode. The method further includes sending the data representing the second passcode to the first device from the access point.

21 Citations

View as Search Results

20 Claims

1. A method comprising:
- after expiration of a first passcode, receiving, at an access point, a first access request from a first device, the first access request encrypted based on the first passcode;
  
  determining whether an identifier of the first device is included in a device list associated with the first passcode, wherein the device list includes identifiers of devices that accessed the access point using encryption based on the first passcode before the expiration of the first passcode; and
  
  in response to a determination that the identifier of the first device is included in the device list;
  
  generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and
  
  sending the data representing the second passcode to the first device from the access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - before the expiration of the first passcode, receiving a second access request from the first device, the second access request encrypted based on the first passcode;
      
      determining, based on the second request, whether the identifier of the first device is included in a first trusted devices list; and
      
      when the identifier of the first device is included in the first trusted devices list, adding the identifier of the first device to the device list.
  - 3. The method of claim 2, wherein the first trusted devices list includes identifiers of devices designated as trusted devices by an administrator of a local area network supported by the access point.
  - 4. The method of claim 2, further comprising, in response to expiration of the device list:
    - removing, from the first trusted devices list, first identifiers corresponding to the identifiers in the device list; and
      
      inhibiting subsequent access to the device list.
  - 5. The method of claim 4, wherein the inhibiting subsequent access to the device list comprises deleting the device list from a memory of the access point.
  - 6. The method of claim 1, further comprising, after the expiration of the first passcode:
    - receiving, at the access point, a third access request from a second device, the third access request encrypted based on the first passcode;
      
      determining, based on the third access request, whether an identifier of the second device is included in the device list; and
      
      in response to determining that the identifier of the second device is not included in the device list, denying the third access request.
  - 7. The method of claim 6, further comprising after sending the data representing the second passcode to the first device, removing the identifier of the first device from the device list.
  - 8. The method of claim 1, further comprising:
    - after determining whether the identifier of the first device is included in the device list, determining that the device list is expired;
      
      after determining that the device list is expired, receiving, at the access point, a fourth access request from a third device, the fourth access request encrypted based on the first passcode; and
      
      denying the fourth access request.
  - 9. The method of claim 1, further comprising:
    - receiving, from a device associated with an administrator of a local area network supported by the access point, an indication to add a particular device to a second trusted devices list; and
      
      responsive to the indication, sending passcode generation data to the particular device, wherein the passcode generation data enables the particular device to generate a valid passcode based on a previously valid passcode.
  - 10. The method of claim 1, wherein the access point generates the second passcode by applying a polynomial to the first passcode.

11. A system comprising:
- a processor;
  
  a memory coupled to the processor, the memory including instructions executable by the processor to perform operations including;
  
  after expiration of a first passcode, receiving, from a first device, a first access request to access a local area network, the first access request encrypted based on the first passcode;
  
  determining whether an identifier of the first device is included in a device list associated with the first passcode, wherein the device list includes identifiers of devices that accessed the local area network using encryption based on the first passcode before the expiration of the first passcode; and
  
  in response to a determination that the identifier of the first device is included in the device list;
  
  generating data representing a second passcode by encrypting the second passcode using the first passcode; and
  
  sending the data representing the second passcode to the first device.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein the operations further include:
    - receiving, from a device associated with a network administrator of the local area network, a first instruction to add an identifier associated with a second device to a first trusted devices list; and
      
      based on the first instruction, adding the identifier of the second device to the first trusted devices list and adding the identifier of the second device to the device list.
  - 13. The system of claim 11, wherein the operations further include:
    - receiving, from a device associated with a network administrator of the local area network, a first instruction to add an identifier associated with a third device to a second trusted devices list; and
      
      based on the first instruction, sending first passcode generation data to the third device, wherein the first passcode generation data enables the third device to generate a valid passcode based on a previously valid passcode.
  - 14. The system of claim 13, wherein the operations further include:
    - in response to a determination to remove the third device from the second trusted devices list,sending second passcode generation data to each device identified in the second trusted devices list after the third device is removed from the second trusted devices list; and
      
      generating a new passcode using the second passcode generation data and a previous passcode, wherein the new passcode cannot be generated using the first passcode generation data and the previous passcode.

15. A processor-readable storage device storing instructions that, when executed by a processor of an access point, cause the processor to perform operations comprising:
- after expiration of a first passcode, receiving a first access request from a first device, the first access request encrypted based on the first passcode;
  
  determining whether an identifier of the first device is included in a device list associated with the first passcode, wherein the device list includes identifiers of devices that accessed the access point using encryption based on the first passcode before the expiration of the first passcode; and
  
  in response to a determination that the identifier of the first device is included in the device list;
  
  generating data representing a second passcode by encrypting the second passcode using the first passcode; and
  
  sending the data representing the second passcode to the first device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The processor-readable storage device of claim 15, wherein the operations further comprise:
    - before the expiration of the first passcode, receiving a second access request from the first device, the second access request encrypted based on the first passcode;
      
      determining, based on the second request, whether the identifier of the first device is included in a first trusted devices list; and
      
      when the identifier of the first device is included in the first trusted devices list, adding the identifier of the first device to the device list.
  - 17. The processor-readable storage device of claim 16, wherein the operations further comprise:
    - in response to expiration of the device list;
      
      removing, from the first trusted devices list, first identifiers corresponding to the identifiers in the device list; and
      
      inhibiting subsequent access to the device list.
  - 18. The processor-readable storage device of claim 15, wherein the operations further comprise deleting an entry associated with the first device from the device list after sending the data.
  - 19. The processor-readable storage device of claim 15, wherein the first access request is a portion of a handshake procedure.
  - 20. The processor-readable storage device of claim 15, wherein each device identified in the device list is also identified in a trusted devices list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.), AT&T Mobility II LLC (AT&T, Inc.)
Inventors
MEREDITH, SHELDON KENT, COTTRILL, WILLIAM, HILLIARD, BRANDON B.

Granted Patent

US 10,313,351 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/101   Access control lists [ACL]

H04L 63/108   when the policy decisions a...

H04L 9/0891   Revocation or update of sec...

H04L 9/3228   One-time or temporary data,...

H04L 9/3268   using certificate validatio...

H04W 12/06   Authentication

H04W 12/08   Access security

DYNAMIC PASSCODES IN ASSOCIATION WITH A WIRELESS ACCESS POINT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DYNAMIC PASSCODES IN ASSOCIATION WITH A WIRELESS ACCESS POINT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others