Fast authentication and access control system for mobile networking

US 6,856,800 B1
Filed: 05/14/2002
Issued: 02/15/2005
Est. Priority Date: 05/14/2001
Status: Expired due to Term

First Claim

Patent Images

1. An access point having a network interface for communicating with a remote authentication server on a communications network and a network interface for communicating with a network access device, the access point comprising:

a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the access point to;

validate an authentication credential contained in an access request received from the network access device;

if the authentication credential is validated, grant the network access device conditional access to the network;

contact the remote authentication server to verify a status of the authentication credential for the network access device; and

suspend network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

216 Citations

10 Claims

1. An access point having a network interface for communicating with a remote authentication server on a communications network and a network interface for communicating with a network access device, the access point comprising:
- a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the access point to;
  
  validate an authentication credential contained in an access request received from the network access device;
  
  if the authentication credential is validated, grant the network access device conditional access to the network;
  
  contact the remote authentication server to verify a status of the authentication credential for the network access device; and
  
  suspend network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The access point recited in claim 1, wherein the authentication credential for the network access device includes a security certificate.
  - 3. The access point recited in claim 2, wherein the security certificate includes a public key for the network access device and an expiration time, and the security certificate is signed with a private key for the remote authentication server.
  - 4. The access point recited in claim 3, wherein the access point locally validates the network access device by:
    - accessing a public key of the remote authentication server from a database, and checking the signature and expiration time of the security certificate.
  - 5. The access point recited in claim 4, wherein the access point grants conditional access to the network access device by encrypting a session key with a public key for the network access device, and sending an access granted message to the network access device with the encrypted session key;
    - and storing the session key in a database.
  - 6. The access point recited in claim 4, wherein the access point sends a request to the remote authentication server to check the revocation status of the security certificate for the network access device.
  - 7. The access point recited in claim 4, wherein the access point suspends network access for the network access device by destroying the session key.

8. An access point having a network interface for communicating with a remote authentication server on a communications network and a network interface for communicating with a network access device, the access point comprising:
- a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the access point to;
  
  validate an authentication credential received from the network access device, the authentication credential comprising a security certificate including a public key for the network access device and an expiration time, the security certificate being signed with a private key for the remote authentication server;
  
  by accessing the public key of the remote authentication server from a database, and checking the signature and expiration time of the security certificate;
  
  grant the network access device conditional access to the network by sending an access granted message to the network access device, the access granted message including a session key encrypted with a public key for the network access device;
  
  store the session key in a database;
  
  contact the remote authentication server to check a revocation status of the security certificate for the network access device; and
  
  suspend network access for the network access device in response to a message received from the remote authentication server that the authentication credential for the network access device has been revoked, by destroying the session key for the network access device.

9. A remote authentication server having a network interface for communicating over a network with an access point that enables a network access device to communicate with the network, where the access point is capable of receiving an access request including an authentication credential from the network access device at the access point and locally validating the authentication credential at the access point to grant the network access device conditional access to the network, the remote authentication server comprising:
- a processor and a memory medium containing machine readable program instructions which, when executed by the processor, enable the remote authentication server to determine the status of the authentication credential received in a query from the access point, to either confirm access to the network for the network access device or, if the authentication credential is revoked, send the access point a message to suspend access to the network for the network access device.
- View Dependent Claims (10)
- - 10. The remote authentication server recited in claim 9, wherein the machine readable program instructions which, when executed by the processor, enable the remote authentication server to check a subscriber database containing the security certificate to determine whether the certificate is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Henry, Paul Shala, Jiang, Zhimei, Luo, Hui
Primary Examiner(s)
Nguyen, Duc M.

Application Number

US10/145,301
Time in Patent Office

1,008 Days
Field of Search

455/410, 455/411, 455/422.1, 455/432.1, 455/435.1, 455/434, 455/515, 455/550, 455/558, 455/426.1, 379/142.05, 379/145, 379/189, 380/247, 380/248, 709/219, 709/229
US Class Current

455/411
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/108   when the policy decisions a...

H04L 9/3268   using certificate validatio...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/082   using revocation of authori...

H04W 36/0038   of security context informa...

Fast authentication and access control system for mobile networking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

216 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Fast authentication and access control system for mobile networking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

216 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links