Mobile host using a virtual single account client and server system for network access and management

US 7,069,433 B1
Filed: 10/29/2001
Issued: 06/27/2006
Est. Priority Date: 02/20/2001
Status: Active Grant

First Claim

Patent Images

1. A method of connecting a mobile host to a remote network through an access network with a single user password, where the access network may be independent of the remote network in terms of no protocol conversation between authentication servers in the access network and the remote network, respectively, and a virtual single account (VSA) has been set up for a user to connect to the access network and then to the remote network, comprising the steps, on the mobile host, of:

generating a VSA password and decryption key from the single password received from the user;

decrypting at least one of a local access network authentication credential and a remote access authentication credential stored in encrypted form in a memory medium;

initiating a local access network connection; and

initiating a remote network access connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user'"'"'s mobile device to a current local access network, and the target remote network such as the user'"'"'s office network. All authentication credentials are encrypted using a key generated from the user'"'"'s VSA password that is generated from the user'"'"'s single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.

Citations

18 Claims

1. A method of connecting a mobile host to a remote network through an access network with a single user password, where the access network may be independent of the remote network in terms of no protocol conversation between authentication servers in the access network and the remote network, respectively, and a virtual single account (VSA) has been set up for a user to connect to the access network and then to the remote network, comprising the steps, on the mobile host, of:
- generating a VSA password and decryption key from the single password received from the user;
  
  decrypting at least one of a local access network authentication credential and a remote access authentication credential stored in encrypted form in a memory medium;
  
  initiating a local access network connection; and
  
  initiating a remote network access connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method recited in claim 1, further comprising the step of initiating a VSA configuration update process with a VSA server.
  - 3. The method recited in claim 2, wherein the VSA configuration update process comprises the steps of:
    - constructing a VSA information update request message;
      
      sending the VSA information update request message to the VSA server; and
      
      receiving a VSA information update response message from the VSA server.
  - 4. The method recited in claim 3, wherein the VSA information update request message contains an instruction authorizing the step of decrypting the remote network authentication credential prior to initiating the remote network access connection.
  - 5. The method recited in claim 1, further comprising the step of selecting a local access network from a current VSA access record.
  - 6. The method recited in claim 1, further comprising the step of generating the decryption key in response to a random sequence received from the user.
  - 7. The method recited in claim 1, wherein the VSA password is generated using the expression:
    - VSA password=hash(VSA username ∥
      
      common password ∥
      
      VSA server ∥
      
      remote network ID), wherein the VSA username identifies the user to a VSA server, the common password is the single password from the user, and the remote network ID identifies the remote network serving as a home network for the mobile host.
  - 8. The method recited in claim 3, wherein the VSA update request message “
    - Q”
      
      is derived from the expression;
      
      Q=VSA username ∥
      
      X ∥
      
      E_K1(Synchronization time ∥
      
      Request content), where X is a random sequence; and
      
      K1 is an encryption key calculated from hash (hash (VSA password) ∥
      
      X).
  - 9. The method recited in claim 8, wherein the VSA information update response message “
    - A”
      
      is derived from the expression;
      
      A=Response Code ∥
      
      Y ∥
      
      E_K2(Synchronization time ∥
      
      Response content), wherein Y is a random sequence, and K2 is an encryption key calculated from hash (hash (VSA password) ∥
      
      Y).
  - 10. The method recited in claim 1, further comprising the steps of selecting local access parameters and remote access parameters from a VSA access record.

11. A method of connecting a mobile host to a remote network through an access network with a single password, where the access network may be independent of the remote network in terms of no protocol conversation between authentication servers in the access network and the remote network, respectively, and a virtual single account (VSA) has been set up for a user to connect to the access network and then to the remote network, and a VSA server is deployed in the remote network, comprising the steps, on the mobile host, of:
- receiving a VSA information update request message from the mobile host;
  
  sending a VSA information update response message to the mobile host, the VSA update response message including current remote access parameters for the remote network;
  
  receiving an authentication credential for the remote network;
  
  verifying the authentication credential; and
  
  granting remote network access to the mobile host.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method recited in claim 11, wherein the VSA information update request message “
    - Q”
      
      is derived from the expression;
      
      Q=VSA username ∥
      
      X ∥
      
      E_K1(Synchronization time ∥
      
      Request content), where X is a random sequence; and
      
      K1 is an encryption key calculated from hash (hash (VSA password) ∥
      
      X); and
      
      the VSA information update response message “
      
      A”
      
      is derived from the expression;
      
      A=Response Code ∥
      
      Y ∥
      
      E_K2(Synchronization time ∥
      
      Response content), wherein Y is a random sequence, and K2 is an encryption key calculated from hash (hash (VSA password) ∥
      
      Y).
  - 13. The method recited in claim 11, wherein the VSA server contains a plurality of VSA management records, each management record including a user'"'"'s VSA authentication credential.
  - 14. The method recited in claim 11, wherein the user'"'"'s VSA authentication credential includes a VSA password generated from the single user password.
  - 15. The method recited in claim 14, wherein the VSA password is generated using the expression:
    - VSA password=hash(VSA username ∥
      
      common password ∥
      
      VSA server ∥
      
      remote network ID), wherein the VSA username identifies a user to a VSA server, the common password is the single password from the user, and the remote network ID identifies the remote network serving as a home network for the mobile host.
  - 16. The method recited in claim 11, wherein the VSA server maintains access information for at least one local access network and at least one remote network.
  - 17. The method recited in claim 14, wherein the access information includes client information for mobile hosts, and management information for at least one additional VSA server.
  - 18. The method recited in claim 11, further comprising the step of a VSA server signaling a remote access gateway to verify the remote authentication credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Luo, Hui, Jiang, Zhimei, Henry, Paul Shala, Schmidt, Frederick Kenneth Jr.
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
LEMMA, SAMSON B

Application Number

US10/021,172
Time in Patent Office

1,702 Days
Field of Search

713182-184, 713/155, 713/151, 713/168, 726/2, 380/270
US Class Current

713/151
CPC Class Codes

G06F 21/31   User authentication

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/80   Wireless

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

Mobile host using a virtual single account client and server system for network access and management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile host using a virtual single account client and server system for network access and management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links