System and method for managing network service access and enrollment
First Claim
1. A method for automatically directing network connections based on access rights possessed by a user of a wireless terminal, the method comprising:
- receiving a certificate, having security information indicative of the access rights possessed by the user, from the wireless terminal;
determining whether the received certificate corresponds to a service provider authentication certificate which identifies access rights for a targeted service;
directing the network connection to the targeted service if the received certificate corresponds to the service provider authentication certificate;
directing the network connection to an enrollment module to register for the service provider authentication certificate using a user identity and a private key, if the received certificate does not correspond to the service provider authentication certificate; and
enrolling the user with the targeted service via the enrollment module when the network connection is directed to the enrollment module; and
automatically directing the network connection to the targeted service in response to the enrollment.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for automatically switching network connections to an appropriate network entity based on access rights possessed by a user of a wireless terminal. A switch recognizes the certificate provided by a terminal, and directs the connection to the service provider hosting a targeted secure service if the certificate proves to have the appropriate access rights. The switch directs the connection to an enrollment module if the certificate does not correspond to the service provider'"'"'s required certificate, where the user can attempt to obtain the appropriate certificate from the enrollment module to ultimately access the targeted secure service.
-
Citations
34 Claims
-
1. A method for automatically directing network connections based on access rights possessed by a user of a wireless terminal, the method comprising:
-
receiving a certificate, having security information indicative of the access rights possessed by the user, from the wireless terminal; determining whether the received certificate corresponds to a service provider authentication certificate which identifies access rights for a targeted service; directing the network connection to the targeted service if the received certificate corresponds to the service provider authentication certificate; directing the network connection to an enrollment module to register for the service provider authentication certificate using a user identity and a private key, if the received certificate does not correspond to the service provider authentication certificate; and enrolling the user with the targeted service via the enrollment module when the network connection is directed to the enrollment module; and automatically directing the network connection to the targeted service in response to the enrollment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for managing access and enrollment for a secure service available to a user via a wireless terminal, comprising:
-
a service module from which a service provider avails the secure service to the user of the wireless terminal; an enrollment manager to effect user registration to the secure service using a user identity and a private key; and a switch module coupled to receive a security certificate utilized by the wireless terminal in establishing a connection therewith, wherein the switch module directs the connection to either the service module or the enrollment manager depending on the security certificate utilized in establishing the connection, wherein the enrollment manager is configured to issue authentication certificates upon successful registration, including a service provider authentication certificate required for use with the secure service, and wherein at least one of the switch module or the enrollment module automatically directs the network connection to the service module in response to the registration. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system for managing user access and enrollment for a secure service available on a network, comprising:
-
a wireless network including a plurality of wireless terminals operable therein; a network of computing systems wherein at least one of the computing systems comprises a server computing system hosting a secure service targeted by at least one of the wireless terminals, and wherein at least one of the computing systems comprises an enrollment server to effect user registration to the secure service using a user identity and a private key; a gateway computing system configured to bridge communications between the wireless network and the network of computing systems; and a network switch coupled to receive an authentication certificate utilized by a wireless terminal in establishing a connection with the network of computing systems, wherein the network switch switches the connection to the server computing system or the enrollment server depending on the authentication certificate utilized by the wireless terminal in establishing the connection, wherein the wireless terminal is enrolled with the secure service via the enrollment server when the network connection is directed to the enrollment server, and wherein at least one of the network switch or the enrollment server automatically directs the network connection to the service module in response to the enrollment. - View Dependent Claims (27, 28, 29)
-
-
30. A system for automatically routing network connections based on access rights possessed by a user of a wireless terminal, comprising:
-
means for receiving a certificate, having security information indicative of the access rights possessed by the user, from the wireless terminal; means for determining whether the received certificate corresponds to a service provider authentication certificate which identifies access rights for a targeted service; means for directing the network connection to the targeted service if the received certificate corresponds to the service provider authentication certificate, and for directing the network connection to an enrollment module to register for the service provider authentication certificate using a user identity and a private key if the received certificate does not correspond to the service provider authentication; and means for enrolling the user with the targeted service based on the network connection being directed to the enrollment module; and means for automatically directing the network connection to the targeted service in response to the enrollment.
-
-
31. A computer-readable program storage medium tangibly embodying a program of instructions executable by a computing system to manage user access and enrollment for secure network services by performing steps comprising:
-
receiving a certificate, having security information indicative of the access rights possessed by the user, from the wireless terminal; determining whether the received certificate corresponds to a service provider authentication certificate which identifies access rights for a targeted service; directing the network connection to the targeted service if the received certificate corresponds to the service provider authentication certificate; directing the network connection to an enrollment module to register for the service provider authentication certificate using a user identity and a private key, if the received certificate does not correspond to the service provider authentication certificate; and facilitating enrollment of the user with the targeted service via the enrollment module when the network connection is directed to the enrollment module; and facilitating automatic redirection of the network connection to the targeted service in response to the enrollment.
-
-
32. A network switching module operable in a network for facilitating the management of access and enrollment to at least one secure service available to a user of a wireless terminal, the network switching module comprising:
-
an authentication certificate identification module configured to store a plurality of authentication certificates associated with the secure service, and to deliver the plurality of authentication certificates to the wireless terminal with a preferred order indication identifying a preferred order of use for connecting to the secure service; and a compare module coupled to receive an authentication certificate from the wireless terminal corresponding to the highest order authentication certificate available at the wireless terminal based on the preferred order indication, wherein the compare module is configured to compare the received authentication certificate with the plurality of authentication certificates and to direct the connection to either the secure service or an enrollment manager to register for the secure service using a user identity and a private key based on the result of the comparison, wherein at least one of the compare module or the enrollment manager automatically directs the connection to the secure service in response to the enrollment. - View Dependent Claims (33, 34)
-
Specification