Method and apparatus for secure immediate wireless access in a telecommunications network

US 7,197,301 B2
Filed: 04/30/2002
Issued: 03/27/2007
Est. Priority Date: 03/04/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A secure immediate access wireless apparatus that enables at least one non-active wireless device to activate itself on the wireless network comprising:

an intelligent service manager server managing an activation session of said at least one non-active wireless device;

means for said non-active wireless device to generate at least one temporary mandatory network identifier from a set of allocated network identifiers at the beginning of activation to gain access to said intelligent service manager server via said wireless network;

wherein the set of allocated network identifiers provide access only to said intelligent service manager server only via said wireless network;

wherein generation of said at least one temporary network identifier at the beginning of the process is algorithmically generated;

means for securely exchanging information between said at least one non-active wireless device and said intelligent service manager server during said activation session, wherein wireless network elements interposed between said intelligent service manager server and said wireless device passively route messages between said intelligent service manager server and wireless device as if said wireless device were active;

means for utilizing one or more wireless messaging transports to exchange information between said at least one non-active wireless device and said intelligent service manager server during activation without requiring either implementation of extensions to messaging protocols or changes to network elements supporting said messaging protocols;

wherein activation comprises the steps of;

said non-active device detecting that it is not active generating at least one temporary mandatory network identifier from a set of allocated temporary network identifiers;

said non-active device gaining access to said wireless network using said at least one temporary network identifier generated by said wireless device;

said intelligent service manager server returning a profile for said non-active wireless device to appropriate network elements;

said non-active wireless device authenticating said intelligent service manager server;

said intelligent service manager server authenticating said non-active wireless device;

said intelligent service manager server allocating mandatory network identifiers for said non-active wireless device;

wherein activation further comprises any of the steps of;

said intelligent service manager server programming said non-active wireress device with mandatory network identifiers and security key;

said intelligent service manager server interacting with a user via said wireless device immediately after authentication;

said intelligent service manager server triggering an additional network provisioning process; and

said intelligent service manager server providing feedback to said user.

View all claims

21 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless telephone and messaging system provides Secure Immediate Wireless Access (SIWA) to wireless telephones onto existing wireless networks, such as GSM, CDMA, TDMA, and analog (AMPS). The SIWA protocol uses existing wireless network messaging to exchange information between wireless devices and a network server, referred to herein as an Intelligent Service Manager (ISM). The ISM acts as a gateway between wireless devices and wireless service provider, and provides the wireless devices with an immediate limited or unlimited access to the wireless network. The ISM can also deny access to the wireless network from unauthorized wireless devices.

32 Citations

View as Search Results

23 Claims

1. A secure immediate access wireless apparatus that enables at least one non-active wireless device to activate itself on the wireless network comprising:
- an intelligent service manager server managing an activation session of said at least one non-active wireless device;
  
  means for said non-active wireless device to generate at least one temporary mandatory network identifier from a set of allocated network identifiers at the beginning of activation to gain access to said intelligent service manager server via said wireless network;
  
  wherein the set of allocated network identifiers provide access only to said intelligent service manager server only via said wireless network;
  
  wherein generation of said at least one temporary network identifier at the beginning of the process is algorithmically generated;
  
  means for securely exchanging information between said at least one non-active wireless device and said intelligent service manager server during said activation session, wherein wireless network elements interposed between said intelligent service manager server and said wireless device passively route messages between said intelligent service manager server and wireless device as if said wireless device were active;
  
  means for utilizing one or more wireless messaging transports to exchange information between said at least one non-active wireless device and said intelligent service manager server during activation without requiring either implementation of extensions to messaging protocols or changes to network elements supporting said messaging protocols;
  
  wherein activation comprises the steps of;
  
  said non-active device detecting that it is not active generating at least one temporary mandatory network identifier from a set of allocated temporary network identifiers;
  
  said non-active device gaining access to said wireless network using said at least one temporary network identifier generated by said wireless device;
  
  said intelligent service manager server returning a profile for said non-active wireless device to appropriate network elements;
  
  said non-active wireless device authenticating said intelligent service manager server;
  
  said intelligent service manager server authenticating said non-active wireless device;
  
  said intelligent service manager server allocating mandatory network identifiers for said non-active wireless device;
  
  wherein activation further comprises any of the steps of;
  
  said intelligent service manager server programming said non-active wireress device with mandatory network identifiers and security key;
  
  said intelligent service manager server interacting with a user via said wireless device immediately after authentication;
  
  said intelligent service manager server triggering an additional network provisioning process; and
  
  said intelligent service manager server providing feedback to said user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The apparatus of claim 1, wherein said intelligent service manager server denies access to said wireless network from unauthorized wireless devices.
  - 3. The apparatus of claim 1, wherein said intelligent service manager server denies access to said wireless network from unauthorized, non-provisioned, and non-activated wireless devices on a session basis.
  - 4. The apparatus of claim 1, wherein said intelligent service manager server provides said non-activated wireless device with either of limited and unlimited access to said wireless network after activation.
  - 5. The apparatus of claim 4, wherein said intelligent service manager server provides said non-activated wireless device with limited use access to said wireless network.
  - 6. The apparatus of claim 4, wherein said intelligent service manager server provides said non-activated wireless device with limited time access to said wireless network.
  - 7. The apparatus of claim 4, wherein said intelligent service manager server provides said non-activated wireless device with limited duration access to said wireless network.
  - 8. The apparatus of claim 1, said intelligent service manager server further comprising:
    - means for allocating a network identification number to said non-activated wireless device on a per network access basis.
  - 9. The apparatus of claim 8, said intelligent service manager server further comprising:
    - means for allocating network authentication and encryption keys associated with said network identification number to said non-activated wireless device on a per network access basis.
  - 10. The apparatus of claim 9, wherein said authentication and encryption keys comprises any of a KI for the GSM protocol, [A-Key, SSD-A, SSD-B] for the CDMA, TDMA and analog protocols.
  - 11. The apparatus of claim 8, said intelligent service manager server further comprising:
    - means for allocating a phone number to said non-activated wireless device on a per network access basis.
  - 12. The apparatus of claim 11, wherein said phone number comprises any of a MSISDN for the GSM protocol, MIN or MDN for the CDMA, TDMA and analog protocols.
  - 13. The apparatus of claim 8, wherein said network identification number comprises any of an IMSI for the GSM protocol, MIN for the TDMA and analog protocols, and MIN or IMSI for CDMA protocol.
  - 14. The apparatus of claim 1, said means for using existing wireless network messaging transports comprising:
    - a secure immediate wireless access abstraction layer that employs a Wireless Session said to provide said wireless device with either of a limited or unlimited proof to use a particular service.
  - 15. The apparatus of claim 14, wherein limited proof enables any of time based use, usage based use, content based use, or single use.
  - 16. The apparatus of claim 14, wherein said Wireless Session comprises:
    - a <
      
      SiwaID, SiwaKey>
      
      pair which uniquely identifies said Wireless Session and proves it is authentic, genuine, and valid, said wireless session, said wireless session further comprising a subscription denoted by said pair providing one of limited and unlimited access.
  - 17. The apparatus of claim 16, wherein said SiwalD is unique among services and identifies those services with which it is associated.
  - 18. The apparatus of claim 16, further comprising:
    - a bootstrap mechanism for acquiring a Wireless Session.
  - 19. The apparatus of claim 16, further comprising:
    - a bootstrap mechanism for provision and activation of a Wireless Session.
  - 20. The apparatus of claim 16, wherein any of the following operations are associated with session purchase at first network access:
    - SessionPromote, which comprises an operation invoked by said intelligent service manager to provide said user with an option to purchase a Wireless Session for a service;
      
      SessionPurchase, which comprises an operation invoked by said user and/or said wireless device to purchase a Wireless Session for a service;
      
      SessionGranted, which comprises an operation invoked by said intelligent service manager to provide said user with a <
      
      SiwaID, Siwakey>
      
      pair; and
      
      SessionDenied, which comprises an operation invoked by said intelligent service manager to provide said user with a reason for a purchase failure.
  - 21. The apparatus of claim 16, wherein any of the following operations are associated with Wireless Session access:
    - SessionChallenge, which comprises an operation invoked by said intelligent service manager to ask for authenticity of a SiwaID;
      
      SessionProof, which comprises an operation invoked by said user and/or said wireless device to provide said intelligent service manager with a proof of SiwaID authenticity;
      
      SessionApproved, which comprises an operation invoked by said intelligent service manager to approve said user and/or said wireless device for use of a service;
      
      SessionExpired, which comprises an operation invoked by said intelligent service manager to deny service due to Wireless Session expiration;
      
      SessionDepleted, which comprises an operation invoked by said intelligent service manager to deny services due to Wireless Session depletion; and
      
      SessionFraudulent which comprises an operation invoked by said intelligent service manager to deny services due to lack of authenticity of Wireless Session.
  - 22. The apparatus of claim 16, wherein any of the following operations are associated with certificate information:
    - SessionProvideInfo, which comprises an operation invoked by said user and/or said wireless device to provide Wireless Session information, which may include expiration or usage; and
      
      SessionInfo, which comprises an operation invoked by said intelligent service manager to provide said user and/or said wireless device with Wireless Session information, which may also be unsolicited.
  - 23. The apparatus of claim 1, said means for using existing wireless network messaging comprising:
    - an adaptation layer for effecting mapping of logical operations into an existing wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Evolving Systems Labs Incorporated
Original Assignee
Telespree Communications (CCUR Holdings, Inc.)
Inventors
Netanel, Eran
Primary Examiner(s)
Nguyen; Duc M.
Assistant Examiner(s)
CAI, WAYNE HUU

Application Number

US10/136,712
Publication Number

US 20030166398A1
Time in Patent Office

1,792 Days
Field of Search

455/411, 455/558, 455/557, 455/456, 455/414, 455/419, 455/466, 455/418, 455/452, 455/527, 455/524, 455/410, 709/221, 709/245, 709/219, 709/230, 709/218, 713/200, 713/169, 713/2, 713/171, 705/64
US Class Current

455/419
CPC Class Codes

G06F 2221/2103   Challenge-response

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04M 1/66   with means for preventing u...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/72   Subscriber identity

Method and apparatus for secure immediate wireless access in a telecommunications network

First Claim

21 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure immediate wireless access in a telecommunications network

First Claim

21 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links