Reducing certificate revocation lists at access points in a wireless access network

US 7,430,606 B1
Filed: 10/17/2003
Issued: 09/30/2008
Est. Priority Date: 10/17/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a subscription request at an Internet Service Provider (ISP) from a user terminal through an access point of an access network;

assigning a subscription identifier to the user terminal at the ISP in response to the subscription request;

generating at the ISP a service certificate signed by a certificate authority and that includes the subscription identifier to identify a subscription of the user terminal with the ISP;

adding the service certificate to a certificate revocation list (CRL) maintained by the ISP;

receiving the service certificate from the user terminal at the ISP;

checking the service certificate against the certificate revocation list (CRL) maintained by the ISP; and

providing from the ISP, to the user terminal, if the service certificate is valid, a session certificate to be used to access the access network through the access point, the session certificate having a shorter validity period than the service certificate.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The certificate revocation lists at access points of a wireless access network can be reduced. In one embodiment, an Internet Service Provider (“ISP”) connected to the wireless access network can receive a subscription request from a user terminal capable of accessing the ISP using the wireless access network. When the ISP assigns a subscription identifier to the user terminal, it also provides a service certificate signed by a certificate authority including the subscription identifier. In addition, the ISP also provides the user terminal one or more session certificates to be used to access the wireless access network, where the session certificates having a shorter validity period than the service certificate.

Citations

20 Claims

1. A method comprising:
- receiving a subscription request at an Internet Service Provider (ISP) from a user terminal through an access point of an access network;
  
  assigning a subscription identifier to the user terminal at the ISP in response to the subscription request;
  
  generating at the ISP a service certificate signed by a certificate authority and that includes the subscription identifier to identify a subscription of the user terminal with the ISP;
  
  adding the service certificate to a certificate revocation list (CRL) maintained by the ISP;
  
  receiving the service certificate from the user terminal at the ISP;
  
  checking the service certificate against the certificate revocation list (CRL) maintained by the ISP; and
  
  providing from the ISP, to the user terminal, if the service certificate is valid, a session certificate to be used to access the access network through the access point, the session certificate having a shorter validity period than the service certificate.
- View Dependent Claims (2, 3, 4, 5, 18)
- - 2. The method of claim 1, wherein receiving the service certificate comprises receiving the service certificate through the access point being used by a user terminal to access the access network.
  - 3. The method of claim 2, wherein checking the service certificate comprises searching a certificate revocation list at the ISP.
  - 4. The method of claim 1, wherein the session certificate is associated with a link-level session available to the user terminal.
  - 5. The method of claim 1, wherein the link-level session comprises a PPP session.
  - 18. The method of claim 1, wherein the service certificate further includes an indication of a grade of service granted to the user terminal for the subscription.

6. A method comprising:
- receiving a digital certificate at an access point of an access network from a user terminal seeking access to the access network, the digital certificate to be used to authenticate the user terminal;
  
  determining, at the access point, a type of the digital certificate;
  
  if the certificate is a session certificate, then determining the validity of the digital certificate by searching a certificate revocation list (CRL) at the access point that is associated with session certificates; and
  
  if the certificate is a service certificate, then sending the certificate to an Internet Service Provider (ISP) to determine the validity of the certificate.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein determining the type of the digital certificate comprises determining the length of the digital certificate.
  - 8. The method of claim 6, wherein the validity periods of session certificates is shorter than the validity periods of service certificates.
  - 9. The method of claim 8, wherein the CRL associated with session certificates is shorter than the CRL associated with service certificates.

10. A user terminal capable of communicating with an access network, the user terminal comprising:
- a memory to store;
  
  a service certificate issued by an Internet Service Provider (“
  
  ISP”
  
  ) and signed by a certificate authority, the service certificate having a first validity period, the service certificate corresponding with a subscription of the user terminal with the ISP and including a subscription identifier, the service certificate to be used by the access network to authenticate the user terminal with the ISP; and
  
  a session certificate issued by the ISP and signed by the certificate authority, the session certificate having a second validity period that is shorter in duration than the first validity period, the session certificate corresponding with a session subscribed to by the user terminal and to be used by the access network to authenticate the user terminal to an access point of the access network.
- View Dependent Claims (11, 12, 19, 20)
- - 11. The user terminal of claim 10, wherein the session comprises a link-level session.
  - 12. The user terminal of claim 11, wherein the link-level session comprises a PPP session.
  - 19. The user terminal of claim 10, wherein the service certificate is authenticated by the ISP and the session certificate is authenticated at the access point.
  - 20. The user terminal of claim 19, wherein the service certificate is authenticated using a certificate revocation list (CRL) maintained by the ISP and the session certificate is authenticated using a CRL maintained by the access point.

13. A machine-readable storage medium having stored thereon data representing instructions that, when executed by a processor of an Internet Service Provider (“
- ISP”
  
  ), cause the processor to perform operations comprising;
  
  receiving a subscription request at an Internet Service Provider (ISP) from a user terminal through an access point of an access network;
  
  assigning a subscription identifier to the user terminal at the ISP in response to the subscription request;
  
  generating at the ISP a service certificate signed by a certificate authority and that includes the subscription identifier to identify a subscription of the user terminal with the ISP;
  
  adding the service certificate to a certificate revocation list (CRL) maintained by the ISP;
  
  receiving the service certificate from the user terminal at the ISP;
  
  checking the service certificate against the certificate revocation list (CRL) maintained by the ISP; and
  
  providing from the ISP, to the user terminal, if the service certificate is valid, a session certificate to be used to access the access network through the access point, the session certificate having a shorter validity period than the service certificate.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The machine-readable storage medium of claim 13, wherein receiving the service certificate comprises receiving the service certificate through the access point being used by a user terminal to access the access network.
  - 15. The machine-readable storage medium of claim 14, wherein checking the service certificate comprises searching a certificate revocation list.
  - 16. The machine-readable storage medium of claim 13, wherein the session certificate is associated with a link-level session available to the user terminal.
  - 17. The machine-readable storage medium of claim 13, wherein the link-level session comprises a PPP session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
ArrayComm LLC (Ygomi LLC)
Inventors
Dogan, Mithat C., Goldburg, Marc, Meandzija, Branislav
Primary Examiner(s)
Cardone; Jason
Assistant Examiner(s)
TAYLOR, NICHOLAS R

Application Number

US10/689,501
Time in Patent Office

1,810 Days
Field of Search

709/229
US Class Current

709/229
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

Reducing certificate revocation lists at access points in a wireless access network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing certificate revocation lists at access points in a wireless access network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links