Wireless access system, method, signal, and computer program product

US 7,712,128 B2
Filed: 07/24/2002
Issued: 05/04/2010
Est. Priority Date: 07/24/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing a user of a wireless device access to a secure application via a client-server internetworking security protocol configured to at least one of control authentication, perform accounting, and provide access-control in a networked, multiuser environment, comprising steps of:

receiving an authentication request message requesting access to said secure application from said wireless device at a wireless access service mechanism configured to process said authentication request message, said authentication request message being in accordance with a wireless message protocol and including an IP address of said wireless device and an access credential of the user of said wireless device;

producing, by the wireless access service mechanism, a client-server internetworking security protocol authentication request message based on said authentication request message by reformatting a portion of said authentication request message in accordance with said client-server internetworking security protocol and including information of said IP address of said wireless device and/or said access credential;

transmitting said client-server internetworking security protocol authentication request message from said wireless access service mechanism to a client-server internetworking security protocol authentication device configured to perform client-server internetworking security protocol authentication, wherein said client-server internetworking security protocol authentication device authenticates said user for access to said secure application based on said IP address of said wireless device and/or said access credential;

receiving a client-server internetworking security protocol authentication accept message and/or a client-server internetworking security protocol authentication reject message from said client-server internetworking security protocol authentication deviceprocessing said client-server internetworking security protocol authentication accept message at said wireless access service mechanism to convert said client-server internetworking security protocol accept message to a wireless authentication accept message according to said wireless message protocol;

transmitting a client-server internetworking security protocol access message from said wireless access service mechanism to said client-server internetworking security protocol authentication device;

transmitting a session start message from said wireless access service mechanism to a wireless gateway device;

transmitting said wireless authentication accept message from said wireless access service mechanism to said wireless device, wherein said user is authorized to access said secure application upon receipt of said wireless authentication accept message;

timing a connection time between said wireless device and said wireless gateway device so as to produce a wireless timing parameter at said wireless access service mechanism;

transmitting a session end notification message from said wireless access service mechanism to said wireless device in response to determining that said wireless timing parameter exceeds a predetermined timing value.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, signal, and computer program product for providing secure wireless access to private databases and applications without requiring a separate wireless client-server internetworking security protocol infrastructure. The wireless device (201) communicates with the wireless access service provider (205) via hypertext transfer protocol (HTTP) messages, and the wireless access service provider (205) and the secure network (204) perform a RADIUS authentification for the wireless device (201).

58 Citations

View as Search Results

31 Claims

1. A method for providing a user of a wireless device access to a secure application via a client-server internetworking security protocol configured to at least one of control authentication, perform accounting, and provide access-control in a networked, multiuser environment, comprising steps of:
- receiving an authentication request message requesting access to said secure application from said wireless device at a wireless access service mechanism configured to process said authentication request message, said authentication request message being in accordance with a wireless message protocol and including an IP address of said wireless device and an access credential of the user of said wireless device;
  
  producing, by the wireless access service mechanism, a client-server internetworking security protocol authentication request message based on said authentication request message by reformatting a portion of said authentication request message in accordance with said client-server internetworking security protocol and including information of said IP address of said wireless device and/or said access credential;
  
  transmitting said client-server internetworking security protocol authentication request message from said wireless access service mechanism to a client-server internetworking security protocol authentication device configured to perform client-server internetworking security protocol authentication, wherein said client-server internetworking security protocol authentication device authenticates said user for access to said secure application based on said IP address of said wireless device and/or said access credential;
  
  receiving a client-server internetworking security protocol authentication accept message and/or a client-server internetworking security protocol authentication reject message from said client-server internetworking security protocol authentication deviceprocessing said client-server internetworking security protocol authentication accept message at said wireless access service mechanism to convert said client-server internetworking security protocol accept message to a wireless authentication accept message according to said wireless message protocol;
  
  transmitting a client-server internetworking security protocol access message from said wireless access service mechanism to said client-server internetworking security protocol authentication device;
  
  transmitting a session start message from said wireless access service mechanism to a wireless gateway device;
  
  transmitting said wireless authentication accept message from said wireless access service mechanism to said wireless device, wherein said user is authorized to access said secure application upon receipt of said wireless authentication accept message;
  
  timing a connection time between said wireless device and said wireless gateway device so as to produce a wireless timing parameter at said wireless access service mechanism;
  
  transmitting a session end notification message from said wireless access service mechanism to said wireless device in response to determining that said wireless timing parameter exceeds a predetermined timing value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 28)
- - 2. The method of claim 1, wherein said client-server internetworking security protocol comprises RADIUS.
  - 3. The method of claim 1, further comprising:
    - processing said client-server internetworking security protocol authentication request message by said client-server internetworking security protocol authentication device; and
      
      transmitting said client-server internetworking security protocol authentication accept message and/or said client-server internetworking security protocol authentication reject message from said client-server internetworking security protocol authentication device to said wireless access service mechanism via a direct connection and/or a local network.
  - 4. The method of claim 1, further comprising:
    - transmitting a client-server internetworking security protocol access authentication Accounting-End Message from said wireless access service mechanism to said client-server internetworking security protocol authentication device via a direct connection and/or a local network.
  - 5. The method of claim 1, further comprising:
    - transmitting a client-server internetworking security protocol access authentication Accounting-End Message from said wireless access service mechanism to said client-server internetworking security protocol authentication device via a direct connection and/or a local network.
  - 6. The method of claim 1, further comprising:
    - processing said client-server internetworking security protocol authentication reject message at said wireless access service mechanism to convert said client-server internetworking security protocol reject message to a wireless authentication reject message according to said wireless message protocol; and
      
      transmitting said wireless authentication rejection message from said wireless access service mechanism to said wireless device.
  - 7. The method of claim 2, wherein said step of transmitting said client-server internetworking security protocol authentication request message includes transmitting via a global network.
  - 8. The method of claim 7, further comprising:
    - transmitting said session start message from said wireless access service mechanism to a wireless gateway device via said global network.
  - 9. The method of claim 8, further comprising:
    - transmitting said session end notification from said wireless access service mechanism to said wireless gateway device and/or said wireless device via said global network if said wireless timing parameter exceeds said predetermined timing value.
  - 10. The method of claim 8, further comprising:
    - transmitting said client-server internetworking security protocol access authentication Accounting-End Message from said wireless access service mechanism to said client-server internetworking security protocol authentication device via said global network.
  - 11. The method of claim 9, further comprising:
    - transmitting said client-server internetworking security protocol access authentication Accounting-End Message from said wireless access service mechanism to said client-server internetworking security protocol authentication device via said global network.
  - 12. The method of claim 7, further comprising:
    - processing said client-server internetworking security protocol authentication reject message at said wireless access service mechanism to convert said client-server internetworking security protocol reject message to a wireless authentication reject message according to said wireless message protocol; and
      
      transmitting said wireless authentication reject message from said wireless access service mechanism to said wireless device.
  - 24. The method of claim 1, wherein said access credential includes a user identification and/or a password associated with a user of the wireless device.
  - 28. The method of claim 1, wherein said wireless message protocol comprises HTTP and said client-server internetworking security protocol comprises RADIUS.

13. A system configured to interface a wireless device to a secure application via a client-server internetworking security protocol configured to control authentication, perform accounting, and/or provide access-control in a networked, multiuser environment comprising:
- said wireless device connected to a wireless service provider via a wireless connection medium;
  
  a wireless access service mechanism connected to said wireless service provider via a global telecommunications network, said wireless access service mechanism being configured to;
  
  receive an authentication request message from a user of said wireless device requesting access to said secure application, said authentication request message being in accordance with a wireless message protocol and including an IP address of said wireless device and an access credential of a user of said wireless device;
  
  convert said authentication request message to a client-server internetworking security protocol authentication request message by reformatting a portion of said authentication request message in accordance with an internetworking security protocol and including information of at least one of said IP address of said wireless device and said access credential;
  
  transmit said client-server internetworking security protocol authentication request message from said wireless access service mechanism to a client-server internetworking security protocol authentication device configured to perform client-server internetworking security protocol authentication, wherein said client-server internetworking security protocol authentication device authenticates said user for access to said secure application based on said IP address of said wireless device and/or said access credential;
  
  receive a client-server internetworking security protocol authentication accept message and/or a client-server internetworking security protocol authentication reject message from said client-server internetworking security protocol authentication deviceprocess said client-server internetworking security protocol authentication accept message at said wireless access service mechanism to convert said client-server internetworking security protocol accept message to a wireless authentication accept message according to said wireless message protocol;
  
  transmit a client-server internetworking security protocol access message from said wireless access service mechanism to said client-server internetworking security protocol authentication device;
  
  transmit a session start message from said wireless access service mechanism to a wireless gateway device;
  
  transmit said wireless authentication accept message from said wireless access service mechanism to said wireless device, wherein said user is authorized to access said secure application upon receipt of said wireless authentication accept message;
  
  time a connection time between said wireless device and said wireless gateway device so as to produce a wireless timing parameter at said wireless access service mechanism;
  
  transmit a session end notification message from said wireless access service mechanism to said wireless device in response to determining that said wireless timing parameter exceeds a predetermined timing value; and
  
  a client-server internetworking security protocol authentication device connected to said wireless access service mechanism, wherein said client-server internetworking security protocol authentication device authenticates said user for access to said secure application based on said IP address of said wireless device and/or said access credential.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 25, 29)
- - 14. The system of claim 13, wherein said client-server internetworking security protocol comprises RADIUS.
  - 15. The system of claim 14, further comprising:
    - said wireless gateway device connected to said wireless access service mechanism; and
      
      said secure application connected to said wireless gateway device.
  - 16. The system of claim 14, wherein said wireless access service mechanism and said client-server internetworking security protocol authentication device are connected by a direct connection and/or a local network.
  - 17. The system of claim 14, wherein said wireless access service mechanism and said client-server internetworking security protocol authentication device are connected by a global network.
  - 18. The system of claim 15, wherein said wireless access service mechanism and said wireless gateway device are connected by a direct connection and/or a local network.
  - 19. The system of claim 15, wherein said wireless access service mechanism and said wireless gateway device are connected by a global network.
  - 25. The system of claim 13, wherein said access credential includes a user identification and/or a password associated with a user of the wireless device.
  - 29. The system of claim 13, wherein said wireless message protocol comprises HTTP and said client-server internetworking security protocol comprises RADIUS.

20. An apparatus configured to interface at least one wireless client application to at least one secure application via a client-server internetworking security protocol configured control authentication, perform accounting, and/or provide access-control in a networked, multi-user environment, comprising:
- a wireless access service mechanism configured to;
  
  receive an authentication request message from said at least one wireless client application requesting access to said at least one secure application, said authentication request message being in accordance with a wireless message protocol and including an IP address of said wireless device and an access credential of a user of said wireless device,convert said authentication request message to a client-server internetworking security protocol authentication request message by reformatting a portion of said authentication request message from said wireless message protocol to a client-server internetworking protocol;
  
  forward said client-server internetworking security protocol authentication request message to a client-server internetworking security protocol authentication device for authentication of said at least one wireless client application for access to said at least one secure application, said client-server internetworking security protocol authentication request message being in accordance with a client-server internetworking security protocol and including information of said IP address of said wireless device and/or said access credential;
  
  receive a client-server internetworking security protocol authentication accept message and/or a client-server internetworking security protocol authentication reject message from said client-server internetworking security protocol authentication deviceprocess said client-server internetworking security protocol authentication accept message at said wireless access service mechanism to convert said client-server internetworking security protocol accept message to a wireless authentication accept message according to said wireless message protocol;
  
  transmit a client-server internetworking security protocol access message from said wireless access service mechanism to said client-server internetworking security protocol authentication device;
  
  transmit a session start message from said wireless access service mechanism to a wireless gateway device;
  
  transmit said wireless authentication accept message from said wireless access service mechanism to said wireless device, wherein said user is authorized to access said secure application upon receipt of said wireless authentication accept message;
  
  time a connection time between said wireless device and said wireless gateway device so as to produce a wireless timing parameter at said wireless access service mechanism; and
  
  transmit a session end notification message from said wireless access service mechanism to said wireless device in response to determining that said wireless timing parameter exceeds a predetermined timing value.
- View Dependent Claims (21, 26, 30)
- - 21. The apparatus of claim 20, wherein said client-server internetworking security protocol comprises RADIUS.
  - 26. The apparatus of claim 20, wherein said access credential includes a user identification and/or a password associated with a user of the wireless device.
  - 30. The apparatus of claim 20, wherein said wireless message protocol comprises HTTP and said client-server internetworking security protocol comprises RADIUS.

22. A computer program product including a computer storage medium, said computer storage medium comprising volatile media and/or non-volatile media, and a computer program code mechanism embedded in the computer storage medium, for providing a user of a wireless device access to a secure application via a client-server internetworking security protocol configured to control authentication, perform accounting, and/or provide access-control in a networked, multi-user environment, the computer code mechanism comprising:
- at least one of unit of software and a unit of firmware configured to;
  
  convert a wireless authentication message requesting access to said secure application to a client-server internetworking security protocol authentication request message by reformatting a portion of said wireless authentication message and to exchange said client-server internetworking security protocol authentication request message with a client-server internetworking security protocol device, said wireless authentication message being in accordance with a wireless message protocol and including an IP address of said wireless device and an access credential of a user of said wireless device, and said client-server internetworking security protocol message being in accordance with a client-server internetworking security protocol and including information of said IP address of said wireless device and/or said access credential;
  
  receive a client-server internetworking security protocol authentication accept message and/or a client-server internetworking security protocol authentication reject message from said client-server internetworking security protocol authentication deviceprocess said client-server internetworking security protocol authentication accept message at said wireless access service mechanism to convert said client-server internetworking security protocol accept message to a wireless authentication accept message according to said wireless message protocol;
  
  transmit a client-server internetworking security protocol access message from said wireless access service mechanism to said client-server internetworking security protocol authentication device;
  
  transmit a session start message from said wireless access service mechanism to a wireless gateway device;
  
  transmit said wireless authentication accept message from said wireless access service mechanism to said wireless device, wherein said user is authorized to access said secure application upon receipt of said wireless authentication accept message;
  
  time a connection time between said wireless device and said wireless gateway device so as to produce a wireless timing parameter at said wireless access service mechanism;
  
  transmit a session end notification message from said wireless access service mechanism to said wireless device in response to determining that said wireless timing parameter exceeds a predetermined timing value; and
  
  transmit a session end notification message from a wireless access service mechanism to said wireless device in response to determining that a wireless timing parameter exceeds a predetermined timing value;
  
  wherein said user is authenticated for access to said secure application based on said IP address of said wireless device and/or said access credential.
- View Dependent Claims (23, 27, 31)
- - 23. The computer program product of claim 22, wherein said client-server internetworking security protocol comprises RADIUS.
  - 27. The computer program product of claim 22, wherein said access credential includes a user identification and/or a password associated with a user of the wireless device.
  - 31. The computer program product of claim 22, wherein said wireless message protocol comprises HTTP and said client-server internetworking security protocol comprises RADIUS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Porozni, Barry Ian, Schille, Glenn Alan, Nicodemus, Blair Gaver
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US10/483,984
Publication Number

US 20050254651A1
Time in Patent Office

2,841 Days
Field of Search

713/182, 713/201, 709/203, 709/219, 455/73, 455/428, 380/270, 726/5
US Class Current

726/5
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 63/108   when the policy decisions a...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 8/26   Network addressing or numbe...

H04W 80/00   Wireless network protocols ...

Wireless access system, method, signal, and computer program product

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless access system, method, signal, and computer program product

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links