System and method for controlling access to multiple public networks and for controlling access to multiple private networks

US 7,865,936 B2
Filed: 01/28/2008
Issued: 01/04/2011
Est. Priority Date: 09/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a network, the method comprising:

(a) receiving a first response containing a shared secret from a user device coupled to the network, wherein the user device contains a plurality of shared secrets;

(b) generating a second response upon receipt of the first response;

(c) comparing the first response and the second response; and

(d) authenticating the user device if the first response and the second response match, and not authenticating the user device if the first response and the second response do not match.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to multiple public networks and for controlling access to multiple private networks is provided. Authentication is used with unique public shared secrets and unique private shared secrets to control access to the networks. The invention includes a user device for communicating with at least a public network and/or a private network. The device may be capable of accessing multiple networks through one or more private networks with multiple access control servers. The user device must provide a correct response to each access control server, before access to the network may be granted. The device generates a one-time password, or response, to gain access to a controlled network server. The response generated by the device is matched to a response generated by an access control server that may have generated a challenge that prompted the response. If the two responses match, the device is authenticated and a user of the device is granted access to the network server.

2 Citations

19 Claims

1. A method for controlling access to a network, the method comprising:
- (a) receiving a first response containing a shared secret from a user device coupled to the network, wherein the user device contains a plurality of shared secrets;
  
  (b) generating a second response upon receipt of the first response;
  
  (c) comparing the first response and the second response; and
  
  (d) authenticating the user device if the first response and the second response match, and not authenticating the user device if the first response and the second response do not match.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the first response includes a public shared secret.
  - 3. The method of claim 1 wherein the first response includes a private shared secret.
  - 4. The method of claim 1 wherein the first response includes a public shared secret and a private shared secret.
  - 5. The method of claim 1 wherein the second response includes a public shared secret.
  - 6. The method of claim 1 wherein the second response includes a private shared secret.
  - 7. The method of claim 1 wherein the second response is generated by an access control server coupled to the network.

8. A method comprising:
- (a) receiving a request from a user device to access a network;
  
  (b) transmitting a challenge to the user device, wherein the challenge includes instructions for accessing selected data in the user device;
  
  (c) receiving a first response from the user device having a shared secret;
  
  (d) generating a second response based the first response;
  
  (e) comparing the first response and the second response; and
  
  (f) authenticating the user device if the first response and the second response match, and not authenticating the user device if the first response and the second response do not match.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the first response includes a symmetric public shared secret.
  - 10. The method of claim 8 wherein the first response includes a symmetric private shared secret.
  - 11. The method of claim 8 wherein the first response includes a symmetric public shared secret and a symmetric private shared secret.
  - 12. The method of claim 8 wherein the second response includes a symmetric public shared secret.
  - 13. The method of claim 8 wherein the second response includes a symmetric private shared secret.
  - 14. The method of claim 8 wherein the second response is generated by the network.

15. A method for controlling access to a public network, the method comprising:
- (a) receiving an access request from a user device coupled to a public network server;
  
  (b) transmitting a challenge from the public network server to the user device, wherein the user device includes a plurality of shared secrets;
  
  (c) receiving a first response from the user device, wherein the first response is generated using one of the plurality of shared secrets;
  
  (d) generating a second response upon receipt of the first response by the public network server;
  
  (e) comparing the first response and the second response; and
  
  (f) authenticating the user device to grant access to the public network if the first response and the second response match, and not authenticating the user device if the first response and the second response do not match.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15 wherein the first response includes a symmetric public shared secret.
  - 17. The method of claim 15 wherein the second response includes a symmetric public shared secret.
  - 18. The method of claim 15 wherein the second response is generated by the server.

19. A method for controlling access to a private or public network, the method comprising:
- (a) coupling a user device to a network including a server;
  
  (b) transmitting an access request from the user device to the server;
  
  (c) transmitting a challenge from the server to the user device, wherein the challenge includes instructions for accessing selected data in the user device;
  
  (d) processing the challenge to ascertain at least a selected private or public shared secret stored on the user device;
  
  (e) generating a first response using at least the selected private or public shared secret;
  
  (f) transmitting the first response to the server;
  
  (g) generating a second response upon receipt of the first response by the server;
  
  (h) comparing the first response and the second response; and
  
  (i) authenticating the user device to grant access to the private or public network if the first response and the second response match, and not authenticating the user device if the first response and the second response do not match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authenex Incorporated
Original Assignee
Authenex Incorporated
Inventors
Lin, Paul, Hon, Henry, Cheng, Fred
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US12/021,071
Publication Number

US 20080235775A1
Time in Patent Office

1,072 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

System and method for controlling access to multiple public networks and for controlling access to multiple private networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

2 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

System and method for controlling access to multiple public networks and for controlling access to multiple private networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others