Fast authentication and access control system for mobile networking
First Claim
1. A method for authenticating a network access device, comprising:
- validating locally at an access point an authentication credential contained in and sent with an access request received from the network access device, wherein the authentication credential is obtained from a business partner database and contains information that is predefined via a business agreement between an access network and a home network of the network access device before the access request is initiated;
granting a conditional network access to the network access device in response to the authentication credential being valid; and
querying a remote authentication server associated with the network access device to determine whether the authentication credential has been revoked prior to a predefined expiration point of the authentication credential.
0 Assignments
0 Petitions
Accused Products
Abstract
A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
25 Citations
20 Claims
-
1. A method for authenticating a network access device, comprising:
-
validating locally at an access point an authentication credential contained in and sent with an access request received from the network access device, wherein the authentication credential is obtained from a business partner database and contains information that is predefined via a business agreement between an access network and a home network of the network access device before the access request is initiated; granting a conditional network access to the network access device in response to the authentication credential being valid; and querying a remote authentication server associated with the network access device to determine whether the authentication credential has been revoked prior to a predefined expiration point of the authentication credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium having stored thereon instruction that, when executed by a processor, causing the processor to perform a method for authenticating a network access device, comprising:
-
validating locally at an access point an authentication credential contained in and sent with an access request received from the network access device, wherein the authentication credential is obtained from a business partner database and contains information that is predefined via a business agreement between an access network and a home network of the network access device before the access request is initiated; granting a conditional network access to the network access device in response to the authentication credential being valid; and querying a remote authentication server associated with the network access device to determine whether the authentication credential has been revoked prior to a predefined expiration point of the authentication credential. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for authenticating a network access device, comprising:
-
means for validating locally at an access point an authentication credential contained in and sent with an access request received from the network access device, wherein the authentication credential is obtained from a business partner database and contains information that is predefined via a business agreement between an access network and a home network of the network access device before the access request is initiated; means for granting a conditional network access to the network access device in response to the authentication credential being valid; and means for querying a remote authentication server associated with the network access device to determine whether the authentication credential has been revoked prior to a predefined expiration point of the authentication credential. - View Dependent Claims (20)
-
Specification