Network user authentication system and method
First Claim
1. A network user authentication system for authenticating user devices located in a building, comprising:
- a secure component physically connected to the building, wherein the secure component can be used to authenticate user devices located in the building;
a security server;
at least one network linking the security server to the secure component;
the security server being configured to determine a physical connection identification (ID) for the secure component and to associate the physical connection ID with a network service subscriber using the user device;
a service provider network edge site and at least one connecting line providing communication between the edge site and the building, the secure component comprising the connecting line from the edge site to the building; and
a building gateway module in the building linked to the connecting line, the building gateway module being configured to provide an interface between the connecting line and user devices in the building,wherein the edge site comprises an edge site server configured to provide authentication service to a plurality of buildings in a neighborhood, wherein the edge site server has dedicated connecting lines providing dedicated communications with a plurality of buildings in a local community, the edge site server having a processor module configured to store a plurality of unique digital certificates and to link each digital certificate with a respective dedicated line connected to the building with which said digital certificate is associated, andwherein the edge site server is a Telco server and is configured to authenticate a trusted path comprising one or more network nodes between a user device and a web server over a public network, andwherein the web server transmits content to the user device along the trusted path, and wherein the content is encrypted using multiple layers of encryption, wherein each layer of encryption is associated with a network element along the trusted network path, each layer comprising a decryption destination point indicator that indicates which network element should decrypt that layer of encryption.
6 Assignments
0 Petitions
Accused Products
Abstract
In a network user authentication system, a network user is identified for authentication purposes using the unique identifier for a dedicated physical communication line associated with the building in which the network user is located or a digital certificate which is associated with a secure component or communication line physically attached to a building. An authentication server initially verifies the identification of the dedicated communication line to be associated with a network service subscriber or issues a unique digital certificate to be associated with the dedicated communication line for authentication purposes. The digital certificate may be stored in a building gateway or in an edge site module which is connected to the secure components of a plurality of buildings and stores unique digital certificates for each building.
195 Citations
38 Claims
-
1. A network user authentication system for authenticating user devices located in a building, comprising:
-
a secure component physically connected to the building, wherein the secure component can be used to authenticate user devices located in the building; a security server; at least one network linking the security server to the secure component; the security server being configured to determine a physical connection identification (ID) for the secure component and to associate the physical connection ID with a network service subscriber using the user device; a service provider network edge site and at least one connecting line providing communication between the edge site and the building, the secure component comprising the connecting line from the edge site to the building; and a building gateway module in the building linked to the connecting line, the building gateway module being configured to provide an interface between the connecting line and user devices in the building, wherein the edge site comprises an edge site server configured to provide authentication service to a plurality of buildings in a neighborhood, wherein the edge site server has dedicated connecting lines providing dedicated communications with a plurality of buildings in a local community, the edge site server having a processor module configured to store a plurality of unique digital certificates and to link each digital certificate with a respective dedicated line connected to the building with which said digital certificate is associated, and wherein the edge site server is a Telco server and is configured to authenticate a trusted path comprising one or more network nodes between a user device and a web server over a public network, and wherein the web server transmits content to the user device along the trusted path, and wherein the content is encrypted using multiple layers of encryption, wherein each layer of encryption is associated with a network element along the trusted network path, each layer comprising a decryption destination point indicator that indicates which network element should decrypt that layer of encryption. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A network user authentication system for authenticating a user devices in a building, comprising:
-
a secure component physically connected to a building and associated with a first user device, wherein the secure component comprises a dedicated line connected to the building; an authentication server; at least one network linking the authentication server to the secure component; the authentication server having a trusted path certification module configured to create a client ID associated with the user device, to identify the secure component, and to associate a unique digital certificate with the secure component, and a data storage module for storing the client ID and associated digital certificate; and the authentication server further comprising a verification module for using the client ID and associated digital certificate for secure communications between the user device and other user devices over a public network, and wherein the authentication server is a Telco server and is configured to authenticate a trusted path comprising one or more network nodes between the first user device and a second user device over the public network, and wherein the first user device transmits content to the second user device along the trusted path, and wherein the content is encrypted using multiple layers of encryption, wherein each layer of encryption is associated with a network element along the trusted network path, each layer comprising a decryption destination point indicator that indicates which network element should decrypt that layer of encryption. - View Dependent Claims (21, 22)
-
-
23. A method for authenticating network users for secure communication over a public network, comprising:
-
associating a unique digital certificate with a physical connection, the digital certificate comprising a physical connection identification (physical connection ID) of a secure component physically attached to a building, storing the unique digital certificate in a data storage area associated with the physical connection, and using the unique digital certificate for verification purposes in network communications with prospective network partners over a public network; receiving a request for building authentication from a user device in the building at an authentication server through the secure component and at least one private network, wherein the authentication server is a Telco server; determining a subscriber identification (subscriber ID) for a user of the user device; verifying the physical connection ID of the secure component; storing a record of the subscriber ID and associated physical connection ID; determining a current physical connection ID of the secure component used by a connecting subscriber at each request for service received from the connecting subscriber; comparing the current physical connection ID with a previously stored physical connection ID for the same subscriber ID for verification purposes; and supplying the service only if the verification is successful, wherein content associated with the service is transmitted along a trusted communication path, and the content is encrypted using multiple layers of encryption, wherein each layer of encryption is associated with a network element along the trusted network path, each layer comprising a decryption destination point indicator that indicates which network element should decrypt that layer of encryption. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A network user authentication system, comprising:
-
a secure component physically connected to a building and associated with at least one user device in the building; a control unit associated with said secure component, the control unit having a processor module and a data storage module associated with the processor module; an authentication server; at least one network linking the authentication server to the control unit; the authentication server being configured to associate a unique digital certificate with the secure component and to transmit the unique digital certificate to the control unit associated with the secure component; and the processor module being configured to store the unique digital certificate in said data storage module and to use the digital certificate for secure communications between the user device and other web servers over a public network, wherein the control unit comprises an edge site server configured to provide authentication service to a plurality of buildings in a neighborhood, the edge site server having a plurality of dedicated lines each connected to a respective one of the buildings, the processor module being configured to store a plurality of unique digital certificates in said data storage module and to link each digital certificate with a respective dedicated line connected to the building with which said digital certificate is associated, and wherein the edge site server is a Telco server and is configured to authenticate a trusted path comprising one or more network nodes between the user device and a web server over the public network, and wherein the web server transmits content to the user device along the trusted path, and wherein the content is encrypted using multiple layers of encryption, wherein each layer of encryption is associated with a network element along the trusted network path, each layer comprising a decryption destination point indicator that indicates which network element should decrypt that layer of encryption. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification