Systems and methods for controlling access to a public data network from a visited access provider
First Claim
1. A method of controlling access to a data network from a visited access provider, comprisingthe visited access provider receiving from a client device a message indicative of a request to access the data network;
- the visited access provider supporting a temporary connection between the client device and a credit provider, the temporary connection comprising a transmission of substitute user credentials from the credit provider in response to transmission of original user credentials from the client device, wherein supporting the temporary connection further comprises redirecting the client device to the credit provider in response to receiving data indicative of the credit provider from the client device;
the visited access provider receiving the substitute user credentials from the client device;
the visited access provider communicating the substitute user credentials to the credit provider to authenticate the client device;
responsive to successful authentication of the client device by the credit provider on the basis of the substitute user credentials, the visited access provider authorizing the client device to access the data network;
wherein the temporary connection is secured to prevent the visited access provider from determining the original user credentials transmitted by the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
To allow a user to access a public data network from a region of service operated by a visited access provider, the visited provider is supplied with an identity of a credit provider. The user is redirected to the credit provider, resulting in establishment of a temporary connection with the credit provider. During this temporary connection, the user supplies original user credentials and, in return, receives substitute user credentials if the original user credentials are valid. The substitute user credentials are supplied to the visited provider, which proceeds to have the user authenticated by the credit provider on the basis of the substitute user credentials. In this way, the visited provider authenticates the user with the credit provider before allowing the user to access the public data network, but a secure exchange of the original user credentials between the user and the credit provider prevents unauthorized access to this information by the visited provider.
31 Citations
49 Claims
-
1. A method of controlling access to a data network from a visited access provider, comprising
the visited access provider receiving from a client device a message indicative of a request to access the data network; -
the visited access provider supporting a temporary connection between the client device and a credit provider, the temporary connection comprising a transmission of substitute user credentials from the credit provider in response to transmission of original user credentials from the client device, wherein supporting the temporary connection further comprises redirecting the client device to the credit provider in response to receiving data indicative of the credit provider from the client device; the visited access provider receiving the substitute user credentials from the client device; the visited access provider communicating the substitute user credentials to the credit provider to authenticate the client device; responsive to successful authentication of the client device by the credit provider on the basis of the substitute user credentials, the visited access provider authorizing the client device to access the data network; wherein the temporary connection is secured to prevent the visited access provider from determining the original user credentials transmitted by the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A network, comprising:
-
a network server entity adapted to receive from a client device a message indicative of a credit provider; a gateway entity adapted to support a temporary connection between the client device and the credit provider via the network server entity, the temporary connection comprising a transmission of substitute user credentials from the credit provider in response to transmission of original user credentials from the client device, the temporary connection being secured to prevent the network server entity from determining the original user credentials transmitted by the client device, wherein to support the temporary connection, the gateway is further adapted to redirect the client device to the credit provider in response to receiving the message indicative of the credit provider from the client device; the network server entity being further adapted to receive the substitute user credentials from the client device; an authentication entity adapted to communicate the substitute user credentials to the credit provider to authenticate the client device; the network server entity being further adapted to authorize the client device to access the data network in response to successful authentication of the client device by the credit provider on the basis of the substitute user credentials. - View Dependent Claims (18)
-
-
19. A network, comprising:
-
server means for receiving from a client device a message indicative of a credit provider; means for supporting a temporary connection between the client device and the credit provider via the server means, the temporary connection comprising a transmission of substitute user credentials from the credit provider in response to transmission of original user credentials from the client device, the temporary connection being secured to prevent the server means from determining the original user credentials transmitted by the client device, wherein supporting the temporary connection further comprises redirecting the client device to the credit provider in response to receiving the message indicative of the credit provider from the client device; means for receiving the substitute user credentials from the client device; means for communicating the substitute user credentials to the credit provider to authenticate the client device; means for authorizing the client device to access the data network in response to successful authentication of the client device by the credit provider on the basis of the substitute user credentials.
-
-
20. A method of authenticating users having a business relationship with a credit provider, comprising:
-
receiving original user credentials from a client device over a temporary connection that passes through a visited provider of access to a data network, the temporary connection being secured to prevent the visited provider of access from determining the original user credentials transmitted by the client device, the client device being redirected to the credit provider in response to the visited provider of access receiving a message indicative of the credit provider from the client device; sending substitute user credentials to the client device over the temporary connection, the substitute user credentials being associated with the original user credentials; receiving the substitute user credentials from the visited provider of access; authenticating the client device on the basis of the substitute user credentials; responsive to successful authentication of the client device on the basis of the substitute user credentials, indicating to the visited provider of access to the data network that the client device has been successfully authenticated. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A credit provider having a business relationship with a plurality of users, comprising:
-
a network server entity adapted to; receive original user credentials from a client device over a temporary connection that passes through a visited provider of network access, the temporary connection being secured to prevent the visited provider of network access from determining the original user credentials transmitted by the client device, the client device being redirected to the credit provider in response to the visited provider of network access receiving a message indicative of the credit provider from the client device; send substitute user credentials to the client device over the temporary connection, the substitute user credentials being associated with the original user credentials; an authentication entity adapted to; receive the substitute user credentials from the visited provider of network access; authenticate the client device on the basis of the substitute user credentials; indicate to the visited provider of network access that the client device has been successfully authenticated in response to successful authentication of the client device on the basis of the substitute user credentials.
-
-
36. A credit provider having a business relationship with a plurality of users, comprising:
-
means for receiving original user credentials from a client device over a temporary connection that passes through a visited provider of access to a data network, the temporary connection being secured to prevent the visited provider of access from determining the original user credentials transmitted by the client device, the client device being redirected to the credit provider in response to the visited provider of access to a data network receiving a message indicative of the credit provider from the client device; means for sending substitute user credentials to the client device over the temporary connection, the substitute user credentials being associated with the original user credentials; means for receiving the substitute user credentials from the visited provider of access; means for authenticating the client device on the basis of the substitute user credentials; means for responsive to successful authentication of the client device on the basis of the substitute user credentials, indicating to the visited provider of access to the data network that the client device has been successfully authenticated.
-
-
37. A method of accessing a data network from a region of service operated by a visited access provider, comprising
supplying from a client device to the visited access provider an identity of a credit provider; -
establishing a temporary connection with the credit provider via the visited access provider, the client device being redirected to the credit provider in response to the visited access provider receiving the identity of the credit provider from the client device; receiving substitute user credentials from the credit provider during the temporary connection in response to supplying the credit provider with original user credentials provider during the temporary connection; supplying the substitute user credentials to the visited access provider for authentication of the client device by the credit provider on the basis of the substitute user credentials; wherein the temporary connection is secured to prevent the visited access provider from determining the original user credentials supplied to the credit provider. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. Apparatus for accessing a data network from a region of service operated by a visited access provider, comprising
means for supplying from a client device to the visited access provider an identity of a credit provider; -
means for establishing a temporary connection with the credit provider via the visited access provider, the client device being redirected to the credit provider in response to the visited access provider receiving the identity of the credit provider from the client device; means for receiving substitute user credentials from the credit provider during the temporary connection in response to supplying the credit provider with original user credentials provider during the temporary connection; means for supplying the substitute user credentials to the visited access provider for authentication of the client device by the credit provider on the basis of the substitute user credentials; wherein the temporary connection is secured to prevent the visited access provider from determining the original user credentials supplied to the credit provider.
-
Specification