Authorization and authentication of user access to a distributed network communication system with roaming feature

US 8,196,180 B2
Filed: 11/03/2006
Issued: 06/05/2012
Est. Priority Date: 05/29/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, the method comprising:

in response to a request from client software on a client computer operated by a user and communicatively coupled to a first access point of the plurality of access points, automatically transmitting, through the first access point, a HTTP redirect message from a device operated by the network provider and coupled to the network to the client software on the client computer, the HTTP redirect message including an activation response message included in one or more HTML comments of the HTTP redirect message, wherein the activation response message is not displayed by a web browser, wherein the activation response message comprises information that indicates a URL of the network provider usable by the client software on the client computer to communicate a username and a password to the network provider, wherein the URL is associated with a first network address associated with the network provider, wherein the first network address is different from a second network address associated with the client computer;

receiving, from the client software on the client computer, the username and the password at the first network address, wherein the username and the password are usable to authorize access to the network for a user account of a roaming partner, wherein the roaming partner having a relationship with the user account such that the roaming partner is operable to signal the network provider to permit or deny access to the network;

sending the username and the password from the network provider to the roaming partner to determine whether or not the user account is authenticated;

receiving an authentication response from the roaming partner;

if the authentication response from the roaming partner indicates that the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and

if the authentication response indicates that the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing roaming access on a network are disclosed. The network includes a plurality of wireless and/or wired access points. A user may access the network by using client software on a client computer (e.g., a portable computing device) to initiate an access procedure. In response, a network management device operated by a network provider may return an activation response message to the client. The client may send the user'"'"'s username and password to the network provider. The network provider may rely on a roaming partner, another network provider with whom the user subscribes for internet access, for authentication of the user. Industry-standard methods such as RADIUS, CHAP, or EAP may be used for authentication. The providers may exchange pricing and service information and account information for the authentication session. A customer may select a pricing and service option from a list of available options.

Citations

29 Claims

1. A method for providing access to a network, wherein a plurality of access points operated by a network provider are coupled to the network, the method comprising:
- in response to a request from client software on a client computer operated by a user and communicatively coupled to a first access point of the plurality of access points, automatically transmitting, through the first access point, a HTTP redirect message from a device operated by the network provider and coupled to the network to the client software on the client computer, the HTTP redirect message including an activation response message included in one or more HTML comments of the HTTP redirect message, wherein the activation response message is not displayed by a web browser, wherein the activation response message comprises information that indicates a URL of the network provider usable by the client software on the client computer to communicate a username and a password to the network provider, wherein the URL is associated with a first network address associated with the network provider, wherein the first network address is different from a second network address associated with the client computer;
  
  receiving, from the client software on the client computer, the username and the password at the first network address, wherein the username and the password are usable to authorize access to the network for a user account of a roaming partner, wherein the roaming partner having a relationship with the user account such that the roaming partner is operable to signal the network provider to permit or deny access to the network;
  
  sending the username and the password from the network provider to the roaming partner to determine whether or not the user account is authenticated;
  
  receiving an authentication response from the roaming partner;
  
  if the authentication response from the roaming partner indicates that the user account is authenticated by the roaming partner, the network provider authorizing access to the network for the user account; and
  
  if the authentication response indicates that the user account is not authenticated by the roaming partner, the network provider denying access to the network for the user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein in determining whether the user account is authenticated, the roaming partner is configured to send the username and the password to an authentication authority.
  - 3. The method of claim 1, further comprising:
    - the network provider billing the roaming partner for access to the network by the user account.
  - 4. The method of claim 1, wherein in authorizing access to the network for the user account, the network provider is configured to send an authorization response to the client software.
  - 5. The method of claim 4, wherein the authorization response comprises a logoff URL which is usable by the client software to initiate a logoff for the user account.
  - 6. The method of claim 1,wherein receiving the username and the password includes receiving the username and the password using a hypertext transfer protocol (HTTP);
    - andwherein sending the username and the password from the network provider to the roaming partner includes sending the username and the password from the network provider to the roaming partner using a Remote Authentication Dial-In User Service (RADIUS) protocol.
  - 7. The method of claim 1, wherein the username includes information indicating the roaming partner.
  - 8. The method of claim 1, wherein the client computer is a portable computing device operable to be carried by a user.
  - 9. The method of claim 1, further comprising:
    - before receiving the authentication response from the roaming partner, permitting access to a domain name service, wherein the domain name service is operable to receive a host name from the client computer and provide, to the client computer, a network address associated with the host name.
  - 10. The method of claim 1, wherein the network includes an Internet.

11. A program product comprising a computer readable memory device including program logic embedded therein, which when executed by a processing system coupled to a plurality of access points, the processing system:
- automatically transmits, via a first access point of the plurality of access points and in response to a request from client software on a client computer operated by a user and communicatively coupled to the first access point, a HTTP redirect message from a device operated by the network provider and coupled to the network to the client software on the client computer, the HTTP redirect message including an activation response message included in one or more HTML comments of the HTTP redirect message, wherein the activation response message is not displayed by a web browser, wherein the activation response message comprises information that indicates a URL of the network provider usable by the client software on the client computer to communicate a username and a password to the network provider, wherein the URL is associated with a first network address associated with the network provider, wherein the first network address is different from a second network address associated with the client computer;
  
  receives, from the client software on the client computer, the username and the password at the first network address, wherein the username and the password are usable to authorize access to the network for a user account of a roaming partner, wherein the roaming partner having a relationship with the user account such that the roaming partner is operable to signal the network provider to permit or deny access to the network;
  
  sends the username and the password from the network provider to the roaming partner to determine whether or not the user account is authenticated;
  
  receives an authentication response from the roaming partner;
  
  if the authentication response from the roaming partner indicates that the user account is authenticated by the roaming partner, the network provider authorizes access to the network for the user account; and
  
  if the authentication response indicates that the user account is not authenticated by the roaming partner, the network provider denies access to the network for the user account.

12. A system operated by a first network provider, comprising:
- a first network;
  
  at least one access point coupled to the first network;
  
  a first device coupled to the first network and configured to be coupled to a second network; and
  
  a second device coupled to at least one of the first network and the second network;
  
  wherein the first device is configured to control access between the first network and the second network;
  
  wherein the first device is configured such that the first device;
  
  in response to a request from a client computer operated by a user and communicatively coupled to the at least one access point, automatically transmits, through the at least one access point, a HTTP redirect message to the client computer, wherein the activation response message includes information that indicates a URL of the first network provider usable by the client computer to communicate a username and a password to the first network provider, the HTTP redirect message including an activation response message included in one or more HTML comments of the HTTP redirect message, wherein the activation response message is not displayed by a web browser, wherein the URL is associated with a first network address associated with the first network provider, wherein the first network address is different from a second network address associated with the client computer;
  
  wherein the second device is configured to communicate using at least the first network address and is configured such that the second device;
  
  receives, from the client computer and through the at least one access point, the username and the password at the first network address, wherein the username and the password are usable to authorize access to the second network for a user account of a roaming partner, wherein the roaming partner having a relationship with the user account such that the roaming partner is operable to signal the first network provider to permit or deny access to the second network;
  
  sends the username and the password to the roaming partner to determine whether or not the user account is authorized for access to the second network;
  
  receives an authentication response from the roaming partner;
  
  if the authentication response from the roaming partner indicates that the user account is authenticated by the roaming partner, transmits a message to the first device, wherein the message indicates that the client computer can access the second network, whereby the client computer is permitted access to the second network; and
  
  if the authentication response indicates that the user account is not authenticated by the roaming partner, denies the client computer access to the second network.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the first device includes the second device.
  - 14. The system of claim 12,wherein the first device is further configured such that the first device permits the client computer access to the second network.
  - 15. The system of claim 14,wherein the first device includes an access control list usable to control access between the first network and the second network;
    - wherein when the first device permits the client computer access to the second network, the first device modifies the access control list to permit the client computer access to the second network.
  - 16. The system of claim 12, wherein the at least one access point is a wireless access point that communicates with the client computer in a wireless fashion.
  - 17. The system of claim 12, wherein the second device is further configured such that the second device transmits an authorization response to the client computer, wherein the authorization response includes a logoff URL which is usable by the client computer to initiate a logoff for the user account.
  - 18. The system of claim 12, wherein the second network includes an Internet.
  - 19. The system of claim 12, wherein the username includes information indicating the roaming partner.
  - 20. The system of claim 12, wherein the client computer is a portable computing device operable to be carried by a user.

21. A computer readable memory device comprising instructions, which when executed on a processing system associated with a first network address, the processing system:
- transmitting a request to a second network address, wherein the second network address is different from the first network address, wherein the processing system belongs to a subnet of a first network operated by a network provider and the second network address does not belong to the subnet of the first network;
  
  receives a HTTP redirect message from a device operated by the network provider and coupled to the first network, the HTTP redirect message including an activation response message contained in one or more HTML comments of the HTTP redirect message, wherein the activation response message is not displayed by a web browser, wherein the activation response message includes information that indicates a URL of the network provider, wherein the URL is associated with a third network address associated with the network provider, wherein the third network address is different from each of the first network address and the second network address;
  
  transmits a username and a password to the third network address, wherein the username and password are associated with a user account of a roaming partner having a relationship with the user account such that the roaming partner enables access to third-party networks not operated by the roaming partner to determine whether or not the user account is authorized for access of a second network coupled to the first network; and
  
  receives an authorization response from the first network provider, wherein the authorization response includes information indicating whether or not the processing system can access the second network.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The computer readable memory device of claim 21,wherein the activation response message includes meta data and data;
    - wherein the activation response message includes one or more HTML comments, wherein the activation response message would not be displayed by a web browser;
      
      wherein the one or more HTML comments include the meta data and at least a portion of the data; and
      
      wherein the at least the portion of the meta data is associated with the at least the portion of the data.
  - 23. The computer readable memory device of claim 21, wherein at least a portion of the activation response message includes information usable to access the second network.
  - 24. The computer readable memory device of claim 21, wherein at least a portion of the activation response message is usable in transmitting the username and the password to the third network address.
  - 25. The computer readable memory device of claim 21, wherein the authorization response includes a logoff URL;
    - the computer readable memory medium, further comprising instructions, which when executed on the processing system, the processing system;
      
      transmits a message to the logoff URL.
  - 26. The computer readable memory device of claim 21, further comprising instructions, which when executed on the processing system, the processing system:
    - receives the username and the password from a user of the processing system.
  - 27. The computer readable memory device of claim 21, wherein the second network includes an Internet.
  - 28. The computer readable memory device of claim 21, wherein the username includes information indicating the roaming partner.
  - 29. The computer readable memory device of claim 21, wherein the processing system is a portable computing device operable to be carried by a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayport, Inc. (AT&T, Inc.)
Original Assignee
Wayport, Inc. (AT&T, Inc.)
Inventors
Keeler, James D., Krenzer, Matthew M.
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US11/556,620
Publication Number

US 20070220596A1
Time in Patent Office

2,041 Days
Field of Search

726 1- 3, 380247-250, 709/225, 711147-151, 713155-159, 705/18
US Class Current

726/3
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 30/0206   Price or cost determination...

H04L 12/14   Charging , metering or bill...

H04L 12/1446   inter-operator billing

H04L 12/1467   involving prepayment

H04L 12/2898   Subscriber equipments DSL m...

H04L 12/5692   Selection among different n...

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04L 63/101   Access control lists [ACL]

H04L 67/52   specially adapted for the l...

H04M 15/00   Arrangements for metering, ...

H04M 15/8038   Roaming or handoff

H04M 2215/7442   Roaming

H04W 12/088   using filters or firewalls

H04W 4/00   Services specially adapted ...

H04W 4/02   Services making use of loca...

H04W 4/24   Accounting or billing

H04W 48/18   Selecting a network or a co...

H04W 60/04   using triggered events

H04W 80/00 : Wireless network protocols ...

View All

Authorization and authentication of user access to a distributed network communication system with roaming feature

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization and authentication of user access to a distributed network communication system with roaming feature

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links