Systems, methods, media, and means for user level authentication

US 8,250,634 B2
Filed: 12/05/2007
Issued: 08/21/2012
Est. Priority Date: 12/07/2006
Status: Active Grant

First Claim

Patent Images

1. A gateway in a communications network, comprisinga subscriber interface;

a Session Initiation Protocol (SIP) registrar;

a local cache; and

a network interface in communication with the subscriber interface, the SIP registrar, a subscriber database, and a mobile device;

whereinthe SIP registrar is configured to;

receives a first register message sent from the mobile device, the first register message including a request made by a first of a plurality of users for access to a network, wherein a separate user account is maintained for each of the plurality of users in the network and wherein any one of the plurality of users at a time can access the network by logging on and off of the network using the mobile device; and

if the mobile device is not registered in the network,send a request for subscriber information associated with the mobile device to the subscriber interface, wherein the subscriber information includes a user profile for the mobile device and the user profile includes challenge information for the plurality of users;

the subscriber interface is configured to;

retrieves the subscriber information from the subscriber database; and

send the subscriber information to the SIP registrar; and

the SIP registrar is further configured to;

store the subscriber information in the local cache;

authenticate the mobile device based at least in part on the subscriber information;

send to the mobile device challenge information associated with the first user including a password request and at least one user challenge question previously set up or selected by the first user;

receive a second register message including user response information of the first user in response to the challenge information from the mobile device;

authenticate the first user based at least in part on whether the user response information of the first user matches predetermined answers to the at least one user challenge question, such that the first user'"'"'s airtime minutes can be used for services provided by the network that are granted specifically for the first user; and

notify the subscriber interface of the authentication of the mobile device and the first user;

,if the mobile device has been registered already in the network,the SIP registrar is further configured to;

send to the mobile device the challenge information associated with the first user that is stored in the local cache;

receive the second register message from the mobile device;

authenticate the first user based at least in part on whether the user response information of the first user matches the predetermined answers to the at least one user challenge question, such that the first user'"'"'s airtime minutes can be used for the services provided by the network that are granted specifically for the first user; and

notify the subscriber interface of the authentication of the first user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, a gateway in a communications network is provided including a subscriber interface and a Session Initiation Protocol (SIP) registrar; wherein the SIP registrar: receives a first register message as a result of a request associated with a user and a mobile device seeking network authentication; and sends a request for subscriber information to the subscriber interface; the subscriber interface: retrieves the subscriber information from the subscriber database; and sends the subscriber information to the SIP registrar; the SIP registrar further: sends challenge information including a password request and a request for predetermined response information previously selected by the user to the mobile device; receives a second register message including user response information in response to the challenge information; and authenticates the mobile device and the user based at least in part on whether the user response information matches the predetermined response information.

123 Citations

View as Search Results

18 Claims

1. A gateway in a communications network, comprisinga subscriber interface;
- a Session Initiation Protocol (SIP) registrar;
  
  a local cache; and
  
  a network interface in communication with the subscriber interface, the SIP registrar, a subscriber database, and a mobile device;
  
  whereinthe SIP registrar is configured to;
  
  receives a first register message sent from the mobile device, the first register message including a request made by a first of a plurality of users for access to a network, wherein a separate user account is maintained for each of the plurality of users in the network and wherein any one of the plurality of users at a time can access the network by logging on and off of the network using the mobile device; and
  
  if the mobile device is not registered in the network,send a request for subscriber information associated with the mobile device to the subscriber interface, wherein the subscriber information includes a user profile for the mobile device and the user profile includes challenge information for the plurality of users;
  
  the subscriber interface is configured to;
  
  retrieves the subscriber information from the subscriber database; and
  
  send the subscriber information to the SIP registrar; and
  
  the SIP registrar is further configured to;
  
  store the subscriber information in the local cache;
  
  authenticate the mobile device based at least in part on the subscriber information;
  
  send to the mobile device challenge information associated with the first user including a password request and at least one user challenge question previously set up or selected by the first user;
  
  receive a second register message including user response information of the first user in response to the challenge information from the mobile device;
  
  authenticate the first user based at least in part on whether the user response information of the first user matches predetermined answers to the at least one user challenge question, such that the first user'"'"'s airtime minutes can be used for services provided by the network that are granted specifically for the first user; and
  
  notify the subscriber interface of the authentication of the mobile device and the first user;
  
  ,if the mobile device has been registered already in the network,the SIP registrar is further configured to;
  
  send to the mobile device the challenge information associated with the first user that is stored in the local cache;
  
  receive the second register message from the mobile device;
  
  authenticate the first user based at least in part on whether the user response information of the first user matches the predetermined answers to the at least one user challenge question, such that the first user'"'"'s airtime minutes can be used for the services provided by the network that are granted specifically for the first user; and
  
  notify the subscriber interface of the authentication of the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The gateway of claim 1, wherein the subscriber database is a Home Subscriber Server (HSS) and the SIP registrar is a serving call session control function (S-SCF).
  - 3. The gateway of claim 1, wherein authentication includes authentication, authorization, and registration.
  - 4. The method of claim 1, wherein the user challenge question comprises a question that is capable of suggesting a correct answer to the user.
  - 5. The gateway of claim 1, wherein the challenge information further includes an image previously selected by the user and wherein the user does not respond if the user does not recognize the image as the image previously selected by the user.
  - 6. The gateway of claim 1, wherein the SIP registrar includes an SIP application serving as an entry point for external messages including messages.
  - 7. The gateway of claim 6, wherein the SIP application is configured to interact with the mobile device.

8. A method for authenticating a mobile device and a user, comprising:
- receiving at a Session Initiation Protocol (SIP) registrar a first register message sent from a mobile device, the first register message including a request made by a first of a plurality of users for access to a network, wherein a separate user account is maintained for each of the plurality of users in the network and wherein any one of the plurality of users at a time can access the network by logging on and off of the network using the mobile device;
  
  if the mobile device is not registered in the network,sending from the SIP registrar a request for subscriber information to a subscriber interface, wherein the subscriber information is associated with the mobile device and includes a user profile for the mobile device and the user profile includes challenge information for the plurality of users;
  
  retrieving the subscriber information from a subscriber database at the subscriber interface;
  
  sending the subscriber information to the SIP registrar from subscriber interface;
  
  storing the subscriber information in a local cache;
  
  authenticating the mobile device based at least in part on the subscriber informationsending to the mobile device from the SIP registrar challenge information associated with the first user including a password request and at least one user challenge question previously set up or selected by the first user;
  
  receiving a second register message including user response information of the first user in response to the challenge information from the mobile device at the SIP registrar;
  
  authenticating the first user based at least in part on whether the user response information of the first user matches predetermined answers to the at least one user challenge question at the SIP registrar, such that the first user'"'"'s airtime minutes can be used for services provided by the network that are granted specifically for the first user; and
  
  sending a notification of authentication of the mobile device and the first user to the subscriber interface from the SIP registrar; and
  
  if the mobile device has been registered already in the network,sending to the mobile device from the SIP registrar the challenge information associated with the first user that is stored in the local cache;
  
  receiving at the SIP registrar the second register message from the mobile device;
  
  authenticating the first user based at least in part on whether the user response information of the first user matches the predetermined answers to the at least one user challenge question at the SIP registrar, such that the first user'"'"'s airtime minutes can be used for the services provided by the network that are granted specifically for the first user; and
  
  sending a notification of authentication of the first user to the subscriber interface from the SIP registrar.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the subscriber database is a Home Subscriber Server (HSS) and the SIP registrar is a serving call session control function (S-SCF).
  - 10. The method of claim 8, wherein authentication includes authentication, authorization, and registration.
  - 11. The method of claim 8, wherein the challenge information further includes an image previously selected by the user and wherein the user does not respond if the user does not recognize the image as the image previously selected by the user.
  - 12. The method of claim 8, wherein the user challenge question comprises a question that is capable of suggesting a correct answer to the user.
  - 13. The method of claim 8, wherein the SIP registrar includes an SIP application serving as an entry point for external messages including messages received from the mobile device.

14. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by a processor, cause the processor to perform a method, the method comprising:
- receiving at a Session Initiation Protocol (SIP) registrar a first register message sent from a mobile device, the first register message including a request made by a first of a plurality of users for access to a network, wherein a separate user account is maintained for each of the plurality of users in the network and wherein any one of the plurality of users at a time can access the network by logging on and off of the network using the mobile device;
  
  if the mobile device is not registered in the network,sending from the SIP registrar a request for subscriber information to a subscriber interface, wherein the subscriber information is associated with the mobile device and includes a user profile for the mobile device and the user profile includes challenge information for the plurality of users;
  
  retrieving the subscriber information from a subscriber database at the subscriber interface;
  
  sending the subscriber information to the SIP registrar from subscriber interface;
  
  storing the subscriber information in a local cache;
  
  authenticating the mobile device based at least in part on the subscriber information;
  
  sending to the mobile device from the SIP registrar challenge information associated with the first user including a password request and at least one user challenge question previously set up or selected by the first user;
  
  receiving a second register message including user response information of the first user in response to the challenge information from the mobile device at the SIP registrar;
  
  authenticating the first user based at least in part on whether the user response information of the first user matches predetermined answers to the at least one user challenge question at the SIP registrar, such that the first user'"'"'s airtime minutes can be used for services provided by the network that are granted specifically for the first user; and
  
  sending a notification of authentication of the mobile device and the first user to the subscriber interface from the SIP registrar; and
  
  if the mobile device has been registered already in the network,sending to the mobile device from the SIP registrar the challenge information associated with the first user that is stored in the local cache;
  
  receiving at the SIP registrar the second register message from the mobile device;
  
  authenticating the first user based at least in part on whether the user response information of the first user matches the predetermined answers to the at least one user challenge question at the SIP registrar, such that the first user'"'"'s airtime minutes can be used for the services provided by the network that are granted specifically for the first user; and
  
  sending a notification of authentication of the first user to the subscriber interface from the SIP registrar.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer-readable medium of claim 14, wherein the subscriber database includes a Home Subscriber Server (HSS) and the SIP registrar includes a serving call session control function (S-CSCF).
  - 16. The computer-readable medium of claim 14, wherein authentication includes authentication, authorization, and registration.
  - 17. The computer-readable medium of claim 14, wherein the challenge information further includes an image previously selected by the user and wherein the user does not respond if the user does not recognize the image as the image previously selected by the user.
  - 18. The computer-readable medium of claim 14, wherein the user challenge question comprises a question that is capable of suggesting a correct answer to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Agarwal, Kaitki, Ghai, Rajat
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
SHEHNI, GHAZAL B

Application Number

US11/950,682
Publication Number

US 20080168540A1
Time in Patent Office

1,721 Days
Field of Search

726 5- 10
US Class Current

726/5
CPC Class Codes

H04L 45/38   Flow based routing

H04L 45/72   Routing based on the source...

H04L 45/74   Address processing for routing

H04L 45/7453   using hashing

H04L 47/125   by balancing the load, e.g....

H04L 47/2483   involving identification of...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/102   Gateways arrangements for c...

H04L 65/103   in the network

H04L 65/1045   Proxies, e.g. for session i...

H04L 65/1046   Call controllers; Call servers

H04L 65/1104   Session initiation protocol...

H04L 65/80   Responding to QoS

H04L 67/52   specially adapted for the l...

H04W 4/02   Services making use of loca...

Y10S 707/912   Applications of a database

Y10S 707/913   Multimedia

Y10S 707/918   Location

Systems, methods, media, and means for user level authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, media, and means for user level authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links