Automatic device authentication and account identification without user input when application is started on mobile station

US 8,280,351 B1
Filed: 02/04/2010
Issued: 10/02/2012
Est. Priority Date: 02/04/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authorizing mobile access to an application service, comprising steps of:

receiving in an application server for providing the application service, from a mobile station via a data session for the mobile station previously established through a mobile communication network, a request for the application service related to an application started on the mobile station, wherein;

the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network, and a device specific identifier of the mobile station, butthe request does not include any user input at the mobile station regarding user authorization for the application service;

sending a query containing the network address assigned to the mobile station for the established data session, from the application server to an authentication element of the mobile communication network;

receiving a response to the query from the authentication element, the response from the authentication element containing an account associated number to which the network address has been assigned;

sending another query from the application server to a database of the mobile communication network, the other query including the number contained in the request received from the mobile station;

receiving a response to the other query, from the database of the mobile communication network, the response from the database containing a device specific identifier associated with the number contained in the request; and

authorizing, in the application server, the mobile station to access the application service responsive to;

(a) a match of the number contained in the request received from the mobile station with the account associated number received in the response from the authentication element, and(b) a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response from the database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed procedures automatically identify a carrier-authorized mobile station and verify an account related identifier (e.g. mobile number) associated with the device, in response to start-up of an application in the device. In an example, application start-up causes the device to send a request to an application server, with the device'"'"'s current IP address, MTN and a device identifier such as MEID or ESN. The server queries a AAA system of the network to retrieve the MTN that has been assigned the IP address. If the retrieved MTN matches the MTN passed to the server in the request, the server queries a network database such as DMD for the device identifier associated with the MTN. A match of the device identifier retrieved from the network database with that passed to the server via the request indicates perfect authenticity of the requesting device and its MTN.

199 Citations

10 Claims

1. A method of authorizing mobile access to an application service, comprising steps of:
- receiving in an application server for providing the application service, from a mobile station via a data session for the mobile station previously established through a mobile communication network, a request for the application service related to an application started on the mobile station, wherein;
  
  the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network, and a device specific identifier of the mobile station, butthe request does not include any user input at the mobile station regarding user authorization for the application service;
  
  sending a query containing the network address assigned to the mobile station for the established data session, from the application server to an authentication element of the mobile communication network;
  
  receiving a response to the query from the authentication element, the response from the authentication element containing an account associated number to which the network address has been assigned;
  
  sending another query from the application server to a database of the mobile communication network, the other query including the number contained in the request received from the mobile station;
  
  receiving a response to the other query, from the database of the mobile communication network, the response from the database containing a device specific identifier associated with the number contained in the request; and
  
  authorizing, in the application server, the mobile station to access the application service responsive to;
  
  (a) a match of the number contained in the request received from the mobile station with the account associated number received in the response from the authentication element, and(b) a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response from the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein at least the number associated with the account of the mobile station and the device specific identifier of the mobile station contained in the request are encrypted.
  - 3. The method of claim 1, wherein the number associated with the account of the mobile station contained in the request is a mobile telephone number (MTN) or a mobile directory number (MDN) assigned to the mobile station by a carrier operating the network for communications of the mobile station through the mobile communication network.
  - 4. The method of claim 3, wherein the device specific identifier of the mobile station contained in the request is a Mobile Equipment Identifier (MEID) or an Electronic Serial Number (ESN) of the mobile station.
  - 5. The method of claim 1, wherein:
    - the authentication element is an authentication, authorization and accounting (AAA) system of the mobile communication network, andthe database is a device management database (DMD) of the mobile communication network.
  - 6. The method of claim 5, wherein:
    - the number associated with the account of the mobile station contained in the request is a mobile telephone number (MTN) assigned to the mobile station by a carrier operating the network for communications of the mobile station through the mobile communication network, andthe device specific identifier of the mobile station contained in the request is a Mobile Equipment Identifier (MEID) of the mobile station.
  - 7. An article comprising a non-transitory machine readable storage medium having programming encoded thereon for making one or more server platforms perform the steps of the method of claim 1.

8. A server platform, comprising:
- an interface for communications with a mobile communication network;
  
  a processor coupled to the interface;
  
  a memory accessible by the processor; and
  
  programming stored in the memory and executable by the processor, wherein the programming configures the processor to give the server platform functional capabilities to;
  
  receive in the server platform for providing an application service, from a mobile station via a data session for the mobile station previously established through the mobile communication network, a request for the application service related to an application started on the mobile station, wherein;
  
  the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network and a device specific identifier of the mobile station, butthe request does not include any user input at the mobile station regarding user authorization for the application service;
  
  send a query containing the network address assigned to the mobile station for the established data session, from the server platform to an authentication element of the mobile communication network;
  
  receive a response to the query from the authentication element, the response from the authentication element containing an account associated number to which the network address has been assigned;
  
  send another query from the server platform to a database of the mobile communication network, the other query including the number contained in the request received from the mobile station;
  
  receive a response to the other query, from the database of the mobile communication network, the response from the database containing a device specific identifier associated with the number contained in the request; and
  
  authorize, by the server platform, the mobile station to access the application service responsive to;
  
  (a) a match of the number contained in the request received from the mobile station with the account associated number received in the response from the authentication element, and(b) a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response from the database.

9. A method of authorizing mobile access to an application service, comprising steps of:
- receiving in an application server for providing the application service, from a mobile station via a data session for the mobile station previously established through a mobile communication network, a request for the application service related to an application started on the mobile station, wherein;
  
  the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network and a device specific identifier of the mobile station, butthe request does not include any user input at the mobile station regarding user authorization for the application service;
  
  sending a first query containing the network address assigned to the mobile station for the established data session, from the application server to an authentication element of the mobile communication network;
  
  receiving a response to the first query from the authentication element, the response to the first query containing an account associated number to which the network address has been assigned;
  
  responsive to a match of the account associated number received in the response to the first query with the number contained in the request received from the mobile station, sending a second query from the application server to a database of the mobile communication network, the second query including the number contained in the request received from the mobile station;
  
  receiving a response to the second query, from the database of the mobile communication network, the response to the second query containing a device specific identifier associated with the number contained in the request received from the mobile station; and
  
  authorizing, in the application server, the mobile station to access the application service upon a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response to the second query.

10. A server platform, comprising:
- an interface for communications with a mobile communication network;
  
  a processor coupled to the interface;
  
  a memory accessible by the processor; and
  
  programming stored in the memory and executable by the processor, wherein the programming configures the processor to give the server platform functional capabilities to;
  
  receive in the server platform for providing an application service, from a mobile station via a data session for the mobile station previously established through the mobile communication network, a request for the application service related to an application started on the mobile station, wherein;
  
  the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network and a device specific identifier of the mobile station, butthe request does not include any user input at the mobile station regarding user authorization for the application service;
  
  send a first query containing the network address assigned to the mobile station for the established data session, from the server platform to an authentication element of the mobile communication network;
  
  receive a response to the first query from the authentication element, the response to the first query containing an account associated number to which the network address has been assigned;
  
  responsive to a match of the account associated number received in the response to the first query with the number contained in the request received from the mobile station, send a second query from the server platform to a database of the mobile communication network, the second query including the number contained in the request received from the mobile station;
  
  receive a response to the second query, from the database of the mobile communication network, the response to the second query containing a device specific identifier associated with the number contained in the request received from the mobile station; and
  
  authorize, by the server platform, the mobile station to access the application service upon a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response to the second query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Ahmed, Shahid, Gaddam, Venkat
Primary Examiner(s)
CAI, WAYNE HUU

Application Number

US12/700,234
Time in Patent Office

971 Days
Field of Search

None
US Class Current

455/411
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04M 2203/6072   Authentication using challe...

H04W 12/06   Authentication

H04W 12/08   Access security

Automatic device authentication and account identification without user input when application is started on mobile station

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

199 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic device authentication and account identification without user input when application is started on mobile station

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

199 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links