Automatic device authentication and account identification without user input when application is started on mobile station
First Claim
1. A method of authorizing mobile access to an application service, comprising steps of:
- receiving in an application server for providing the application service, from a mobile station via a data session for the mobile station previously established through a mobile communication network, a request for the application service related to an application started on the mobile station, wherein;
the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network, and a device specific identifier of the mobile station, butthe request does not include any user input at the mobile station regarding user authorization for the application service;
sending a query containing the network address assigned to the mobile station for the established data session, from the application server to an authentication element of the mobile communication network;
receiving a response to the query from the authentication element, the response from the authentication element containing an account associated number to which the network address has been assigned;
sending another query from the application server to a database of the mobile communication network, the other query including the number contained in the request received from the mobile station;
receiving a response to the other query, from the database of the mobile communication network, the response from the database containing a device specific identifier associated with the number contained in the request; and
authorizing, in the application server, the mobile station to access the application service responsive to;
(a) a match of the number contained in the request received from the mobile station with the account associated number received in the response from the authentication element, and(b) a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response from the database.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed procedures automatically identify a carrier-authorized mobile station and verify an account related identifier (e.g. mobile number) associated with the device, in response to start-up of an application in the device. In an example, application start-up causes the device to send a request to an application server, with the device'"'"'s current IP address, MTN and a device identifier such as MEID or ESN. The server queries a AAA system of the network to retrieve the MTN that has been assigned the IP address. If the retrieved MTN matches the MTN passed to the server in the request, the server queries a network database such as DMD for the device identifier associated with the MTN. A match of the device identifier retrieved from the network database with that passed to the server via the request indicates perfect authenticity of the requesting device and its MTN.
199 Citations
10 Claims
-
1. A method of authorizing mobile access to an application service, comprising steps of:
-
receiving in an application server for providing the application service, from a mobile station via a data session for the mobile station previously established through a mobile communication network, a request for the application service related to an application started on the mobile station, wherein; the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network, and a device specific identifier of the mobile station, but the request does not include any user input at the mobile station regarding user authorization for the application service; sending a query containing the network address assigned to the mobile station for the established data session, from the application server to an authentication element of the mobile communication network; receiving a response to the query from the authentication element, the response from the authentication element containing an account associated number to which the network address has been assigned; sending another query from the application server to a database of the mobile communication network, the other query including the number contained in the request received from the mobile station; receiving a response to the other query, from the database of the mobile communication network, the response from the database containing a device specific identifier associated with the number contained in the request; and authorizing, in the application server, the mobile station to access the application service responsive to; (a) a match of the number contained in the request received from the mobile station with the account associated number received in the response from the authentication element, and (b) a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response from the database. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server platform, comprising:
-
an interface for communications with a mobile communication network; a processor coupled to the interface; a memory accessible by the processor; and programming stored in the memory and executable by the processor, wherein the programming configures the processor to give the server platform functional capabilities to; receive in the server platform for providing an application service, from a mobile station via a data session for the mobile station previously established through the mobile communication network, a request for the application service related to an application started on the mobile station, wherein; the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network and a device specific identifier of the mobile station, but the request does not include any user input at the mobile station regarding user authorization for the application service; send a query containing the network address assigned to the mobile station for the established data session, from the server platform to an authentication element of the mobile communication network; receive a response to the query from the authentication element, the response from the authentication element containing an account associated number to which the network address has been assigned; send another query from the server platform to a database of the mobile communication network, the other query including the number contained in the request received from the mobile station; receive a response to the other query, from the database of the mobile communication network, the response from the database containing a device specific identifier associated with the number contained in the request; and authorize, by the server platform, the mobile station to access the application service responsive to; (a) a match of the number contained in the request received from the mobile station with the account associated number received in the response from the authentication element, and (b) a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response from the database.
-
-
9. A method of authorizing mobile access to an application service, comprising steps of:
-
receiving in an application server for providing the application service, from a mobile station via a data session for the mobile station previously established through a mobile communication network, a request for the application service related to an application started on the mobile station, wherein; the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network and a device specific identifier of the mobile station, but the request does not include any user input at the mobile station regarding user authorization for the application service; sending a first query containing the network address assigned to the mobile station for the established data session, from the application server to an authentication element of the mobile communication network; receiving a response to the first query from the authentication element, the response to the first query containing an account associated number to which the network address has been assigned; responsive to a match of the account associated number received in the response to the first query with the number contained in the request received from the mobile station, sending a second query from the application server to a database of the mobile communication network, the second query including the number contained in the request received from the mobile station; receiving a response to the second query, from the database of the mobile communication network, the response to the second query containing a device specific identifier associated with the number contained in the request received from the mobile station; and authorizing, in the application server, the mobile station to access the application service upon a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response to the second query.
-
-
10. A server platform, comprising:
-
an interface for communications with a mobile communication network; a processor coupled to the interface; a memory accessible by the processor; and programming stored in the memory and executable by the processor, wherein the programming configures the processor to give the server platform functional capabilities to; receive in the server platform for providing an application service, from a mobile station via a data session for the mobile station previously established through the mobile communication network, a request for the application service related to an application started on the mobile station, wherein; the request includes a network address assigned to the mobile station for the established data session, a number associated with an account of the mobile station for communications of the mobile station through the mobile communication network and a device specific identifier of the mobile station, but the request does not include any user input at the mobile station regarding user authorization for the application service; send a first query containing the network address assigned to the mobile station for the established data session, from the server platform to an authentication element of the mobile communication network; receive a response to the first query from the authentication element, the response to the first query containing an account associated number to which the network address has been assigned; responsive to a match of the account associated number received in the response to the first query with the number contained in the request received from the mobile station, send a second query from the server platform to a database of the mobile communication network, the second query including the number contained in the request received from the mobile station; receive a response to the second query, from the database of the mobile communication network, the response to the second query containing a device specific identifier associated with the number contained in the request received from the mobile station; and authorize, by the server platform, the mobile station to access the application service upon a match of the device specific identifier contained in the request received from the mobile station with the device specific identifier contained in the response to the second query.
-
Specification