Mobile host using a virtual single account client and server system for network access and management

US 8,316,424 B2
Filed: 07/28/2010
Issued: 11/20/2012
Est. Priority Date: 02/20/2001
Status: Expired

First Claim

Patent Images

1. A non-transitory computer readable medium storing program instructions, executable by a processor, which, when executed by the processor, perform a method for connecting to a remote network through an access network with a single user password, wherein an authentication server in the access network does not perform a protocol conversation with an authentication server in the remote network, wherein the method includes:

generating a virtual single account password and decryption key from the single user password;

decrypting at least one of a local access network authentication credential and a remote access authentication credential stored in encrypted form in a computer readable medium on a mobile host;

initiating a local access network connection; and

initiating a remote network access connection.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user'"'"'s mobile device to a current local access network, and the target remote network such as the user'"'"'s office network. All authentication credentials are encrypted using a key generated from the user'"'"'s VSA password that is generated from the user'"'"'s single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.

25 Citations

View as Search Results

20 Claims

1. A non-transitory computer readable medium storing program instructions, executable by a processor, which, when executed by the processor, perform a method for connecting to a remote network through an access network with a single user password, wherein an authentication server in the access network does not perform a protocol conversation with an authentication server in the remote network, wherein the method includes:
- generating a virtual single account password and decryption key from the single user password;
  
  decrypting at least one of a local access network authentication credential and a remote access authentication credential stored in encrypted form in a computer readable medium on a mobile host;
  
  initiating a local access network connection; and
  
  initiating a remote network access connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer readable medium of claim 1, wherein the mobile host is configured to initiate a virtual single account configuration update process with a virtual single account server.
  - 3. The computer readable medium of claim 2, wherein the virtual single account configuration update process includes:
    - constructing a virtual single account information update request message;
      
      sending the virtual single account information update request message to the virtual single account server; and
      
      receiving a virtual single account information update response message from the virtual single account server.
  - 4. The computer readable medium of claim 3, wherein the virtual single account information update request message contains an instruction authorizing the decrypting of the remote network authentication credential prior to initiating the remote network access connection.
  - 5. The computer readable medium of claim 1, wherein the mobile host selects a local access network from a current virtual single account access record.
  - 6. The computer readable medium of claim 1, wherein the mobile host generates a decryption key in response to a random sequence received from the user.
  - 7. The computer readable medium of claim 1, wherein the virtual single account password is generated using the expression:
    - virtual single account password=hash(virtual single account username∥
      
      common password∥
      
      virtual single account server∥
      
      remote network ID), wherein the virtual single account username identifies the user to a virtual single account server, the common password is the single user password, and the remote network ID identifies the remote network server as a home network for the mobile host.
  - 8. The computer readable medium of claim 3, wherein the virtual single account update request message “
    - Q”
      
      is derived from the expression;
      
      Q=virtual single account username∥
      
      X∥
      
      E_K1(Synchronization time∥
      
      Request content), where X is a random sequence; and
      
      K1 is an encryption key calculated from hash (hash (virtual single account password)∥
      
      X).
  - 9. The computer readable medium of claim 8, wherein the virtual single account information update response message “
    - A”
      
      is derived from the expression;
      
      A =Response Code∥
      
      Y∥
      
      E_K2(Synchronization time∥
      
      Response content), wherein Y is a random sequence, and K2 is an encryption key calculated from hash (hash (virtual single account password)∥
      
      Y).
  - 10. The computer readable medium of claim 1, wherein the mobile host is configured to select local access parameters and remote access parameters from a virtual single account access record.

11. A non-transitory computer readable medium storing processor executable instructions which, when executed by a processor, perform a method for connecting to a remote network through an access network with a single password, wherein an authentication server in the access network does not perform a protocol conversation with an authentication server in the remote network, wherein the method includes:
- receiving a virtual single account information update request message from a mobile host;
  
  sending a virtual single account information update response message to the mobile host, the virtual single account update response message including current remote access parameters for the remote network;
  
  receiving an authentication credential for the remote network;
  
  verifying the authentication credential; and
  
  granting remote network access to the mobile host.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer readable medium of claim 11, wherein the virtual single account information update request message “
    - Q”
      
      is derived from the expression;
      
      Q =virtual single account username∥
      
      X∥
      
      E_K1(Synchronization time∥
      
      Request content), wherein X is a random sequence;
      
      K1 is an encryption key calculated from hash (hash (virtual single account password)∥
      
      X).
  - 13. The computer readable medium of claim 12, wherein the virtual single account information update response message “
    - A”
      
      is derived from the expression;
      
      A =Response Code∥
      
      Y∥
      
      E_K2(Synchronization time∥
      
      Response content), wherein Y is a random sequence, and K2 is an encryption key calculated from hash (hash (virtual single account password)∥
      
      Y).
  - 14. The computer readable medium of claim 11, wherein the computer readable medium contains a plurality of virtual single account management records, each management record including a user'"'"'s virtual single account authentication credential.
  - 15. The computer readable medium of claim 11, wherein the user'"'"'s virtual single account authentication credential includes a virtual single account password generated from the single password.
  - 16. The computer readable medium of claim 15, wherein the virtual single account password is generated using the expression:
    - virtual single account password =hash(virtual single account username∥
      
      common password∥
      
      virtual single account server∥
      
      remote network ID), wherein the virtual single account username identifies a user to a virtual single account server, the common password is the single user password, and the remote network ID identifies the remote network serving as a home network for the mobile host.
  - 17. The computer readable medium of claim 11, wherein the server is configured to maintain access information for at least one local access network and at least one remote network.
  - 18. The computer readable medium of claim 17, wherein the access information includes client information for mobile hosts, and management information for at least one additional server.
  - 19. The computer readable medium of claim 11, wherein the method includes:
    - signaling, by a virtual single account server, a remote access gateway to verify the remote authentication credential.

20. A server including a processor and a computer readable medium storing instructions, executable by the processor, which, when executed by a processor, perform a method for establishing a virtual single account connecting a mobile host to a remote network through an access network with a single password, wherein an authentication server in the access network does not perform a protocol conversation with an authentication server in the remote network, the method comprising:
- receiving a virtual single account information update request message from a mobile host;
  
  sending a virtual single account information update response message to the mobile host, the virtual single account update response message including current remote access parameters for the remote network;
  
  receiving an authentication credential for the remote network;
  
  verifying the authentication credential; and
  
  granting remote network access to the mobile host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Inventors
Henry, Paul Shala, Jiang, Zhimei, Luo, Hui, Schmidt, Frederick Kenneth Jr.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US12/845,449
Publication Number

US 20100299523A1
Time in Patent Office

846 Days
Field of Search

713/168, 713182-184, 705/50, 705/24, 705/75, 380/270, 380/277, 726/2, 726 5- 6
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/80   Wireless network architectu...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

Mobile host using a virtual single account client and server system for network access and management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile host using a virtual single account client and server system for network access and management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links