Providing services to a guest device in a personal network

US 8,353,052 B2
Filed: 11/09/2007
Issued: 01/08/2013
Est. Priority Date: 09/03/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising:

a proxy associated with a personal network; and

a mobile communications device associated with the personal network, where the mobile communications device is to;

send personal network connection information to a guest device, the personal network connection information including an internet protocol (IP) address for the proxy;

generate authentication credentials, where the authentication credentials include a type of access granted to the guest device, the type of access including a privilege afforded to the guest device, the afforded privilege comprising at least one of a first privilege to receive output data from the personal network using the guest device or a second privilege to input data to the personal network using the guest device; and

send the authentication credentials to the guest device, where the guest device does not communicate with the proxy until the guest device receives both the personal network connection information and the authentication credentials;

where the proxy is to;

receive the authentication credentials from the guest device, andauthenticate the guest device based on the authentication credentials received from the guest device and authorize the guest device to access content stored in the personal network based at least partially on the type of access granted to the guest device,where the authentication credentials are first authentication credentials and include information indicative of a first expiration time,where, prior to the first expiration time, the proxy re-authenticates the guest device based on the first authentication credentials,where, after the first expiration time, the mobile communications device, in response to receiving a request for credentials from the guest device, generates second authentication credentials and transmits the second authentication credentials to the guest device, where the second authentication credentials include a second expiration time after which the second authentication credentials are not valid, andwhere, prior to the second expiration time, the proxy re-authenticates the guest device based on the second authentication credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may include sending personal network connection information from a mobile device to a guest device; sending authentication credentials from the mobile device to the guest device; receiving the authentication credentials in the personal network from the guest device; authenticating the guest device based on the authentication credentials; and granting access to the guest device to content stored in the personal network for a guest session.

56 Citations

View as Search Results

22 Claims

1. A system comprising:
- a proxy associated with a personal network; and
  
  a mobile communications device associated with the personal network, where the mobile communications device is to;
  
  send personal network connection information to a guest device, the personal network connection information including an internet protocol (IP) address for the proxy;
  
  generate authentication credentials, where the authentication credentials include a type of access granted to the guest device, the type of access including a privilege afforded to the guest device, the afforded privilege comprising at least one of a first privilege to receive output data from the personal network using the guest device or a second privilege to input data to the personal network using the guest device; and
  
  send the authentication credentials to the guest device, where the guest device does not communicate with the proxy until the guest device receives both the personal network connection information and the authentication credentials;
  
  where the proxy is to;
  
  receive the authentication credentials from the guest device, andauthenticate the guest device based on the authentication credentials received from the guest device and authorize the guest device to access content stored in the personal network based at least partially on the type of access granted to the guest device,where the authentication credentials are first authentication credentials and include information indicative of a first expiration time,where, prior to the first expiration time, the proxy re-authenticates the guest device based on the first authentication credentials,where, after the first expiration time, the mobile communications device, in response to receiving a request for credentials from the guest device, generates second authentication credentials and transmits the second authentication credentials to the guest device, where the second authentication credentials include a second expiration time after which the second authentication credentials are not valid, andwhere, prior to the second expiration time, the proxy re-authenticates the guest device based on the second authentication credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1,where the guest device purges the first authentication credentials after the proxy authenticates the guest device.
  - 3. The system of claim 1, where the second authentication credentials are different from the first authentication credentials.
  - 4. The system of claim 1, where the proxy limits access, by the guest device, to content stored on the personal network, based on the privilege afforded to the guest device or privilege information stored in the proxy.
  - 5. The system of claim 1, where, prior to the guest device communicating with the proxy, the mobile communications device is to send connection information about the guest device to the proxy;
    - and receive credentials from the proxy.
  - 6. The system of claim 1, where a transmitter of the mobile communications device includes one or more of a short-range communications transmitter or a near field communication transmitter.
  - 7. The system of claim 6, where the proxy requires information about the guest device in order for the guest device to initiate communication with the proxy.
  - 8. The system of claim 1, where the transmitter of the mobile communications device includes one or more of a short-range communications transmitter or a near field communication transmitter.
  - 9. The system of claim 1, where a first type of access granted to the guest device is guest access such that the guest device has access to files on the personal network that are not tagged as confidential, and where a second type of access granted to the guest device is temporary access such that the guest device is re-authenticated by the proxy at least once during a predetermined period.
  - 10. The system of claim 9, where a third type of access granted to the guest device is full access such that the guest device has access to confidential and non-confidential files on the personal network.

11. A method comprising:
- in response to a proxy server in a personal network requiring information about a guest device;
  
  requesting, by a mobile communications device associated with the personal network, connection information from the guest device;
  
  receiving, at the mobile communications device, first connection information about the guest device;
  
  sending, from the mobile communications device, to the proxy server in the personal network, the first connection information about the guest device, where the first connection information is sent via a link that includes the guest device and that acts as an encrypted channel;
  
  sending, by the mobile communications device to the guest device, second connection information about the proxy server in the personal network, the second connection information including an internet protocol (IP) address for the proxy server;
  
  generating, by the mobile communications device, authentication credentials for the guest device;
  
  sending, by the mobile communications device to the guest device, the authentication credentials, where the authentication credentials are used by the proxy server to authenticate the guest device in the personal network and limit the guest device to access, based on a type of access included in the authentication credentials, content stored in the personal network for a guest session, where the guest device does not communicate with the proxy server until the guest device receives both the second connection information and the authentication credentials, the type of access including a privilege afforded to the guest device, the afforded privilege comprising at least one of a first privilege to receive output data from the personal network using the guest device or a second privilege to input data to the personal network using the guest device; and
  
  verifying, by the mobile communications device and via the link, the guest device being added to the personal network,where the authentication credentials are first authentication credentials and include information indicative of a first expiration time,where, prior to the first expiration time, the proxy server re-authenticates the guest device based on the first authentication credentials; and
  
  after the first expiration time, in response to receiving a request for credentials from the guest device, generating, by the mobile communications device, second authentication credentials and transmitting the second authentication credentials to the guest device, where the second authentication credentials include a second expiration time after which the second authentication credentials are not valid,where, prior to the second expiration time, the proxy server re-authenticates the guest device based on the second authentication credentials.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising:
    - in response to a second proxy server in the personal network not requiring information about the guest device;
      
      sending, by the mobile communications device to the guest device, the second connection information about the second proxy server in the personal network;
      
      generating, by the mobile communications device, second authentication credentials for the guest device; and
      
      sending, by the mobile communications device to the guest device, the second authentication credentials, where the second authentication credentials are used by the second proxy server to authenticate the guest device in the personal network and limit the guest device to access content stored in the personal network based on a type of access included in the second authentication credentials.
  - 13. The method of claim 11, where a first type of access granted to the guest device is guest access such that the guest device has access to files on the personal network that are not tagged as confidential, and where a second type of access granted to the guest device is temporary access such that the guest device is re-authenticated by the proxy server at least once during a predetermined period.
  - 14. The method of claim 13, where a third type of access granted to the guest device is full access such that the guest device has access to confidential and non-confidential files on the personal network.
  - 15. The method of claim 12,where the guest device purges the first authentication credentials after the proxy server authenticates the guest device.
  - 16. The method of claim 12, where the second authentication credentials are different from the first authentication credentials.
  - 17. The method of claim 11, where sending the authentication credentials includes transmitting the authentication credentials with a short-range communication transmitter or a near field communication transmitter.
  - 18. The method of claim 11, where generating the authentication credentials includes:
    - generating the first authentication credentials, andreceiving third authentication credentials from the proxy server in the personal network,where sending the authentication credentials includes sending the first authentication credentials and the third authentication credentials.

19. A non-transitory computer-readable medium including instructions executable by at least one processor, the computer-readable medium comprising:
- one or more instructions to determine that a proxy server in a personal network requires information about a guest device not associated with the personal network;
  
  one or more instructions to request, by a mobile communications device associated with the personal network, connection information from the guest device;
  
  one or more instructions to receive, at the mobile communications device, first connection information about the guest device;
  
  one or more instructions to send, from the mobile communications device to the proxy server in the personal network and via a link that includes the guest device and that acts as an encrypted channel, the first connection information about the guest device;
  
  one or more instructions to send, from the mobile communications device to the guest device, second connection information about the proxy server in the personal network, the second connection information including an internet protocol (IP) address for the proxy server;
  
  one or more instructions to generate, by the mobile communications device authentication credentials for the guest device;
  
  one or more instructions to send, from the mobile communications device to the guest device, the authentication credentials, where the authentication credentials are used to authenticate the guest device in the personal network and limit the guest device to access, based on a type of access included in the authentication credentials, content stored in the personal network during a guest session, where the guest device does not communicate with the proxy server until the guest device receives both the second connection information and the authentication credentials, the type of access including a privilege afforded to the guest device, the afforded privilege comprising at least one of a first privilege to receive output data from the personal network using the guest device or a second privilege to input data to the personal network using the guest device; and
  
  one or more instructions to receive, from the proxy server in the personal network and via the link, verification regarding whether the guest device is added to the personal network,where the authentication credentials are first authentication credentials and include information indicative of a first expiration time,where, prior to the first expiration time, the proxy server re-authenticates the guest device based on the first authentication credentials; and
  
  after the first expiration time, in response to receiving a request for credentials from the guest device, one or more instructions to generate, at the mobile communications device, second authentication credentials and transmit the second authentication credentials to the guest device, where the second authentication credentials include a second expiration time after which the second authentication credentials are not valid,where, prior to the second expiration time, the proxy server re-authenticates the guest device based on the second authentication credentials.
- View Dependent Claims (20, 21, 22)
- - 20. The computer-readable medium of claim 19, further comprising:
    - one or more instructions to determine that a second proxy server in the personal network does not require information about the guest device not associated with the personal network;
      
      one or more instructions to send, by the mobile communications device to the guest device, the second connection information about the second proxy server in the personal network;
      
      one or more instructions to generate, by the mobile communications device, second authentication credentials for the guest device;
      
      one or more instructions to send, by the mobile communications device to the guest device, the second authentication credentials, where the second authentication credentials are used by the second proxy server to authenticate the guest device in the personal network and limit the guest device to access content stored in the personal network based on a type of access included in the second authentication credentials.
  - 21. The computer-readable medium of claim 19, where the personal network includes a DNLA (Digital Network Living Alliance) network.
  - 22. The computer-readable medium of claim 19, where the guest device includes a hotel television in a hotel room.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Ericsson Mobile Communications USA Incorporated (Sony Group Corp.)
Original Assignee
Sony Mobile Communications AB (Sony Group Corp.)
Inventors
Stavenow, Bengt Gunnar, Bengtsson, Henrik Sven, Östsjö, Anders Wilhelm, Larsson, Bo Håkan, Ritzau, Jan Robert Tobias, Minör, Sten Håkan
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US11/937,795
Publication Number

US 20090064346A1
Time in Patent Office

1,887 Days
Field of Search

None
US Class Current

726/29
CPC Class Codes

H04L 2463/101   applying security measures ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/61   Time-dependent

H04W 88/02   Terminal devices

Providing services to a guest device in a personal network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Providing services to a guest device in a personal network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links