Management of access to service in an access point

US 8,510,801 B2
Filed: 10/15/2009
Issued: 08/13/2013
Est. Priority Date: 10/15/2009
Status: Active Grant

First Claim

Patent Images

1. An access point device, comprising:

a memory to store instructions; and

a processor, communicatively coupled to the memory, that facilitates execution of the instructions to perform operations, comprising;

receiving a first access control data structure, wherein the first access control data structure is utilized by the access point device to control access to a network;

storing the first access control data structure;

validating a credential of a mobile device requesting establishment of attachment signaling with the access point device, wherein the validating is performed utilizing a first criterion in the first access control data structure;

in response to the credential of the mobile device failing the validating with reference to the first criterion in the first access control data structure, forwarding the credential of the mobile device to a second access control data structure, wherein the second access control data structure is not stored on the access point device;

receiving from a data store comprising the second access control data structure, an indication of successfully validating the credential of the mobile device with a second criterion in the second access control data structure;

in response to successfully validating the credential of the mobile device with the second criterion, downloading the second criterion from the data store based on the second access control data structure; and

updating the first access control data structure with the second criterion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System(s) and method(s) are provided to configure access rights to wireless resources and telecommunication service(s) supplied through a set of access points (APs). Access to wireless resources is authorized by access attributes in access control list(s) (ACL(s)) while a profile of service attributes linked to the ACL(s) regulate provision of telecommunication service(s). Access and service attributes can be automatically or dynamically configured, at least in part, in response to changes in data that directly or indirectly affects an operation environment in which the set of APs is deployed. Automatic or dynamic configuration of access or service attributes enable control or coordination of wireless service provided through the set of APs; degree of control or coordination is determined at least in part by enablement or disablement of disparate services for disparate devices at disparate access points at disparate times and with disparate service priority.

244 Citations

22 Claims

1. An access point device, comprising:
- a memory to store instructions; and
  
  a processor, communicatively coupled to the memory, that facilitates execution of the instructions to perform operations, comprising;
  
  receiving a first access control data structure, wherein the first access control data structure is utilized by the access point device to control access to a network;
  
  storing the first access control data structure;
  
  validating a credential of a mobile device requesting establishment of attachment signaling with the access point device, wherein the validating is performed utilizing a first criterion in the first access control data structure;
  
  in response to the credential of the mobile device failing the validating with reference to the first criterion in the first access control data structure, forwarding the credential of the mobile device to a second access control data structure, wherein the second access control data structure is not stored on the access point device;
  
  receiving from a data store comprising the second access control data structure, an indication of successfully validating the credential of the mobile device with a second criterion in the second access control data structure;
  
  in response to successfully validating the credential of the mobile device with the second criterion, downloading the second criterion from the data store based on the second access control data structure; and
  
  updating the first access control data structure with the second criterion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The access point device of claim 1, wherein the operations further comprise:
    - tracking an operational condition of the access point device; and
      
      in response to determining a change has occurred in the operational condition of the access point device, updating the first access control data structure based on the change in the operational condition of the access point device.
  - 3. The access point device of claim 2, wherein the tracking of the operational condition is performed in accordance with a polling schedule.
  - 4. The access point device of claim 1, wherein the first criterion is based on a level of service attribute identifying a service level provided by the network.
  - 5. The access point device of claim 1, wherein the second criterion is based on an access attribute identifying unrestricted attachment signaling for a duration defined for public access.
  - 6. The access point device of claim 5, wherein the access attribute is a predetermined schedule.
  - 7. The access point device of claim 5, wherein the operations further comprise:
    - receiving from the remotely located second access control data structure, a third criterion in the second access control data structure, wherein the third criterion indicating that the duration defined as public access has expired; and
      
      in response to determining attachment signaling of the mobile device to the access point device is a public access, terminating the attachment signaling of the mobile device to the access point device.
  - 8. The access point device of claim 1, wherein the second criterion is generated based on a probability determined of an attachment event occurring at the access point device.
  - 9. The access point device of claim 1, wherein the operations further comprise:
    - defining a period of time for retaining the second criterion in the first access control data structure; and
      
      in response to the period of time being determined to have elapsed, removing the second criterion from the first access control data structure.

10. A method, comprising:
- receiving, by an access point device comprising a processor, a first access control data structure, wherein the first access control data structure is utilized by the access point device to control access to a network;
  
  storing, by the access point device, the first access control data structure;
  
  initiating, by the access point device, a potential validation of a credential of a mobile device determined to be attempting to establish attachment signaling with the access point device, wherein the credential is to be validated with reference to a first criterion in the first access control data structure;
  
  in response to determining that the potential validation has failed with reference to the first criterion based on the credential of the mobile device, forwarding, by the access point device, the credential to a second access control data structure, wherein the second access control data structure is located remotely from the access point device;
  
  receiving, by the access point device, from a remote data store comprising the second access control data structure, an indication of a successful validation of the credential of the mobile device with reference to a second criterion in the second access control data structure;
  
  in response to the receiving the indication of the successful validation, receiving, by the access point device, the second criterion from the second access control data structure; and
  
  modifying, by the access point device, the first access control data structure to comprise the second criterion.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, further comprising:
    - monitoring, by the access point device, an operating condition of the access point device; and
      
      in response to determining a change has occurred in the operating condition of the access point device, updating, by the access point device, the first access control data structure based on the change in the operating condition of the access point device.
  - 12. The method of claim 10, wherein the first criterion relates to an access requirement defined for the network.
  - 13. The method of claim 10, further comprising:
    - generating, by the access point device, a time-stamp of a defined duration for the attachment signaling;
      
      determining, by the access point device, whether the time-stamp is still current according to the defined duration of the time-stamp; and
      
      in response to the time-stamp being determined to be no longer current, denying, by the access point device the attachment signaling.
  - 14. The method of claim 10, wherein the second criterion identifies unrestricted attachment signaling for a duration defined for public access.
  - 15. The method of claim 14, further comprising:
    - receiving, by the access point device from the data store comprising the second access control data structure, a third criterion from the second access control data structure, wherein the third criterion indicates that the duration defined for public access has expired; and
      
      in response to determining the attachment signaling of the mobile device to the access point device is classified for public access, terminating the attachment signaling of the mobile device to the access point device with reference to the third criterion.
  - 16. The method of claim 14, wherein the second criterion is active based on a predetermined schedule.
  - 17. The method of claim 10, wherein the initiating includes initiating, by the access point device, the validating of the credential of the mobile device, in response to detecting the mobile device within a transmission range of the access point device.
  - 18. The method of claim 17, wherein the transmission range of the access point device is limited to a restricted area.
  - 19. The method of claim 10, further comprising:
    - defining, by the access point device, a period of time for retaining the second criterion in the first access control data structure; and
      
      in response to the period of time expiring, removing, by the access point device, the second criterion from the first access control data structure.

20. A tangible computer readable medium comprising computer executable instructions that, in response to execution, cause an access point device comprising a processor to perform operations, the operations comprising:
- receiving a first access control data structure, wherein the first access control data structure is utilized by the access point device to control access to a network;
  
  storing the first access control data structure;
  
  validating a credential of a mobile device attempting to establish attachment signaling with the access point device, wherein the validating is performed with reference to a first criterion in the first access control data structure;
  
  in response to failure to validate the credential of the mobile device with the first criterion in the first access control data structure, forwarding the credential of the mobile device to a second access control data structure, wherein the second access control data structure is stored remotely from the access point device;
  
  receiving from the remotely located second access control data structure, an indication of successfully validating the credential of the mobile device with a second criterion in the second access control data structure;
  
  in response to successfully validating the mobile device credential with the second criterion, downloading the second criterion from the second access control data structure; and
  
  updating the first access control data structure with the second criterion.
- View Dependent Claims (21, 22)
- - 21. The tangible computer readable medium of claim 20, wherein the operations further comprise:
    - defining a period of time for retaining the second criterion in the first access control data structure; and
      
      in response to the period of time being determined to expire, removing the second criterion from the first access control data structure.
  - 22. The tangible computer readable medium of claim 20, wherein the operations further comprise:
    - monitoring an operating condition of the access point device; and
      
      in response to determining a change has occurred in the operating condition of the access point device, updating the first access control data structure based on the change.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Majmundar, Milap, Wohlert, Randolph
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US12/579,957
Publication Number

US 20110093913A1
Time in Patent Office

1,398 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/101   Access control lists [ACL]

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/082   using revocation of authori...

H04W 48/16   Discovering, processing acc...

H04W 84/045   using private Base Stations...

H04W 88/08   Access point devices

Management of access to service in an access point

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

244 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Management of access to service in an access point

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

244 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links