Simplified authentication via application access server

US 8,607,316 B2
Filed: 08/31/2010
Issued: 12/10/2013
Est. Priority Date: 08/31/2010
Status: Active Grant

First Claim

Patent Images

1. A method for network access, comprising:

pre-configuring, by an application access server, a link between the application access server and an authentication and authorization server using Extensible Authentication Protocol (EAP);

receiving, at the application server, a first authorization request from the authentication and authorization server via the link comprising credentials provided by a user equipment (UE) to establish secure access to a WLAN wireless local area network (WLAN);

establishing a secure link between a user equipment (UE) and the WLAN in response to the application access server determining that the credentials allow the UE secure access to the WLAN; and

receiving, at the application access server, a second authorization request from the UE comprising the same credentials as provided to establish the WLAN secure link; and

establishing a secure application access link between the UE and the application access server via the WLAN in response to the application access server determining that the UE is allowed secure access to the application access server with the same credentials.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for network access is provided. The method includes establishing a secure link between a user equipment (UE) and a wireless local area network (WLAN) when an authentication and authorization server determines that credentials provided by the UE to the authentication and authorization server allow the UE secure access to the WLAN. The method further includes establishing a secure link between the UE and an application access server via the WLAN when the application access server, using the same credentials, determines that the UE is allowed secure access to the application access server.

12 Citations

View as Search Results

24 Claims

1. A method for network access, comprising:
- pre-configuring, by an application access server, a link between the application access server and an authentication and authorization server using Extensible Authentication Protocol (EAP);
  
  receiving, at the application server, a first authorization request from the authentication and authorization server via the link comprising credentials provided by a user equipment (UE) to establish secure access to a WLAN wireless local area network (WLAN);
  
  establishing a secure link between a user equipment (UE) and the WLAN in response to the application access server determining that the credentials allow the UE secure access to the WLAN; and
  
  receiving, at the application access server, a second authorization request from the UE comprising the same credentials as provided to establish the WLAN secure link; and
  
  establishing a secure application access link between the UE and the application access server via the WLAN in response to the application access server determining that the UE is allowed secure access to the application access server with the same credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein determining that the credentials allow the UE secure access to the WLAN comprises the authentication and authorization server communicating with the application access server to determine that the credentials are valid.
  - 3. The method of claim 1, wherein the application access server is a BlackBerry application access server.
  - 4. The method of claim 1, wherein an authentication method is defined that allows a routing protocol between the application access server and the authentication and authorization server to be used for network access.
  - 5. The method of claim 4, wherein the authentication method is an Extensible Authentication Protocol (EAP) method.
  - 6. The method of claim 5, wherein the authentication method is used as an inner authentication method for an existing authentication tunnel.
  - 7. The method of claim 6, wherein the UE establishes an outer EAP tunnel with an EAP peer on the authentication and authorization server before using the authentication method as the inner authentication method for the existing authentication tunnel.
  - 8. The method of claim 5, wherein the routing protocol allows EAP peers on the UE and on the authentication and authorization server to generate keying material.

9. A user equipment (UE), comprising:
- a hardware processor configured such that the UE, in a first authorization request, provides credentials to an application access server via a link pre-configured between the application access server and an authentication and authorization server using Extensible Authentication Protocol (EAP), wherein a secure link is established between the UE and a wireless local area network (WLAN) in response to the application access server determining that the credentials allow the UE secure access to the WLAN, andthe hardware processor further configured such that the UE, in a second authorization request, sends the same credentials, as provided to establish the WLAN secure link, to the application access server, wherein a secure application access link is established between the UE and the application access server via the WLAN in response to the application access server, based on the same credentials, determining that the UE is allowed secure access to the application access server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The UE of claim 9, wherein determining that the credentials provided to the authentication and authorization server allow the UE secure access to the WLAN comprises communicating between the authentication and authorization server and the application access server to determine that the credentials are valid.
  - 11. The UE of claim 9, wherein the application access server is a BlackBerry application access server.
  - 12. The UE of claim 9, wherein the hardware processor is further configured to use an authentication method that allows a routing protocol between the application access server and the authentication and authorization server to be used by the UE for network access.
  - 13. The UE of claim 12, wherein the authentication method is an Extensible Authentication Protocol (EAP) method.
  - 14. The UE of claim 13, wherein the hardware processor is further configured to use the authentication method as an inner authentication method for an existing authentication tunnel.
  - 15. The UE of claim 14, wherein the hardware processor is further configured to establish an outer EAP tunnel with an EAP peer on the authentication and authorization server before using the authentication method as the inner authentication method for the existing authentication tunnel.
  - 16. The UE of claim 13, wherein the routing protocol allows EAP peers on the UE and on the authentication and authorization server to generate keying material.

17. An application access server, comprising:
- a hardware processor configured such that the application access server;
  
  pre-configures a link between the application access server and an authentication and authorization server using Extensible Authentication Protocol (EAP),receives a first authorization request from the authentication and authorization server via the link comprising credentials provided by a user equipment (UE) to establish secure access to a wireless local area network (WLAN),promotes the establishment of a secure link between the UE and the WLAN in response to the application access server determining that the credentials allow the UE secure access to the WLAN,receives a second authorization request from the UE comprising the same credentials as provided to establish the WLAN secure link, andpromotes the establishment of a secure application access link between the UE and the application access server via the WLAN in response to determining that the same credentials allow the UE secure access to the application access server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The application access server of claim 17, wherein the hardware processor is further configured such that the secure link is established between the UE and the WLAN when the application access server verifies to the authentication and authorization server that the credentials are valid, the credentials having been provided to the application access server by the authentication and authorization server after having been provided to the authentication and authorization server by the UE.
  - 19. The application access server of claim 17, wherein the application access server is a BlackBerry application access server.
  - 20. The application access server of claim 18, wherein the hardware processor is further configured to use an authentication method that allows a routing protocol between the application access server and the authentication and authorization server to be used for network access.
  - 21. The application access server of claim 20, wherein the authentication method is an Extensible Authentication Protocol (EAP) method.
  - 22. The application access server of claim 21, wherein the hardware processor is further configured to use the authentication method as an inner authentication method for an existing authentication tunnel.
  - 23. The application access server of claim 22, wherein the hardware processor is further configured to establish an outer EAP tunnel with an EAP peer on the authentication and authorization server before the authentication method is used as the inner authentication method for the existing authentication tunnel.
  - 24. The application access server of claim 21, wherein the routing protocol allows EAP peers on the UE and on the authentication and authorization server to generate keying material.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Montemurro, Michael, Bender, Christopher Lyle, Oerton, Kevin John
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
Tsang, Henry

Application Number

US12/872,944
Publication Number

US 20120054844A1
Time in Patent Office

1,197 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

H04L 9/321   involving a third party or ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 84/12   WLAN [Wireless Local Area N...

Simplified authentication via application access server

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified authentication via application access server

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links