Device-specific authorization at distributed locations
First Claim
1. A method comprising:
- sending a request from a client device via a first network to a second network, wherein the first network is different from the second network;
receiving, at the client device, redirection information in response to the request, wherein the redirection information includes an authentication seed and an address of a server that provides access control of the second network;
in response to receiving the authentication seed;
obtaining a shared secret at the client device;
computing, with the client device, a result of a one-way hash function for a combination of a network address of the client device, the authentication seed, and the shared secret; and
transmitting the network address and the result to the server, wherein the server makes a determination whether the client device is authorized to access the second network based on a comparison of the result to a test case computed by the server using the one-way hash function for a combination of the network address received by the server from the computing device, the authentication seed, and a secret selected by the server; and
receiving a response to the request via the second network, the response indicating a determination by the server that the client device is authorized to access the second network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving, at a client device, an authentication seed from a first network. The method also includes receiving a shared secret. The method further includes, in response to receiving the authentication seed, determining a network address of the client device. The method further includes computing a result of a one-way hash function of a combination of the network address, the authentication seed, and the shared secret. The method further includes transmitting the network address and the result of the one-way hash function to a server that provides access control of a second network coupled to the first network. The method further includes receiving permission from the server to access the second network.
137 Citations
14 Claims
-
1. A method comprising:
-
sending a request from a client device via a first network to a second network, wherein the first network is different from the second network; receiving, at the client device, redirection information in response to the request, wherein the redirection information includes an authentication seed and an address of a server that provides access control of the second network; in response to receiving the authentication seed; obtaining a shared secret at the client device; computing, with the client device, a result of a one-way hash function for a combination of a network address of the client device, the authentication seed, and the shared secret; and transmitting the network address and the result to the server, wherein the server makes a determination whether the client device is authorized to access the second network based on a comparison of the result to a test case computed by the server using the one-way hash function for a combination of the network address received by the server from the computing device, the authentication seed, and a secret selected by the server; and receiving a response to the request via the second network, the response indicating a determination by the server that the client device is authorized to access the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device comprising:
-
a processor; and a memory coupled to the processor, wherein the memory includes processor-executable instructions that, when executed by the processor, cause the processor to perform operations including; receiving redirection information via a first network in response to a request sent by the processor via the first network to a second network, wherein the redirection information includes an authentication seed, an address of a first server that provides a secret, and an address of a second server that provides access to the second network, wherein the first network is different from the second network; receiving the secret from the first server in response to a query sent from the processor to the first server; determining a network address of a client device; computing a result of a one-way hash function of a combination of the network address, the authentication seed, and the secret received from the first server; transmitting to the second server, wherein the data includes the network address and the result, wherein the second server makes a determination whether the client device is authorized to access the second network based on a comparison of the result to a test case computed by the second server using the one-way hash function for a combination of the network address, the authentication seed, and a secret selected by the second server; and accessing the second network in response to the determination that the client device is authorized to access the second network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification