Device-specific authorization at distributed locations

US 8,627,416 B2
Filed: 06/18/2012
Issued: 01/07/2014
Est. Priority Date: 07/12/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

sending a request from a client device via a first network to a second network, wherein the first network is different from the second network;

receiving, at the client device, redirection information in response to the request, wherein the redirection information includes an authentication seed and an address of a server that provides access control of the second network;

in response to receiving the authentication seed;

obtaining a shared secret at the client device;

computing, with the client device, a result of a one-way hash function for a combination of a network address of the client device, the authentication seed, and the shared secret; and

transmitting the network address and the result to the server, wherein the server makes a determination whether the client device is authorized to access the second network based on a comparison of the result to a test case computed by the server using the one-way hash function for a combination of the network address received by the server from the computing device, the authentication seed, and a secret selected by the server; and

receiving a response to the request via the second network, the response indicating a determination by the server that the client device is authorized to access the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving, at a client device, an authentication seed from a first network. The method also includes receiving a shared secret. The method further includes, in response to receiving the authentication seed, determining a network address of the client device. The method further includes computing a result of a one-way hash function of a combination of the network address, the authentication seed, and the shared secret. The method further includes transmitting the network address and the result of the one-way hash function to a server that provides access control of a second network coupled to the first network. The method further includes receiving permission from the server to access the second network.

137 Citations

14 Claims

1. A method comprising:
- sending a request from a client device via a first network to a second network, wherein the first network is different from the second network;
  
  receiving, at the client device, redirection information in response to the request, wherein the redirection information includes an authentication seed and an address of a server that provides access control of the second network;
  
  in response to receiving the authentication seed;
  
  obtaining a shared secret at the client device;
  
  computing, with the client device, a result of a one-way hash function for a combination of a network address of the client device, the authentication seed, and the shared secret; and
  
  transmitting the network address and the result to the server, wherein the server makes a determination whether the client device is authorized to access the second network based on a comparison of the result to a test case computed by the server using the one-way hash function for a combination of the network address received by the server from the computing device, the authentication seed, and a secret selected by the server; and
  
  receiving a response to the request via the second network, the response indicating a determination by the server that the client device is authorized to access the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein transmitting the network address and the result of the one-way hash function to the server includes transmitting a remote authentication dial-in user service username that includes the network address and a remote authentication dial-in user service password that includes the result of the one-way hash function to the server.
  - 3. The method of claim 2, further comprising automatically attaching a realm to the remote authentication dial-in user service username, wherein the realm indicates a network provider associated with the client device.
  - 4. The method of claim 1, wherein the network address includes a media access control address.
  - 5. The method of claim 1, wherein obtaining the shared secret comprises retrieving the shared secret from a memory of the client device.
  - 6. The method of claim 1, wherein the first network is a local area network and wherein the second network includes an internet.
  - 7. The method of claim 1, wherein obtaining the shared secret comprises receiving the shared secret from a computing device coupled to the first network, the second network, or a combination thereof.

8. A device comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory includes processor-executable instructions that, when executed by the processor, cause the processor to perform operations including;
  
  receiving redirection information via a first network in response to a request sent by the processor via the first network to a second network, wherein the redirection information includes an authentication seed, an address of a first server that provides a secret, and an address of a second server that provides access to the second network, wherein the first network is different from the second network;
  
  receiving the secret from the first server in response to a query sent from the processor to the first server;
  
  determining a network address of a client device;
  
  computing a result of a one-way hash function of a combination of the network address, the authentication seed, and the secret received from the first server;
  
  transmitting to the second server, wherein the data includes the network address and the result, wherein the second server makes a determination whether the client device is authorized to access the second network based on a comparison of the result to a test case computed by the second server using the one-way hash function for a combination of the network address, the authentication seed, and a secret selected by the second server; and
  
  accessing the second network in response to the determination that the client device is authorized to access the second network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device of claim 8, wherein the data comprises a remote authentication dial-in user service username that includes the network address and a remote authentication dial-in user service password that includes the result of the one-way hash function.
  - 10. The device of claim 9, wherein the operations further include automatically attaching a realm to the remote authentication dial-in user service username, wherein the realm indicates a network provider associated with the client device.
  - 11. The device of claim 8, wherein the network address includes a media access control address.
  - 12. The device of claim 8, wherein the operations further include transmitting a request to the second network.
  - 13. The device of claim 8, wherein the secret selected by the second server is selected from a list of secrets.
  - 14. The device of claim 8, wherein the first server is coupled to the second network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayport, Inc. (AT&T, Inc.)
Original Assignee
Wayport, Inc. (AT&T, Inc.)
Inventors
Keeler, James D., Melendez, John R.
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/525,873
Publication Number

US 20120260320A1
Time in Patent Office

568 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/123   received data contents, e.g...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04W 12/06   Authentication

H04W 12/106   Packet or message integrity

H04W 8/26   Network addressing or numbe...

Device-specific authorization at distributed locations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

137 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Device-specific authorization at distributed locations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others