Security bridging

US 8,959,610 B2
Filed: 12/26/2012
Issued: 02/17/2015
Est. Priority Date: 04/23/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing a communication service from a communication network to at least one subscriber device connected to the communication network via a gateway device, the method comprising:

authenticating the gateway device using the communication network;

after authentication of the gateway device by the communication network, authenticating, by the gateway device, the at least one subscriber device on behalf of the communication network independently of authentication functionality of the communication network;

providing, by the gateway device, a mobility certificate to the at least one subscriber device when the mobile subscriber device is connected to the communication network via the gateway device, the mobility certificate identifying the gateway device;

when the mobile subscriber device is no longer connected to the communication network via the gateway device, receiving, by the communication network from the mobile subscriber device, a service request and a mobility certificate from one of the at least one subscriber device;

determining, via the communication network, whether to provide a service to the one of the at least one subscriber device based on the received service request and the received mobility certificate; and

upon determining that the service is to be provided to the one of the at least one subscriber device, providing the communication service from the communication network via the gateway device identified by the mobility certificate to the one of the at least one subscriber device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network media gateway is used to bridge trust between a Service Provider network and subscriber devices. The gateway is authenticated by the Service Provider by using knowledge of network topology. Subscriber devices are authenticated in response to subscriber input to the gateway via an interface. Trusted subscriber devices can be tightly coupled with the Service Provider network, thereby facilitating delivery of QoE. Mobile and remote subscriber devices may also be authenticated. The gateway may also facilitate establishment of VPNs for peer-to-peer communications, and dynamically adjustable traffic, policy and queue weightings based on usage patterns.

12 Citations

19 Claims

1. A method of providing a communication service from a communication network to at least one subscriber device connected to the communication network via a gateway device, the method comprising:
- authenticating the gateway device using the communication network;
  
  after authentication of the gateway device by the communication network, authenticating, by the gateway device, the at least one subscriber device on behalf of the communication network independently of authentication functionality of the communication network;
  
  providing, by the gateway device, a mobility certificate to the at least one subscriber device when the mobile subscriber device is connected to the communication network via the gateway device, the mobility certificate identifying the gateway device;
  
  when the mobile subscriber device is no longer connected to the communication network via the gateway device, receiving, by the communication network from the mobile subscriber device, a service request and a mobility certificate from one of the at least one subscriber device;
  
  determining, via the communication network, whether to provide a service to the one of the at least one subscriber device based on the received service request and the received mobility certificate; and
  
  upon determining that the service is to be provided to the one of the at least one subscriber device, providing the communication service from the communication network via the gateway device identified by the mobility certificate to the one of the at least one subscriber device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, comprising:
    - after authentication of the gateway device by the communication network, certifying, by the communication network, the gateway device for providing a certified service and sending a certificate identifying the certified service to the gateway device;
      
      receiving, at the gateway device, the certificate from the communication network; and
      
      based at least in part on the certificate, the gateway device giving access to the certified service to a subscriber device connected to the communication network via the gateway device.
  - 3. The method of claim 2, wherein:
    - the gateway device maintains a record of the certificate; and
      
      the gateway device giving access to the certified service to the subscriber device is based at least in part on the certificate comprising the gateway device giving access to the certified service to the subscriber device based at least in part on the record of the certificate.
  - 4. The method of claim 3, wherein:
    - receiving, at the gateway device, a request for the certified service from a subscriber device connected to the communication network via the gateway device; and
      
      giving access, by the gateway device, to the certified service to the subscriber device being based at least in part on the record of the certificate comprises;
      
      the gateway device giving access to the certified service to the subscriber device based at least in part on the request and at least in part on the record of the certificate.
  - 5. The method of claim 4, wherein:
    - the gateway device receives user input from an authorized user associated with the gateway device, the user input identifying whether at least one subscriber device connected to the gateway device should be permitted to access the certified service; and
      
      the gateway device giving access to the certified service to the subscriber device comprises the gateway device giving access to the certified service based at least in part on the request, at least in part on the record of the certificate and at least in part on the user input.
  - 6. The method of claim 5, wherein at least some of the user input is captured in the record maintained for the certificate.
  - 7. The method of claim 2, wherein the certificate identifies at least one subscriber device authorized to access the certified service.
  - 8. The method of claim 2, further comprising transmitting, by the gateway device, an indication to the communication network when a subscriber device connected to the communication network via the gateway device using the certified service to facilitate billing for the certified service.
  - 9. The method of claim 2, wherein the certifying, by the communication network, the gateway device for providing the certified service comprises an edge certifier of the communication network certifying the gateway device for providing the certified service.
  - 10. The method of claim 1, wherein determining, by the communication network, whether to provide a service to the mobile subscriber device based on the service request and the mobility certificate comprises:
    - forwarding, by the communication network, the service request and the mobility certificate to the gateway device identified by the mobility certificate;
      
      receiving and validating the mobility certificate by the gateway device; and
      
      signaling, by the gateway device, the communication network to provide access to the service based on validation of the mobility certificate.
  - 11. The method of claim 10, wherein:
    - the communication network connected to the gateway device is a home network of the mobile subscriber device;
      
      the mobility certificate comprises information that can be used to identify the home network of the mobile subscriber device; and
      
      forwarding, by the communication network, the service request and the mobility certificate to the gateway device identified by the mobility certificate is responsive to receiving the service request and the mobility certificate at the home network from a foreign network to which the mobile subscriber device is currently connected.
  - 12. The method of claim 11, wherein validating the mobility certificate comprises verifying an authentication key of the mobile subscriber device.
  - 13. The method of claim 12, wherein the gateway device queries the mobile subscriber device for the authentication key.
  - 14. The method of claim 1, wherein the at least one subscriber device comprises a mobile subscriber device, the method further comprising:
    - when the mobile subscriber device is no longer connected to the communication network via the gateway device, receiving, by the gateway device from the mobile subscriber device via the communication network, an authentication request;
      
      determining, by the gateway device, whether to provide service access to the mobile subscriber device in response to the authentication request; and
      
      based on determining that service access should be provided to the mobile subscriber device, sending, by the gateway device, a code via the communication network to the mobile subscriber device, the code enabling the mobile subscriber device to access service using the code.
  - 15. The method of claim 14, wherein determining that service access should be provided to the mobile subscriber device comprises receiving, at the gateway device, permission from a user to grant service access to the mobile subscriber device.
  - 16. The method of claim 15, wherein the code is a digital signature.
  - 17. The method of claim 16, wherein the digital signature is based at least in part on a private key infrastructure.
  - 18. The method of claim 16, wherein the digital signature includes an agent configured to signal the gateway device that the requested service has been provided.
  - 19. The method of claim 16, wherein the digital signature comprises an agent configured to destroy the digital signature once the digital signature has been used.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Constellation Technologies LLC (Rockstar Consortium Inc.)
Inventors
Hayes, Hassler, Anoop, Nannra, Watkins, John
Primary Examiner(s)
Traore, Fatoumata

Application Number

US13/726,894
Publication Number

US 20130133058A1
Time in Patent Office

783 Days
Field of Search

None
US Class Current

726/12
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/02   for separating internal fro...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/166   at the transport layer

H04L 67/535   Tracking the activity of th...

H04L 9/3263   involving certificates, e.g...

Security bridging

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security bridging

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links