Method of and system for extending the WISPr authentication procedure

US 9,020,467 B2
Filed: 11/18/2011
Issued: 04/28/2015
Est. Priority Date: 11/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method of granting a user access to a wireless network comprising:

validating credential information of a user device at an Intermediary Authentication System by utilizing a Home Authentication System to generate a set of authentication tools, wherein the user device and Home Authentication System are separate from the Intermediary Authentication System; and

on successfully authenticating the credential information, granting the user device a temporary credential by the Intermediary Authentication System in a credential format of the wireless network, thereby allowing the user device to access the wireless network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for completing the authentication process of a user device in a second communication network (such as Wi-Fi or WiMAX) utilizes the user credential (such as a SIM card, a USIM card, or a RUIM card) of a first communication network (such as GSM, CDMA, EDGE, or LTE). A client, such as a software module, executes on the wireless device. An authentication platform retrieves the SIM card credential information in the first communication network and passes the information to the authentication platform of the second communication network, thereby granting the client access to the second communication after the authentication platform validates with the first communication network.

Citations

38 Claims

1. A method of granting a user access to a wireless network comprising:
- validating credential information of a user device at an Intermediary Authentication System by utilizing a Home Authentication System to generate a set of authentication tools, wherein the user device and Home Authentication System are separate from the Intermediary Authentication System; and
  
  on successfully authenticating the credential information, granting the user device a temporary credential by the Intermediary Authentication System in a credential format of the wireless network, thereby allowing the user device to access the wireless network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the user credential comprises a SIM card, a USIM card, a R-UIM card, or a functionally similar component.
  - 3. The method of claim 2, further comprising:
    - retrieving a user identification from the credential;
      
      transferring the user identification to the Intermediary Authentication System;
      
      receiving a challenge request from the Intermediary Authentication System;
      
      generating a challenge response from the credential using a challenge parameter as input;
      
      transferring the challenge response to the Intermediary Authentication System; and
      
      receiving an authentication result and an authorization result.
  - 4. The method of claim 3, wherein the user identification comprises an IMSI, an MSISDN, or a user name.
  - 5. The method of claim 3, wherein the challenge request comprises a random number or a secret key.
  - 6. The method of claim 3, wherein the validating the credential information at the Intermediary Authentication System further comprises:
    - receiving the user identification from a client executing on the user device;
      
      communicating with the Home Authentication System to retrieve challenge vectors;
      
      transferring the challenge vectors to the client;
      
      validating the challenge response from the client by comparing it with the challenge response from the Home Authentication System; and
      
      issuing the temporary credential for the user device to login to the wireless network.
  - 7. The method of claim 1, wherein the Home Authentication System comprises an HLR, an HSS or a Subscriber Management System in a GSM, a CDMA, an EDGE, or an LTE network.
  - 8. The method of claim 1, wherein allowing the user device to the access the wireless network comprises using a WISPr 1.0 protocol and a login procedure supported by the wireless network.
  - 9. The method of claim 8, wherein a communication protocol between the Intermediary Authentication System and Home Authentication System comprises MAP, IS-41, or AAA.
  - 10. The method of claim 8, wherein communication between the Intermediary Authentication System and the client is performed using TCP/IP.
  - 11. The method of claim 1, wherein the wireless network is a Wi-Fi network.
  - 12. The method of claim 11, wherein a communication protocol between the Intermediary Authentication System and the client is selected from the group consisting of HTTP, HTTPS, and Session Initiation Protocol (SIP).
  - 13. The method of claim 1, wherein the validating comprises exchanging a challenge token from the authentication tools and a response to the challenge between a client running on the user device and the Intermediary Authentication System.
  - 14. The method of claim 1, wherein the temporary credential is configured to only enable a single access of the wireless network by the user device using the temporary credential.

15. A method of granting a user device access to a wireless network comprising:
- detecting with a user device that the wireless network does not include an Intermediary Authentication System in a walled garden;
  
  initiating a temporary Internet connection with the wireless network with the Intermediary Authentication System using predefined credential rules recognized by the Intermediary Authentication System;
  
  validating user credential information at the Intermediary Authentication System by utilizing a Home Authentication System to generate a set of authentication tools over the temporary Internet connection, wherein the user credential information is separate from the predefined credential rules;
  
  on successfully validating the user credential information, granting the user device a temporary credential in a credential format of the wireless network;
  
  tearing down the temporary Internet connection; and
  
  accessing the wireless network using the temporary credential format.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein detecting that the wireless network does not include the Authentication System in the walled garden comprises using a database storing one or more wireless network profiles.
  - 17. The method of claim 15, wherein initiating a temporary Internet connection comprises using WISPr 1.0 protocol and a login procedure supported by the wireless network.
  - 18. The method of claim 15, wherein tearing down the temporary Internet connection comprises using WISPr 1.0 protocol and a logoff procedure supported by the wireless network.

19. An Authentication System for completing an authentication and registration procedure in a wireless network by utilizing a user credential of a mobile device, the Authentication System comprising a memory containing computer-executable instructions that when executed by a processor perform a method comprising:
- receiving identifier information of a user credential associated with a wireless device;
  
  communicating with a Home Authentication Server to retrieve challenge vectors;
  
  transferring the challenge vectors to a client executing on the wireless device;
  
  validating a challenge result from the client, at the Authentication System, against a response from the Home Authentication Server, wherein the Home Authentication Server, the Authentication System, and the wireless network are separate from one another; and
  
  granting the wireless device access to the wireless network.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The Authentication System of claim 19, wherein the receiving identifier information and communicating with the client is performed over a TCP/IP network.
  - 21. The Authentication System of claim 20, wherein a protocol for communicating with the client is selected from the group consisting of HTTP, HTTPS, and Session Initiation Protocol (SIP).
  - 22. The Authentication System of claim 20, wherein a communication protocol between Authentication System and the Home Authentication System is MAP, IS-41 or AAA.
  - 23. The Authentication System of claim 20, wherein granting the wireless device access to the wireless network comprises issuing the wireless device a temporary credential.
  - 24. The Authentication System of claim 23, wherein the temporary credential comprises an authorization token.
  - 25. The Authorization System of claim 24, wherein the authorization token is a one-use token.
  - 26. The Authorization System of claim 24, wherein the authorization token is a multiple-use token.
  - 27. The Authorization System of claim 24, wherein granting the wireless device access to the wireless network comprises storing the authorization token into a database.

28. A method of authenticating a user comprising:
- verifying authentication requests from a Wi-Fi network by validating credential information of a user device at an Intermediary Authentication System utilizing a Home Authentication System to generate a set of authentication tools;
  
  granting a user device access to the Wi-Fi network by issuing different authorization results; and
  
  on receiving accounting requests, generating an accounting record for the user device.
- View Dependent Claims (29, 30)
- - 29. The method of claim 28, wherein a protocol for communicating with an AAA system of the Wi-Fi network is over RADIUS or Diameter.
  - 30. The method of claim 28, wherein the different authorization results include permanent Internet access or limited Internet access for only a pre-defined duration.

31. A wireless system comprising one or more computer memories containing computer-executable instructions that when executed by a processor perform a method comprising:
- detecting that the wireless network does not include an Authentication System in a walled garden;
  
  initiating a temporary Internet connection with the wireless network with predefined credential rules recognized by an Authentication Gateway;
  
  validating, at the Authentication system, user credential information associated with a user device against a Home Authentication System over the temporary Internet connection, wherein the walled garden, the Authentication System, and the Home Authentication System are separate from one another;
  
  on successfully validating the user credential information, granting the user device a temporary credential in a credential format of the wireless network;
  
  tearing down the temporary Internet connection; and
  
  accessing the wireless network using the temporary credential.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The wireless system of claim 31, wherein the detecting that the wireless network does not include the Authentication System in the walled garden comprises using a database storing one or more wireless network profiles.
  - 33. The wireless system of claim 31, wherein the initiating a temporary Internet connection comprises using WISPr 1.0 protocol and a login procedure supported by the wireless network.
  - 34. The wireless system of claim 31, wherein the tearing down the temporary Internet connection comprises using WISPr 1.0 protocol and a logoff procedure supported by the wireless network.
  - 35. The wireless system of claim 31, wherein the wireless network comprises a Wi-Fi network.
  - 36. The wireless device of claim 35, wherein the user identification comprises an IMSI, an MSISDN, or a username.

37. A wireless device comprising a computer memory containing computer-executable instructions that when executed by a processor perform a method comprising:
- retrieving user identification from a user credential;
  
  transferring the user identification to a remote Authentication System;
  
  receiving a challenge request from the remote Authentication System;
  
  generating a challenge response from the user credential using a challenge parameter as input;
  
  transferring the challenge response to the remote Authentication System, wherein the challenge response is validated at the remote Authentication System against a challenge response from a Home Authentication System;
  
  receiving an authentication result and an authorization result; and
  
  transferring the authentication result to the remote Authentication System, wherein the authentication result is validated against a database on the remote Authentication System.
- View Dependent Claims (38)
- - 38. The wireless device of claim 37, wherein the challenge request comprises a random number or a secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Syniverse Communications, Inc. (Syniverse Corp.)
Original Assignee
Aicent, Inc. (Syniverse Corp.)
Inventors
Zhang, David Xining, Xu, Huiyue, Li, Bing
Primary Examiner(s)
Ngo, Chuong A

Application Number

US13/299,625
Publication Number

US 20120149334A1
Time in Patent Office

1,257 Days
Field of Search

455/411, 455/432.1, 455/433, 4554351-439, 370328-338, 3703952-39542, 380247-250, 713168-170, 726 1- 10
US Class Current

455/411
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/0892   by using authentication-aut...

H04W 12/068   using credential vaults, e....

Method of and system for extending the WISPr authentication procedure

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method of and system for extending the WISPr authentication procedure

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links