Methods and systems for authenticating a device with multiple network access identifiers

US 9,043,473 B1
Filed: 06/25/2009
Issued: 05/26/2015
Est. Priority Date: 06/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method, performed in a home agent, wherein the home agent is communicatively coupled to an authentication server and to a wireless communication device (WCD), and wherein the home agent contains a binding that associates a home address (HOA) with a first network access identifier (NAI), the method comprising:

receiving, via a communication network from the WCD, a first registration request message, wherein the first registration request message contains at least the HOA and a second NAI, and wherein the WCD is seeking to maintain a session with the home agent;

responsive to receiving the first registration request message, determining that the first NAI and the second NAI are different;

responsive to determining that the first NAI and the second NAI are different, transmitting a first access request message to the authentication server to verify that the first NAI and the second NAI are both associated with the WCD;

receiving, from the authentication server, a first access accept message verifying that the first NAI and the second NAI are both associated with the WCD;

responsive to receiving the first access accept message, updating the binding to associate the HOA with the second NAI; and

transmitting, via the communication network to the WCD, a first registration reply message, thereby informing the WCD that the session with the home agent is maintained.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and devices are presented that allow a wireless communication device (WCD) to use multiple access identifiers (NAIs) in conjunction with a communication session between the WCD and a home agent. The home agent may maintain a binding that reflects the state of the session. Accordingly, the binding may contain a home IP address (HOA) as well as a first NAI. The home agent may then receive a registration request message containing the HOA and a second NAI. In order to avoid potential hijacking attacks from entities other than the WCD, the home agent may, in conjunction with an authentication server, attempt to validate that that first NAI and second NAI are both associated with the WCD. If this is the case, the home agent may update the binding to reflect that the second NAI is associated with the session, and the home agent may maintain the session so that the WCD does not suffer an appreciable interruption in service.

Citations

20 Claims

1. A method, performed in a home agent, wherein the home agent is communicatively coupled to an authentication server and to a wireless communication device (WCD), and wherein the home agent contains a binding that associates a home address (HOA) with a first network access identifier (NAI), the method comprising:
- receiving, via a communication network from the WCD, a first registration request message, wherein the first registration request message contains at least the HOA and a second NAI, and wherein the WCD is seeking to maintain a session with the home agent;
  
  responsive to receiving the first registration request message, determining that the first NAI and the second NAI are different;
  
  responsive to determining that the first NAI and the second NAI are different, transmitting a first access request message to the authentication server to verify that the first NAI and the second NAI are both associated with the WCD;
  
  receiving, from the authentication server, a first access accept message verifying that the first NAI and the second NAI are both associated with the WCD;
  
  responsive to receiving the first access accept message, updating the binding to associate the HOA with the second NAI; and
  
  transmitting, via the communication network to the WCD, a first registration reply message, thereby informing the WCD that the session with the home agent is maintained.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein receiving the first registration request message containing at least the HOA and the second NAI is indicative of the WCD handing off from a first wireless network to a second wireless network.
  - 3. The method of claim 1, further comprising:
    - after updating the binding to associate the HOA with the second NAI, receiving, via the communication network from the WCD, a second registration request message, wherein the second registration request message contains at least the HOA and the first NAI, and wherein the WCD is seeking to maintain the session with the home agent;
      
      responsive to receiving the second registration request message, determining that the first NAI and the second NAI are different;
      
      responsive to determining that the first NAI and the second NAI are different, transmitting a second access request message to the authentication server to verify that the first NAI and the second NAI are both associated with the WCD;
      
      receiving, from the authentication server, a second access accept message verifying that the first NAI and the second NAI are both associated with the WCD;
      
      responsive to receiving the second access accept message, updating the binding to associate the HOA with the first NAI; and
      
      transmitting, via the communication network to the WCD, a second registration reply message, thereby informing the WCD that the session with the home agent is maintained.
  - 4. The method of claim 3, wherein receiving the second registration request message containing at least the HOA and the first NAI is indicative of the WCD handing off from a second wireless network to a first wireless network.
  - 5. The method of claim 1, further comprising:
    - after updating the binding to associate the HOA with the second NAI, receiving, via the communication network, a second registration request message, wherein the second registration request message contains at least the HOA and a third NAI;
      
      responsive to receiving the second registration request message, determining that the third NAI and the second NAI are different;
      
      responsive to determining that the third NAI and the second NAI are different, transmitting a second access request message to the authentication server to verify that the third NAI and the second NAI are both associated with the WCD;
      
      receiving, from the authentication server, an access reject message indicating that the third NAI and the second NAI are not both associated with the WCD; and
      
      responsive to receiving the access reject message, maintaining the binding to associate the HOA with the second NAI.
  - 6. The method of claim 1, further comprisingafter updating the binding to associate the HOA with the second NAI, receiving, via the communication network from the WCD, a second registration request message, wherein the second registration request message contains at least the HOA and a third NAI, and wherein the WCD is seeking to maintain the session with the home agent;
    - responsive to receiving the second registration request message, determining that the third NAI and the second NAI are different;
      
      responsive to determining that the third NAI and the second NAI are different, transmitting a second access request message to the authentication server to verify that the third NAI and the second NAI are both associated with the WCD;
      
      receiving, from the authentication server, a second access accept message verifying that the third NAI and the second NAI are both associated with the WCD;
      
      responsive to receiving the second access accept message, updating the binding to associate the HOA with the third NAI; and
      
      transmitting, to the WCD and via the communication network, a second registration reply message, thereby informing the WCD that the session with the home agent is maintained.
  - 7. The method of claim 1, wherein the binding is maintained in a database of bindings, and wherein determining that the first NAI and the second NAI are different comprises:
    - looking up the binding, using the HOA as a key, in the database of bindings;
      
      finding the binding in the database; and
      
      comparing the first NAI, as it appears in the binding, to the second NAI.
  - 8. The method of claim 1, wherein updating the binding to associate the HOA with the second NAI comprises:
    - overwriting the first NAI in the binding with the second NAI.
  - 9. The method of claim 1, wherein the binding also contains a first care of address (COA) associated with both the HOA and the first NAI, the method further comprising:
    - transmitting bearer traffic to the WCD via a first tunnel, wherein the first COA is an endpoint of the first tunnel.
  - 10. The method of claim 9, wherein the first registration request message also contains a second COA, wherein updating the binding to associate the HOA with the second NAI comprises:
    - overwriting the first COA in the binding with the second COA; and
      
      transmitting bearer traffic to the WCD via a second tunnel, wherein the second COA is an endpoint of the second tunnel.

11. A home agent communicatively coupled to an authentication server and to a wireless communication device (WCD), the home agent comprising:
- a memory containing at least a binding that associates a home address (HOA) with a first network access identifier (NAI);
  
  a first logical interface for communicating with the WCD;
  
  a second logical interface for communicating with the authentication server;
  
  a processor, capable of executing program logic, stored in the memory, to perform the functions of (1) receiving, via the first logical interface, a first registration request message containing at least the HOA and a second NAI, (2) responsive to receiving the first registration request message, determining that the first NAI and the second NAI are different, (3) responsive to determining that the first NAI and the second NAI are different, transmitting, via the second logical interface, a first access request message to verify that the first NAI and the second NAI are both associated with the WCD, (4) receiving, via the second logical interface, a first access accept message verifying that the first NAI and the second NAI are both associated with the WCD, (5) responsive to receiving the first access accept message, updating the binding to associate the HOA with the second NAI in the first memory, and (6) transmitting, via the first logical interface, a first registration reply message, thereby informing the WCD that the binding has been updated.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The home agent of claim 11, wherein the first registration request message containing at least the HOA and the second NAI is indicative of the WCD handing off from a first wireless network to a second wireless network.
  - 13. The home agent of claim 11, wherein the processor is also capable of executing program logic, stored in the memory, to perform the functions of (1) after updating the binding to associate the HOA with the second NAI, receiving, via the first logical interface, a second registration request message containing at least the HOA and the first NAI, (2) responsive to receiving the second registration request message, determining that the first NAI and the second NAI are different, (3) responsive to determining that the first NAI and the second NAI are different, transmitting, via the second logical interface, a second access request message to verify that the first NAI and the second NAI are both associated with the WCD, (4) receiving, via the second logical interface, a second access accept message verifying that the first NAI and the second NAI are both associated with the WCD, (5) responsive to receiving the second access accept message, updating the binding to associate the HOA with the first NAI, and (6) transmitting, via the first logical interface, a second registration reply message, thereby informing the WCD that the binding has been updated.
  - 14. The home agent of claim 11, wherein the processor is also capable of executing program logic, stored in the memory, to perform the functions of (1) after updating the binding to associate the HOA with the second NAI, receiving, via the first logical interface, a second registration request message containing at least the HOA and a third NAI, (2) responsive to receiving the second registration request message, determining that the third NAI and the second NAI are different, (3) responsive to determining that the third NAI and the second NAI are different, transmitting, via the second logical interface, a second access request message to verify that the third NAI and the second NAI are both associated with the WCD, (4) receiving, via the second logical interface, an access reject message indicating that the third NAI and the second NAI are not both associated with the WCD, and (5) responsive to receiving the access reject message, maintaining the binding to associate the HOA with the second NAI.
  - 15. The home agent of claim 11, wherein the processor is also capable of executing program logic, stored in the memory, to perform the functions of (1) after updating the binding to associate the HOA with the second NAI, receiving, via the first logical interface, a second registration request message containing at least the HOA and a third NAI, (2) responsive to receiving the second registration request message, determining that the third NAI and the second NAI are different, (3) responsive to determining that the third NAI and the second NAI are different, transmitting, via the second logical interface, a second access request message to the authentication server to verify that the third NAI and the second NAI are both associated with the WCD, (4) receiving, via the second logical interface, a second access accept message verifying that the third NAI and the second NAI are both associated with the WCD, (5) responsive to receiving the second access accept message, updating the binding to associate the HOA with the third NAI, and (6) transmitting, via the first logical interface, a second registration reply message, thereby informing the WCD that the binding has been updated.
  - 16. The home agent of claim 11, wherein the binding in the memory also contains a first care of address (COA) associated with both the HOA and the first NAI, and wherein the processor is also capable of executing program logic, stored in the memory, to perform the function of transmitting bearer traffic to the WCD via a first tunnel, wherein the first COA is an endpoint of the first tunnel.

17. A communication system comprising:
- a wireless communication device (WCD);
  
  an authentication server maintaining a profile of the WCD, wherein the profile contains a first network access identifier (NAI) and a second NAI;
  
  a home agent communicatively coupled to the WCD and the authentication server, wherein the home agent contains a binding between a home address (HOA) and the first NAI,wherein the WCD undergoes a handoff from a first wireless network to a second wireless network,wherein, in response to the handoff, the WCD transmits a registration request message, containing at least the HOA and a second NAI, to the home agent, seeking to maintain a session with the home agent,wherein the home agent, in response to receiving the registration request message, determines that the first NAI and the second NAI are different,wherein the home agent, in response to determining that the first NAI and the second NAI are different, transmits an access request message, containing at least the HOA and the second NAI, to the authentication server,wherein the authentication server verifies that the first NAI and the second NAI are both associated with the WCD,wherein the authentication server transmits an access accept message to the home agent,wherein, the home agent, in response to receiving the access accept message, updates the binding to associate the HOA with the second NAI, andwherein the home agent transmits a registration reply message to the WCD, thereby informing the WCD that the session with the home agent is maintained.
- View Dependent Claims (18, 19, 20)
- - 18. The communication system of claim 17, wherein the WCD is configured to use the first NAI while on the first wireless network, and to use the second NAI while on the second wireless network.
  - 19. The communication system of claim 17, wherein the profile also contains a third NAI that is associated with a third wireless network.
  - 20. The communication system of claim 17, wherein the home agent contains a database of bindings, and wherein the home agent determining that the first NAI and the second NAI are different comprises:
    - the home agent looking up the binding, using the HOA as a key, in the database of bindings;
      
      the home agent finding the binding in the database; and
      
      the home agent comparing the first NAI, as it appears in the binding, to the second NAI.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Spectrum LLC (Deutsche Telekom AG)
Original Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Inventors
Breau, Jeremy R., Belser, John E., Georgiou, George A.
Primary Examiner(s)
Kim, Hee Soo

Application Number

US12/491,888
Time in Patent Office

2,161 Days
Field of Search

709/227
US Class Current

709/227
CPC Class Codes

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

H04W 80/04   Network layer protocols, e....

Methods and systems for authenticating a device with multiple network access identifiers

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for authenticating a device with multiple network access identifiers

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links