Sponsored connectivity to cellular networks using existing credentials

US 9,769,665 B2
Filed: 04/25/2017
Issued: 09/19/2017
Est. Priority Date: 03/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method for enabling access to a sponsored service by an application service provider server, comprising:

receiving, from an intervening network through which the application service provider server sponsors access to the service, an authentication information request based on an attach request from a user equipment (UE), the authentication information request comprising a client token based on a pre-existing credential associated with the UE and established with the application service provider server, the client token being unrecognizable as a cellular access credential to the network;

determining, by the application service provider server, authentication information based on the pre-existing credential accessible by the application service provider server in response to the authentication information request; and

transmitting, from the application service provider server, the authentication information in a response to the network, wherein the authentication information configured to assist in authentication between the UE and the network for sponsored access to the service based on the pre-existing credential.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques are disclosed to facilitate the sponsored connectivity of a user equipment on a serving network so that the UE may access a service whose connectivity is sponsored by an application service provider. The application service provider provisions the serving network so that it is aware of the sponsored connectivity. In an attach attempt to the serving network, the UE provides a client token based on a pre-existing credential (established between the UE and the application service provider) instead of a subscriber identifier with the attach request. The application service provider'"'"'s server validates the access credential to authenticate the UE and provides information that the serving network uses to mutually authenticate with the UE. The UE may then use the serving network to access the service via the sponsored connection, even where the UE does not have a subscriber identity and subscription with a cellular network.

Citations

18 Claims

1. A method for enabling access to a sponsored service by an application service provider server, comprising:
- receiving, from an intervening network through which the application service provider server sponsors access to the service, an authentication information request based on an attach request from a user equipment (UE), the authentication information request comprising a client token based on a pre-existing credential associated with the UE and established with the application service provider server, the client token being unrecognizable as a cellular access credential to the network;
  
  determining, by the application service provider server, authentication information based on the pre-existing credential accessible by the application service provider server in response to the authentication information request; and
  
  transmitting, from the application service provider server, the authentication information in a response to the network, wherein the authentication information configured to assist in authentication between the UE and the network for sponsored access to the service based on the pre-existing credential.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the pre-existing credential is based on a password established with the application service provider server generated via an out-of-band channel and the authentication information request includes a user name associated with the password and the application service provider server, the determining further comprising:
    - verifying, by the application service provider server, the user name and client token based on one or more records accessible by the application service provider server, wherein the client token comprises the pre-existing credential hashed with a first value and the pre-existing credential comprises the password hashed with a second value.
  - 3. The method of claim 2, further comprising:
    - generating, by the application service provider server, an authentication vector comprising a shared key, authentication token, and expected response based on the pre-existing credential.
  - 4. The method of claim 1, wherein the receiving further comprises:
    - providing, by the application service provider server, the client token to the UE for the UE to use as proof of possessing the pre-existing credential prior to receiving the authentication information request.
  - 5. The method of claim 1, further comprising:
    - agreeing, after the receiving, upon a shared secret key based on a handshake between the UE and the application service provider server;
      
      determining, by the application service provider server, a base key based on the shared secret key; and
      
      generating, by the application service provider server, an authentication vector comprising the base key, an authentication token, and an expected response based on the pre-existing credential.
  - 6. The method of claim 1, further comprising:
    - providing, prior to receiving the authentication information request, a list of trusted networks to the UE.

7. An application service provider server that sponsors access to a service, comprising:
- a transceiver configured to receive, from an intervening network through which the application service provider server sponsors access to the service, an authentication information request based on an attach request from a user equipment (UE), the authentication information request comprising a client token based on a pre-existing credential established with the application service provider server and being unrecognizable as a cellular access credential to the network; and
  
  a processor configured to determine authentication information based on the pre-existing credential accessible by the application service provider server in response to the authentication information request,wherein the transceiver is further configured to transmit the authentication information in a response to the network, andwherein the authentication information assists in authentication between the UE and the network for sponsored access to the service based on the pre-existing credential.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The application service provider server of claim 7, wherein the pre-existing credential is based on a password established with the application service provider server generated via an out-of-band channel and the authentication information request includes a user name associated with the password and the application service provider server, the processor being further configured to:
    - verify the user name and client token based on one or more records accessible by the application service provider server, wherein the client token comprises the pre-existing credential hashed with a first value and the pre-existing credential comprises the password hashed with a second value.
  - 9. The application service provider server of claim 8, wherein the processor is further configured to:
    - generate an authentication vector comprising a shared key, authentication token, and expected response based on the pre-existing credential.
  - 10. The application service provider server of claim 7, wherein the transceiver is further configured to:
    - provide the client token to the UE for the UE to use as proof of possessing the pre-existing credential prior to receiving the authentication information request.
  - 11. The application service provider server of claim 7, wherein the processor is further configured to:
    - agree, after receiving the authentication information request, upon a shared secret key based on a handshake between the UE and the application service provider server;
      
      determine a base key based on the shared secret key; and
      
      generate an authentication vector comprising the base key, an authentication token, and an expected response based on the pre-existing credential.
  - 12. The application service provider server of claim 7, wherein the processor is further configured to provide, prior to receiving the authentication information request, a list of trusted networks to the UE.

13. A non-transitory computer-readable medium having program code recorded thereon, the program code comprising:
- code for causing an application service provider server to receive, from an intervening network through which the application service provider server sponsors access to a service, an authentication information request based on an attach request from a user equipment (UE), the authentication information request comprising a client token based on a pre-existing credential associated and established with the application service provider server, the client token being unrecognizable as a cellular access credential to the network;
  
  code for causing the application service provider server to determine authentication information based on the pre-existing credential accessible by the application service provider server in response to the authentication information request; and
  
  code for causing the application service provider server to transmit the authentication information in a response to the network, wherein the authentication information assists in authentication between the UE and the network for sponsored access to the service based on the pre-existing credential.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the access credential is based on a password established with the application service provider server generated via an out-of-band channel and the authentication information request includes a user name associated with the password and the application service provider server, further comprising:
    - code for causing the application service provider server to verify the user name and client token based on one or more records accessible by the application service provider server, wherein the client token comprises the pre-existing credential hashed with a first value and the pre-existing credential comprises the password hashed with a second value.
  - 15. The non-transitory computer-readable medium of claim 14, further comprising:
    - code for causing the application service provider server to generate an authentication vector comprising a shared key, authentication token, and expected response based on the pre-existing credential.
  - 16. The non-transitory computer-readable medium of claim 13, further comprising:
    - code for causing the application service provider server to provide the client token to the UE for the UE to use as proof of possessing the pre-existing credential prior to receiving the authentication information request.
  - 17. The non-transitory computer-readable medium of claim 13, further comprising:
    - code for causing the application service provider server to agree, after receiving the authentication information request, upon a shared secret key based on a handshake between the UE and the server;
      
      code for causing the application service provider server to determine a base key based on the shared secret key; and
      
      code for causing the application service provider server to generate an authentication vector comprising the base key, an authentication token, and an expected response based on the pre-existing credential.
  - 18. The non-transitory computer-readable medium of claim 13, further comprising:
    - code for causing the application service provider server to provide, prior to receiving the authentication information request, a list of trusted networks to the UE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Lee, Soo Bum, Palanigounder, Anand, Horn, Gavin Bernard
Primary Examiner(s)
LE, DANH C

Application Number

US15/496,502
Publication Number

US 20170230829A1
Time in Patent Office

147 Days
Field of Search

455411, 4555501, 455418, 380270, 726 8
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04L 63/18   using different networks or...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/085   Secret sharing or secret sp...

H04W 12/06   Authentication

H04W 12/062   Pre-authentication

H04W 12/08   Access security

Sponsored connectivity to cellular networks using existing credentials

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Sponsored connectivity to cellular networks using existing credentials

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links