Method of authentication by token

US 9,774,595 B2
Filed: 12/12/2014
Issued: 09/26/2017
Est. Priority Date: 12/12/2013
Status: Active Grant

First Claim

Patent Images

1. A method of authentication by token for accessing a service from a terminal, wherein the method comprises, on receipt of a service access authorization request including at least one unique identifier of the terminal, the following acts:

determining an access network context of the terminal, said access network context referring to a datum relating to the access network used by the terminal, the datum being suitable for identifying a user associated with the access to that access network,checking validity of the service access rights, comprising at least;

checking an access right associated with the access network context of the terminal,determining a number of valid tokens simultaneously associated with the access network context,comparing the number of tokens simultaneously associated with the access network context with a predetermined maximum number of tokens, said maximum number of tokens being greater than one, anddetermining the validity of the rights according to the result of the comparison,after checking the validity, if said access rights are valid;

generating a valid authentication token on the basis of the unique identifier of the terminal and the access network context, andtransmitting the token to the terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for authentication by token for accessing a service from a terminal. The method includes, on receipt of a service access authorization request including at least one unique identifier of the terminal, steps of determining a network access context of the terminal; checking validity of the service access rights, including at least checking an access right associated with the network access context of the terminal; and, if the access rights are valid, generating a valid authentication token on the basis of the unique identifier of the terminal and the network access context, and transmitting the token to the terminal.

Citations

12 Claims

1. A method of authentication by token for accessing a service from a terminal, wherein the method comprises, on receipt of a service access authorization request including at least one unique identifier of the terminal, the following acts:
- determining an access network context of the terminal, said access network context referring to a datum relating to the access network used by the terminal, the datum being suitable for identifying a user associated with the access to that access network,checking validity of the service access rights, comprising at least;
  
  checking an access right associated with the access network context of the terminal,determining a number of valid tokens simultaneously associated with the access network context,comparing the number of tokens simultaneously associated with the access network context with a predetermined maximum number of tokens, said maximum number of tokens being greater than one, anddetermining the validity of the rights according to the result of the comparison,after checking the validity, if said access rights are valid;
  
  generating a valid authentication token on the basis of the unique identifier of the terminal and the access network context, andtransmitting the token to the terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the method furthermore comprises, during the checking of the validity of the service access rights and when the number of valid tokens associated with the access network context exceeds the predetermined maximum number of tokens, an act of revoking at least one valid token.
  - 3. The method according to claim 2, wherein, when the number of revocations in a predetermined time window exceeds a predetermined threshold:
    - the token revocation act is not carried out, andthe service access rights for the terminal are invalidated.
  - 4. The method according to claim 1, wherein, on receipt of a service access request comprising a first unique identifier of the terminal and an authentication token associated with a second unique identifier of the terminal, the method furthermore comprises the following acts:
    - comparing the first and the second unique identifiers of the terminal,determining the validity of the token according to the result of the comparison, andauthorizing access to the requested service if the token is valid.
  - 5. The method according to claim 4, wherein the determination of the validity of the token furthermore includes a check that a date at which the token was generated is within a predetermined time window.
  - 6. The method according to claim 4, wherein the method furthermore comprises, during the determination of the validity of the token, the following acts:
    - comparing a number of granted authorizations included in the token and a number of granted authorizations associated with the token,determining the validity of the token according to the result of the comparison, andif the token is valid;
      
      updating the number of granted authorizations associated with the token,updating the number of granted authorizations included in the token, andtransmitting the updated token to the terminal.
  - 7. The method according to claim 1, wherein the act of determining the access network context of the terminal comprises an act of identifying an owner of the access network used by the terminal.

8. An apparatus comprising a device for authentication by token for accessing a service from a terminal, wherein the device comprises:
- means for receiving a service access authorization request including at least one unique identifier of the terminal,means for determining an access network context of the terminal,means for checking validity of the service access rights, comprising at least;
  
  checking an access right associated with the access network context of the terminal,determining a number of valid tokens simultaneously associated with the access network context,comparing the number of tokens simultaneously associated with the access network context with a predetermined maximum number of tokens, said maximum number of tokens being greater than one, anddetermining the validity of the rights according to the result of the comparison,means for generating a valid authentication token on the basis of the unique identifier of the terminal and the access network context, after checking the validity, andmeans for transmitting the token to the terminal.
- View Dependent Claims (9)
- - 9. The apparatus according to claim 8, wherein the apparatus constitutes a server comprising the device.

10. A non-transitory computer-readable information medium on which a computer program is recorded, including instructions for carrying out a method of authentication by token for accessing a service from a terminal, when the instructions are executed by a processor, wherein the method comprises, on receipt of a service access authorization request including at least one unique identifier of the terminal, the following acts:
- determining an access network context of the terminal, said access context referring to a datum relating to the access network used by the terminal, the datum being suitable for identifying a user associated with the access,checking validity of the service access rights, comprising at least;
  
  checking an access right associated with the access network context of the terminal,determining a number of valid tokens simultaneously associated with the access network context,comparing the number of tokens simultaneously associated with the access network context with a predetermined maximum number of tokens, said maximum number of tokens being greater than one, anddetermining the validity of the rights according to the result of the comparison,after checking the validity, if said access rights are valid;
  
  generating a valid authentication token on the basis of the unique identifier of the terminal and the access network context, andtransmitting the token to the terminal.

11. A method for accessing a service from a terminal, wherein the method comprises the following acts:
- obtaining a unique identifier of the terminal,transmitting a service access request including the unique identifier,receiving an authentication token generated on the basis of the unique identifier of the terminal and an access network context, when the service access request is transmitted from an authorized network access, said access network context referring to a datum relating to the access network used by the terminal, the datum being suitable for identifying a user associated with the access, said token being generated if the number of tokens associated with the access network context does not exceed a predetermined maximum number of tokens, said maximum number of tokens being greater than one, andtransmitting a service access request including the unique identifier of the terminal and the authentication token.

12. A communication terminal having a unique identifier, wherein the terminal comprises:
- a communication unit configured to;
  
  transmit a service access request including the unique identifier,receive an authentication token generated on the basis of the unique identifier of the terminal and an access network context, when the service access request is transmitted from an authorized network access, said access network context referring to a datum relating to the access network used by the terminal, the datum being suitable for identifying a user associated with the access, said token being generated if the number of tokens associated with the access network context does not exceed a predetermined maximum number of tokens, said maximum number of tokens being greater than one, andtransmit a service access request including the unique identifier of the terminal and the authentication token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Omnes, Nathalie, Loras, Frederic, Belin, Pascal, Huet, Gerald
Primary Examiner(s)
Avery, Jeremiah

Application Number

US14/569,059
Publication Number

US 20150172283A1
Time in Patent Office

1,019 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04W 12/08   Access security

Method of authentication by token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method of authentication by token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links