System and method for providing a certificate for network access

US 9,825,936 B2
Filed: 03/03/2015
Issued: 11/21/2017
Est. Priority Date: 03/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method of providing a certificate for based secured wireless network layer access in response to a user request comprising:

identifying a first system having at least one processor and a plurality of users, each user having at least one attribute;

receiving from a third party at least one predefined required attribute for secured network layer access upon a second system providing a secured wireless network, the secured wireless network requiring a Public Key Infrastructure (“

PKI”

) certificate for network layer authentication to the wireless network;

receiving from a user known to the first system a request for certificate based network layer network access to a second system having at least one processor, the request having at least one identifier;

querying the first system with the at least one identifier for attributes associated with the user requesting the certificate based network layer network access to a second system;

evaluating the attributes associated with the user requesting the certificate to the least one predefined required attribute for the PKI certificate in order to access the second system; and

in response to at least one attribute associated with the user requesting the PKI certificate correlating to the at least one predefined required attribute, providing the requesting user with a PKI certificate with at least one characteristic for certificate based network layer authentication for network layer access to the secured wireless network of the secured second system, the second system distinct from the first, the PKI certificate provided from a system other than the first system;

wherein a first user having a first set of correlating attributes is provided with a PKI certificate permitting different access than a second user having a second set of correlating attributes, the first and second sets being different with respect to at least one correlated attribute.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system. The method includes, identifying a first system having at least one processor and a plurality of users, each user having at least one attribute; receiving from a third party at least one required attribute for certificate based network access; receiving from a user known to the first system a request for certificate based network layer network access to a second system having at least one processor, the request having at least one identifier; querying the first system with the at least one identifier for attributes associated with the user requesting the certificate based network layer network access to a second system; evaluating the attributes associated with the user requesting the certificate to the at least one predefined attribute; and in response to at least one attribute associated with the user requesting the certificate correlating to the at least one predefined attribute, providing from a system other than the first system, as requested by the user a certificate with at least one characteristic for certificate based network layer network access on the second system, the second system distinct from the first system. An associated system for providing a Certificate is also provided.

Citations

44 Claims

1. A method of providing a certificate for based secured wireless network layer access in response to a user request comprising:
- identifying a first system having at least one processor and a plurality of users, each user having at least one attribute;
  
  receiving from a third party at least one predefined required attribute for secured network layer access upon a second system providing a secured wireless network, the secured wireless network requiring a Public Key Infrastructure (“
  
  PKI”
  
  ) certificate for network layer authentication to the wireless network;
  
  receiving from a user known to the first system a request for certificate based network layer network access to a second system having at least one processor, the request having at least one identifier;
  
  querying the first system with the at least one identifier for attributes associated with the user requesting the certificate based network layer network access to a second system;
  
  evaluating the attributes associated with the user requesting the certificate to the least one predefined required attribute for the PKI certificate in order to access the second system; and
  
  in response to at least one attribute associated with the user requesting the PKI certificate correlating to the at least one predefined required attribute, providing the requesting user with a PKI certificate with at least one characteristic for certificate based network layer authentication for network layer access to the secured wireless network of the secured second system, the second system distinct from the first, the PKI certificate provided from a system other than the first system;
  
  wherein a first user having a first set of correlating attributes is provided with a PKI certificate permitting different access than a second user having a second set of correlating attributes, the first and second sets being different with respect to at least one correlated attribute.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the network layer network access is OSI Layer 2-3 access.
  - 3. The method of claim 1, wherein network access to the second system is established based upon the PKI certificate before an application layer may request a user name and password.
  - 4. The method of claim 1, wherein without a PKI certificate the user cannot establish network access with the second system.
  - 5. The method of claim 1, wherein the at least one predefined required attribute is user information.
  - 6. The method of claim 5, wherein the user information is selected from the group consisting of:
    - username, email address, city, state, gender, age, relationship status.
  - 7. The method of claim 1, wherein the predefined required attribute is specified by the second system.
  - 8. The method of claim 1, wherein the PKI certificate is an X.509 certificate.
  - 9. The method of claim 1, wherein the at least one characteristic of the PKI certificate is selected from a group consisting of root certificate authority, intermediate certificate authority, time period, common name, subject name, subject'"'"'s alternative name.

10. A method of providing a certificate for certificate based secured wireless network layer access in response to a user request comprising:
- identifying a first system having at least one processor and a plurality of users, each user having at least one attribute;
  
  receiving from a third party at least one predefined required attribute for secured network layer access upon a second system providing a secured wireless network, the secured wireless network requiring a Public Key Infrastructure (“
  
  PKI”
  
  ) certificate for network layer authentication to the wireless network;
  
  receiving from a user known to the first system a request for OSI Layer 2-3 network access to a second system having at least one processor and distinct from the first system, the request having at least one identifier;
  
  querying the first system with the at least one identifier for attributes associated with the user requesting the certificate based network layer network access to a second system;
  
  evaluating the attributes associated with the user requesting the certificate to the at least one predefined required attribute for the PKI certificate in order to access the second system; and
  
  in response to at least one attribute associated with the user requesting the PKI certificate correlating to the at least one predefined required attribute, providing the requesting user with a PKI certificate with at least one characteristic for certificate based network layer authentication for network OSI Layer 2-3 access to the secured wireless network of the secured second system, the second system distinct form from the first, the PKI certificate provided from a system other than the first system;
  
  wherein a first user having a first set of correlating attributes is provided with a certificate permitting different access than a second user having a second set of correlating attributes, the first and second sets being different with respect to at least one correlated attribute.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein network access to the second system is established based upon the PKI certificate before an application layer may request a user name and password.
  - 12. The method of claim 10, wherein without a PKI certificate the user cannot establish network access with the second system.
  - 13. The method of claim 10, wherein the at least one predefined required attribute is user information.
  - 14. The method of claim 10, wherein the user information is selected from the group consisting of:
    - username, email address, city, state, gender, age, relationship status.
  - 15. The method of claim 10, wherein the predefined required attribute is specified by the second system.
  - 16. The method of claim 10, wherein the PKI certificate is an X.509 certificate.
  - 17. The method of claim 10, wherein the at least one characteristic of the PKI certificate is selected from a group consisting of root certificate authority, intermediate certificate authority, time period, common name, subject name, subject'"'"'s alternative name.

18. A non-transitory machine readable medium on which is stored a computer program for providing a certificate for based secured wireless network layer access in response to a user request for network access, the computer program comprising instructions which when executed by a computer system having at least one processor performs the steps of:
- identifying a first system having at least one processor and a plurality of users, each user having at least one attribute;
  
  receiving from a third party at least one predefined required attribute for secured network layer access upon a second system providing a secured wireless network, the secured wireless network requiring a Public Key Infrastructure (“
  
  PKI”
  
  ) certificate for network layer authentication to the wireless network;
  
  receiving from a user known to the first system a request for certificate based network layer network access to a second system having at least one processor, the request having at least one identifier;
  
  querying the first system with the at least one identifier for attributes associated with the user requesting the certificate based network layer network access to a second system;
  
  evaluating the attributes associated with the user requesting the certificate to the least one predefined required attribute for the PKI certificate in order to access the second system; and
  
  in response to at least one attribute associated with the user requesting the PKI certificate correlating to the at least one predefined required attribute, providing the requesting user with a PKI certificate with at least one characteristic for certificate based network layer authentication for network layer access to the secured wireless network of the secured second system, the second system distinct from the first, the PKI certificate provided from a system other than the first system;
  
  wherein a first user having a first set of correlating attributes is provided with a certificate permitting different access than a second user having a second set of correlating attributes, the first and second sets being different with respect to at least one correlated attribute.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The non-transitory machine readable medium of claim 18, wherein the network layer network access is OSI Layer 2-3 access.
  - 20. The non-transitory machine readable medium of claim 18, wherein network access to the second system is established based upon the PKI certificate before an application layer may request a user name and password.
  - 21. The non-transitory machine readable medium of claim 18, wherein without a PKI certificate the user cannot establish network access with the second system.
  - 22. The non-transitory machine readable medium of claim 18, wherein the at least one predefined required attribute is user information.
  - 23. The non-transitory machine readable medium of claim 18, wherein the user information is selected from the group consisting of:
    - username, email address, city, state, gender, age, relationship status.
  - 24. The non-transitory machine readable medium of claim 18, wherein the predefined required attribute is specified by the second system.
  - 25. The non-transitory machine readable medium of claim 18, wherein the PKI certificate is an X.509 certificate.
  - 26. The non-transitory machine readable medium of claim 18, wherein the at least one characteristic of the PKI certificate is selected from a group consisting of root certificate authority, intermediate certificate authority, time period, common name, subject name, subject'"'"'s alternative name.

27. A non-transitory machine readable medium on which is stored a computer program comprising instructions to adapt a computer system having a processor to provide a certificate for certificate based secured wireless network layer access in response to a user request for network access, the computer program comprising:
- an input routine operative associated with an input device for receiving from a third party at least one predefined required attribute as criteria for receiving a Public Key Infrastructure (“
  
  PKI”
  
  ) certificate for secured network layer access upon a second system providing a secured wireless network, the secured wireless network requiring a PKI certificate for network layer authentication to the wireless network, and for receiving from a user authenticated to a first system a request for certificate based OSI Layer 2-3 wireless network access to a second system distinct from the first system, the request having at least one identifier;
  
  a query routine for querying the first system with the at least one identifier for attributes associated with the user requesting the certificate based secured wireless network access and evaluating the associated attributers to the predefined required attribute for the PKI certificate in order to access the second system, the querying performed by other than one of the user requesting the PKI certificate; and
  
  an output routine for providing the requesting user with a PKI certificate with at least one characteristic for certificate based network layer authentication for network OSI Layer 2-3 access to the secured wireless network of the secured second system, the second system distinct from the first, the PKI certificate provided from a system other than the first system;
  
  wherein a first user having a first set of correlating attributes is provided with a certificate permitting different access than a second user having a second set of correlating attributes, the first and second sets being different with respect to at least one correlated attribute.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The non-transitory machine readable medium of claim 27, wherein the network layer network access is OSI Layer 2-3 access.
  - 29. The non-transitory machine readable medium of claim 27, wherein network access to the second system is established based upon the PKI certificate before an application layer may request a user name and password.
  - 30. The non-transitory machine readable medium of claim 27, wherein without a PKI certificate the user cannot establish network access with the second system.
  - 31. The non-transitory machine readable medium of claim 27, wherein the at least one predefined required attribute is user information.
  - 32. The non-transitory machine readable medium of claim 27, wherein the user information is selected from the group consisting of:
    - username, email address, city, state, gender, age, relationship status.
  - 33. The non-transitory machine readable medium of claim 27, wherein the predefined required attribute is specified by the second system.
  - 34. The non-transitory machine readable medium of claim 27, wherein the PKI certificate is an X.509 certificate.
  - 35. The non-transitory machine readable medium of claim 27, wherein the at least one characteristic of the PKI certificate is selected from a group consisting of root certificate authority, intermediate certificate authority, time period, common name, subject name, subject'"'"'s alternative name.

36. A system for providing a certificate for based secured wireless network layer access in response to a third party request comprising:
- a first system having at least one processor structured and arranged as a single sign on system having a plurality of user accounts corresponding to a plurality of users remote from the first system;
  
  a third party structured and arranged to establish at least one predefined required attribute for receiving a Public Key Infrastructure (“
  
  PKI”
  
  ) certificate permitting secured network layer access upon a second system providing a secured wireless network, the secured wireless network requiring a PKI certificate for network layer authentication to the wireless network, the second system having at least one processor, the second system distinct from the first system; and
  
  an authorizing system structured and arranged to receive from the third party the at least one predefined required attribute for the PKI certificate in order to access the second system, and in response to a request from a user of the first system for a PKI certificate for certificate based network access to the second system the authorizing system further structured and arranged to access the first system to query the remote user accounts for attributes associated with at least one user, the authorizing system providing a PKI certificate with at least one characteristic derived from the attributes associated with the requesting user for certificate based network layer authentication to the secured wireless network of the secured second system to at least one requesting user having at least one attribute associated with the requesting user correlated to the at least one predefined required attribute;
  
  wherein a first user having a first set of correlating attributes is provided with a certificate permitting different access than a second user having a second set of correlating attributes, the first and second sets being different with respect to at least one correlated attribute.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44)
- - 37. The system of claim 36, wherein the network layer network access is OSI Layer 2-3 access.
  - 38. The system of claim 36, wherein network access to the second system is established based upon the PKI certificate before an application layer may request a user name and password.
  - 39. The system of claim 36, wherein without a PKI certificate the user cannot establish network access with the second system.
  - 40. The system of claim 36, wherein the at least one predefined required attribute is user information.
  - 41. The system of claim 36, wherein the user information is selected from the group consisting of:
    - username, email address, city, state, gender, age, relationship status.
  - 42. The system of claim 36, wherein the predefined required attribute is specified by the second system.
  - 43. The system of claim 36, wherein the PKI certificate is an X.509 certificate.
  - 44. The system of claim 36, wherein the at least one characteristic of the PKI certificate is selected from a group consisting of root certificate authority, intermediate certificate authority, time period, common name, subject name, subject'"'"'s alternative name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
Cloudpath Networks, Inc. (CommScope Holding Company, Inc.)
Inventors
Koster, Kevin Lee, Haney, Roger Lynn
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
MALINOWSKI, WALTER J

Application Number

US14/637,381
Publication Number

US 20160261587A1
Time in Patent Office

994 Days
Field of Search

726 3, 726 8, 726 10, 713156, 713182
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/51   at application loading time...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

H04W 12/069   using certificates or pre-s...

System and method for providing a certificate for network access

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing a certificate for network access

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links