Zero sign-on authentication

US 9,961,067 B2
Filed: 02/09/2015
Issued: 05/01/2018
Est. Priority Date: 06/30/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being for:

determining a credential request received from the device through a first access point of the plurality of access points, the credential request being issued to request a trust credential for authenticating access to the media services;

determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request;

facilitating transport of the trust credential through the first access point to the device if the first access point is determined to be trusted;

denying transport of the trust credential through the first access point to the device if the first access point is determined to be untrusted;

determining a media request received from the device through a second access point of the plurality of access points, the media request being issued to request access to the media services through the second access point;

determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;

facilitating ZSO access to the media services through the second access point if the second access point is trusted and the trust credential was transported to the device; and

facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is received from the device through the second access point;

determining the first access point to be trusted if the identifying information included with the credential request includes an Internet protocol (IP) address within a trusted domain and to be untrusted if the IP address fails to be within the trusted domain;

determining a home network associated with a user of the device and previously determined to be trusted;

determining the trust credential to be one of expired and unexpired; and

providing the device instructions to return to the home network to re-issue the credential request if transport of the trust credential is denied due to the first access point being untrusted and the trust credential is expired.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device.

37 Citations

View as Search Results

11 Claims

1. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being for:
- determining a credential request received from the device through a first access point of the plurality of access points, the credential request being issued to request a trust credential for authenticating access to the media services;
  
  determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request;
  
  facilitating transport of the trust credential through the first access point to the device if the first access point is determined to be trusted;
  
  denying transport of the trust credential through the first access point to the device if the first access point is determined to be untrusted;
  
  determining a media request received from the device through a second access point of the plurality of access points, the media request being issued to request access to the media services through the second access point;
  
  determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;
  
  facilitating ZSO access to the media services through the second access point if the second access point is trusted and the trust credential was transported to the device; and
  
  facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is received from the device through the second access point;
  
  determining the first access point to be trusted if the identifying information included with the credential request includes an Internet protocol (IP) address within a trusted domain and to be untrusted if the IP address fails to be within the trusted domain;
  
  determining a home network associated with a user of the device and previously determined to be trusted;
  
  determining the trust credential to be one of expired and unexpired; and
  
  providing the device instructions to return to the home network to re-issue the credential request if transport of the trust credential is denied due to the first access point being untrusted and the trust credential is expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1 further comprising the non-transitory instruction being for determining the IP address to be a source address added to the credential request by the first access point, the source address being previously included within the credential request by the device as a destination address.
  - 3. The non-transitory computer-readable medium of claim 1 further comprising the non-transitory instructions being for:
    - determining the first access point to also be trusted if the identifying information included with the credential request includes a Media Access Control (MAC) address within a trusted domain and to also be untrusted if the MAC address fails to be within the trusted domain; and
      
      facilitating the ZSO access by delivering signaling to the device to access the media services without requiring a user of the device to correspondingly sign-on or enter a password as part of an authentication process required before permitting access to the media services.
  - 4. The non-transitory computer-readable medium of claim 3 further comprising the non-transitory instructions being for:
    - polling a plurality of termination stations operable with the plurality of access points to provide the media services thereto, including determining whether any of the termination station have a duplicate of the MAC address; and
      
      determining the first access point to be untrusted if the MAC address is within the trusted domain and the duplicate is determined.
  - 5. The non-transitory computer-readable medium of claim 1 further comprising the non-transitory instructions being for instructing the device to transport a user identifier input to the device while connected to the second access point to facilitate non-ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is either not received from the device through the second access point or the trust credential is expired.
  - 6. The non-transitory computer-readable medium of claim 1 further comprising the non-transitory instructions being for:
    - determining a device identifier included within the media request for relating the device to the trust credential;
      
      facilitating the ZSO access to the media services through the second access point as function of the device identifier without requiring the device to transport the trust credential through the second access point if the second access point is trusted; and
      
      facilitating the ZSO access by delivering signaling to the device to access the media services without requiring a user of the device to correspondingly sign-on or enter a password as part of an authentication process required before permitting access to the media services.
  - 7. The non-transitory computer-readable medium of claim 1 further comprising the non-transitory instructions being for:
    - receiving the trust credential from the device through the second access point prior to facilitating the ZSO access to the media services; and
      
      limiting the ZSO access according to entitlements associated with the received trust credential.

8. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being for:
- determining a credential request received from the device through a first access point of the plurality of access points, the credential request being issued to request a trust credential for authenticating access to the media services;
  
  determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request;
  
  facilitating transport of the trust credential through the first access point to the device if the first access point is determined to be trusted;
  
  denying transport of the trust credential through the first access point to the device if the first access point is determined to be untrusted;
  
  determining a media request received from the device through a second access point of the plurality of access points, the media request being issued to request access to the media services through the second access point;
  
  determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;
  
  facilitating ZSO access to the media services through the second access point if the second access point is trusted and the trust credential was previously transported to the device;
  
  facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is received from the device through the second access point;
  
  determining the first access point to be trusted if the identifying information included with the credential request includes an Internet protocol (IP) address within a trusted domain and to be untrusted if the IP address fails to be within the trusted domain;
  
  determining a home network associated with a user of the device and previously determined to be trusted;
  
  determining the trust credential to be one of expired and unexpired proximate in time to issuance of the media request; and
  
  providing the device instructions to return to the home network to re-issue the credential request if the second access point is untrusted and the trust credential is expired.
- View Dependent Claims (9)
- - 9. The non-transitory computer-readable medium of claim 8 further comprising the non-transitory instruction being for determining the IP address to be a source address added to the credential request by the first access point, the source address being previously included within the credential request by the device as a destination address.

10. A method for authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the method comprising:
- determining a credential request received from the device through a first access point of the plurality of access points, the credential request being issued to request a trust credential for authenticating access to the media services;
  
  determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request;
  
  facilitating transport of the trust credential through the first access point to the device if the first access point is determined to be trusted;
  
  denying transport of the trust credential through the first access point to the device if the first access point is determined to be untrusted;
  
  determining a media request received from the device through a second access point of the plurality of access points, the media request being issued to request access to the media services through the second access point;
  
  determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;
  
  facilitating ZSO access to the media services through the second access point if the second access point is trusted and the trust credential was previously transported to the device;
  
  facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is received from the device through the second access point;
  
  determining the first access point to be trusted if the identifying information included with the credential request includes an Internet protocol (IP) address within a trusted domain and to be untrusted if the IP address fails to be within the trusted domain;
  
  determining a home network associated with a user of the device and previously determined to be trusted;
  
  determining the trust credential to be one of expired and unexpired proximate in time to issuance of the media request; and
  
  providing the device instructions to return to the home network to re-issue the credential request if the second access point is untrusted and the trust credential is expired.
- View Dependent Claims (11)
- - 11. The method of claim 10 further comprising determining the IP address to be a source address added to the credential request by the first access point, the source address being previously included within the credential request by the device as a destination address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart A., Durbha, Seetharama R.
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US14/617,757
Publication Number

US 20150172277A1
Time in Patent Office

1,177 Days
Field of Search

380200, 726 8, 726 12, 726 27, 725118
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 9/3263   involving certificates, e.g...

Zero sign-on authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Zero sign-on authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links