Accessing cellular networks from non-native local networks

US 20050124288A1
Filed: 03/13/2003
Published: 06/09/2005
Est. Priority Date: 03/13/2002
Status: Active Grant

First Claim

Patent Images

1. A multiple element gateway entity for supporting cellular authentication from a non-cellular network, the entity comprising a plurality of elements each located at a different one of a plurality of secure zones and having a first gap between said elements across said secure zones, said gateway being configured to predefine communication signals allowed across said first gap between said elements, thereby to filter out signals not part of an authentication procedure, and provide secure cellular authentication for a communication originating from said non-cellular network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multiple entity gateway for supporting cellular authentication from a non-cellular network, the gateway comprising a plurality of entities each located at a different one of a plurality of secure zones and having at least one gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said gap between said entities, thereby to filter out non-allowed signals, and provide secure cellular authentication for a communication originating from said non-cellular network. The gateway allows cellular users to connect to a cellular network via a wireless local area network such as a hotspot, use the services of the cellular network, the Internet and the hotspot at will, and be securely authenticated and charged through the cellular infrastructure.

112 Citations

53 Claims

1. A multiple element gateway entity for supporting cellular authentication from a non-cellular network, the entity comprising a plurality of elements each located at a different one of a plurality of secure zones and having a first gap between said elements across said secure zones, said gateway being configured to predefine communication signals allowed across said first gap between said elements, thereby to filter out signals not part of an authentication procedure, and provide secure cellular authentication for a communication originating from said non-cellular network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 2. The multiple element gateway entity of claim 1, wherein said predefined communication signals allowed across said first gap comprise signals of a cellular authentication protocol.
  - 3. The multiple element gateway entity of claim 2, wherein said signals of a cellular identification protocol comprise GSM triplet information.
  - 4. The multiple entity gateway of claim 2, wherein said predefined communication signals further comprise authorization information.
  - 5. The multiple element gateway entity of claim 2, wherein said predefined communication signals further comprise status information.
  - 6. The multiple element gateway entity of claim 1, wherein said elements comprise at least a front element for interfacing to said non-cellular network, a cellular network gateway element for interfacing to said cellular network, and a service gateway element for interfacing to a service IP network, and wherein said first gap is between said front element and said cellular gateway element.
  - 7. The multiple element gateway entity of claim 6, wherein each one of said secure zones has a different level of security ranging from a lowest to a highest level of security, and said front element resides in a lower level one of said secure zones, said cellular network gateway element resides in a higher level one of said secure zones and said service gateway element resides in an intermediate level one of said secure zones.
  - 8. The multiple element gateway entity of claim 7, wherein said front element resides in a lowest level one of said secure zones.
  - 9. The multiple element gateway entity of claim 7, wherein said cellular network gateway element resides in a highest level one of said secure zones.
  - 10. The multiple element gateway entity of claim 1, configured to support said authentication via a first layer and to support subsequent communication traffic via a second layer, the entity further being configured to bind said first and said second layers to restrict said subsequent communication traffic to a user authenticated via said first layer.
  - 11. The multiple element gateway entity of claim 10, wherein said binding is cryptographic binding.
  - 12. The multiple element gateway entity of claim 10, wherein said binding is non-cryptographic binding.
  - 13. The multiple element gateway entity of claim 1, further comprising secure channel support functionality for supporting a secure channel to a user client at said non-cellular network
  - 14. The multiple element gateway entity of claim 13, wherein said secure channel is allowed to said user client only as long as said user client is authenticated.
  - 15. The multiple element gateway entity of claim 13, wherein said secure channel is identity protected, thereby to defeat eavesdropping.
  - 16. The multiple element gateway entity of claim 13, wherein said secure channel is configured to carry communication traffic.
  - 17. The multiple element gateway entity of claim 1, comprising a first end in a cellular infrastructure towards the non-cellular network, said first end having a first firewall.
  - 18. The multiple entity gateway entity of claim 1, further comprising a security gateway.
  - 19. The multiple element gateway entity of claim 17, configured to supply said first firewall with a rule set comprising static rules to allow through signals belonging to said authentication procedure.
  - 20. The multiple element gateway entity of claim 17, further configured to supply said first firewall with a rule, said rule permitting passage of data involving a user client, said supply being dynamically with authentication of said user client.
  - 21. The multiple element gateway entity of claim 17, wherein said first firewall is configured to restrict access to signals originating from applications within an authenticated user client, wherein said applications are recognized as compatible with said gateway.
  - 22. The multiple element gateway entity of claim 17, wherein said first firewall is operable to receive from said cellular authentication at least one key, said firewall being configured to pass only material corresponding to the key.
  - 23. The multiple element gateway element of claim 22, wherein said key is at least one of an authentication key, an encryption key and a key providing both authentication and encryption.
  - 24. The multiple element gateway entity of claim 21, wherein said first firewall is configured to restrict access from non-authenticated user clients to signals originating from applications within said user client which are recognized as supporting said cellular authentication procedure.
  - 25. The multiple element gateway entity of claim 17, further comprising a second end towards a service IP network, said second end comprising a second firewall.
  - 26. The multiple element gateway entity of claim 25, wherein said second firewall has a rule set for allowing signals to pass, the entity being further configured to supply said second firewall with a rule, said rule permitting passage of data involving a user client, said supply being dynamically with authentication of said user client.
  - 27. The multiple element gateway entity of claim 1, wherein said secure cellular authentication is via an authentication layer and wherein communication traffic is via a second, traffic, layer, wherein said entity is operable to bind said authentication and said traffic layers so that communication traffic is only sendable via a device that has been authenticated.
  - 28. The multiple element gateway entity of claim 1, wherein said secure cellular authentication comprises finding a subscriber account at a cellular provider user database and interacting with a connecting user device to bind said user account to said connecting user device.
  - 29. The multiple element gateway entity of claim 28, wherein said cellular provider user database is a home location register.
  - 30. The multiple element gateway entity of claim 28, wherein data for accessing said user database is obtained during execution of an access protocol from a connecting user device.
  - 31. The multiple element gateway entity of claim 30, where said data for accessing is obtained from a SIM of a user device if present, otherwise from a virtual SIM if present, otherwise from a client entity of said user device and otherwise from a communication independently received from a subscriber'"'"'s cellular device, and wherein said data for accessing comprises authentication data.
  - 32. The multiple element gateway entity of claim 1, configured to provide initial access to a connecting device via exchange of a single message with said connecting device.
  - 33. The multiple element gateway entity of claim 32, wherein said initial message contains at least one of a temporary identity, a one-time password and a retries counter.
  - 34. The multiple element gateway entity of claim 33, further configured to identify a situation in which two connecting devices attempt to authenticate themselves based on a single security element.
  - 35. The multiple element gateway entity of claim 1, wherein said secure cellular authentication further comprises use of a one time password.
  - 36. The multiple element gateway entity of claim 1, wherein said secure cellular authentication comprises use of a temporary user identity.
  - 37. The multiple element gateway entity of claim 1, wherein said secure cellular authentication comprises a new session authentication procedure and a resumed session authentication procedure.
  - 38. The multiple element gateway entity of claim 1, wherein said elements are located within a cellular provider'"'"'s network infrastructure.

39. A user client for use with a multiple element gateway entity, the entity comprising a plurality of elements each located at a different one of a plurality of secure zones and having at least a first gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said first gap between said entities, thereby to filter out signals not part of an authentication procedure, and provide secure cellular authentication for a communication originating from a non-cellular network, the user client comprising usability for connecting to a wireless local network and usability for supporting said cellular authentication via said gateway entity.
- View Dependent Claims (40)
- - 40. The user client of claim 39, comprising a virtual SIM.

41. A method for supporting cellular authentication from a non-cellular network, the method comprising:
- locating a plurality of cellular authentication elements at different ones of a plurality of secure zones, arranging at least one gap between said elements across said secure zones, and defining communication signals to be allowed across said gap between said elements, thereby to filter out signals not part of an authentication procedure, and restrict passage across said gap to signals being part of said cellular authentication, thereby to provide secure cellular authentication for a communication originating from said non-cellular network.

42. A method for supporting cellular authentication from a non-cellular network, comprising:
- setting a first rule to prevent exchange of data from non-authenticated devices over a communication route, receiving data from a connecting device on the non-cellular network, authenticating said connecting device over an authentication route using cellular authentication, and setting a second rule to permit said connecting device when authenticated to exchange data over said communication route.

43. Apparatus for supporting cellular authentication from a non-cellular network, comprising:
- a first route connecting said non-cellular network to a cellular authentication infrastructure, a second route for connecting said non-cellular network to a communication infrastructure, and a communication gateway at said second route for allowing data to pass along said second route only if said data is part of a communication involving a device on said non-cellular network which is authenticated by said cellular authentication infrastructure.

44. An authentication mechanism for use with a non-cellular network able to access a cellular authentication infrastructure, the mechanism comprising:
- a cellular access protocol for allowing a connecting device to obtain authentication from said cellular authentication infrastructure, and a binding mechanism for binding said connecting device to said authentication so that only usage associated with said connecting device for the duration of said authentication is allowed via said non-cellular network.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 45. The authentication mechanism of claim 44, wherein said connecting device comprises an authentication client.
  - 46. The authentication mechanism of claim 45, wherein said authentication client comprises a SIM.
  - 47. The authentication mechanism of claim 46, wherein said SIM is a virtual SIM.
  - 48. The authentication mechanism of claim 44, wherein at least part of said cellular access protocol comprises exchanging messaging with a cellular device to whose identity said connecting device intends to be bound.
  - 49. The authentication mechanism of claim 48, wherein said exchanging messaging is a one-way exchange between said cellular authentication infrastructure and said cellular device.
  - 50. The authentication mechanism of claim 48, wherein said exchanging messaging is a two-way exchange between said cellular authentication infrastructure and said cellular device.
  - 51. The authentication mechanism of claim 49, further configured to identify a situation in which two connecting devices attempt to authenticate themselves based on a single security element.
  - 52. The authentication mechanism of claim 50, further configured to identify a situation in which two connecting devices attempt to authenticate themselves based on a single security element.
  - 53. The authentication mechanism of claim 44, further configured to use said authentication to guarantee billing information of said connecting device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Flash Networks, Ltd. (Constellation Software Incorporated)
Original Assignee
Flash Networks, Ltd. (Constellation Software Incorporated)
Inventors
Karmi, Yair, Bitan-Erlich, Sara, Katz, Eyal, Peleg, Yaron, Jeffery, Stuart

Granted Patent

US 7,653,200 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/3.10
CPC Class Codes

H04L 12/5692   Selection among different n...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/0869   for achieving mutual authen...

H04L 63/104   Grouping of entities

H04L 63/1441   Countermeasures against mal...

H04W 12/06   Authentication

H04W 12/75   Temporary identity

H04W 88/16   Gateway arrangements

Accessing cellular networks from non-native local networks

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing cellular networks from non-native local networks

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links