ZERO SIGN-ON AUTHENTICATION

US 20150172277A1
Filed: 02/09/2015
Published: 06/18/2015
Est. Priority Date: 06/30/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being sufficient for:

determining a credential request received from the device through a first access point of the plurality of access points, the credential request being issued to request a trust credential sufficient for authenticating access to the media services;

determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request;

facilitating transport of the trust credential through the first access point to the device if the first access point is determined to be trusted;

denying transport of the trust credential through the first access point to the device if the first access point is determined to be untrusted;

determining a media request received from the device through a second access point of the plurality of access points, the media request being issued to request access to the media services through the second access point;

determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;

facilitating ZSO access to the media services through the second access point if the second access point is trusted and the trust credential was transported to the device; and

facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is received from the device through the second access point.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device.

Citations

20 Claims

1. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being sufficient for:
- determining a credential request received from the device through a first access point of the plurality of access points, the credential request being issued to request a trust credential sufficient for authenticating access to the media services;
  
  determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request;
  
  facilitating transport of the trust credential through the first access point to the device if the first access point is determined to be trusted;
  
  denying transport of the trust credential through the first access point to the device if the first access point is determined to be untrusted;
  
  determining a media request received from the device through a second access point of the plurality of access points, the media request being issued to request access to the media services through the second access point;
  
  determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;
  
  facilitating ZSO access to the media services through the second access point if the second access point is trusted and the trust credential was transported to the device; and
  
  facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is received from the device through the second access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the identifying information includes an Internet protocol (IP) address within a trusted domain and to be untrusted if the IP address fails to be within the trusted domain.
  - 3. The non-transitory computer-readable medium of claim 2 further comprising non-transitory instruction sufficient for determining the IP address to be a source address added to the credential request by the first access point, the source address being previously included within the credential request by the device as a destination address.
  - 4. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the identifying information includes a Media Access Control (MAC) address within a trusted domain and to be untrusted if the MAC address fails to be within the trusted domain.
  - 5. The non-transitory computer-readable medium of claim 4 further comprising non-transitory instructions sufficient for:
    - polling a plurality of termination stations operable with the plurality of access points to provide the media services thereto, including determining whether any of the termination station have a duplicate of the MAC address; and
      
      determining the first access point to be untrusted if the MAC address is within the trusted domain and the duplicate is determined.
  - 6. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the identifying information indicates a wireless capability of the first access point is unlocked and to be untrusted if the wireless capability is locked.
  - 7. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the identifying information indicates a software version identified in a Management Information Base (MIB) of the first access point is correct and to be untrusted if the software version is incorrect.
  - 8. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the identifying information indicates a known device is physically connected to the first access point and to be untrusted if the know device is physically disconnected from the first access point.
  - 9. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for instructing the device to transport a user identifier input to the device while connected to the second access point to facilitate non-ZSO access to the media services through the second access point if the second access point is untrusted and the trust credential is either not received from the device through the second access point or the trust credential is expired.
  - 10. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for:
    - determining a device identifier included within the media request sufficient for relating the device to the trust credential; and
      
      facilitating ZSO access to the media services through the second access point as function of the device identifier without requiring the device to transport the trust credential through the second access point if the second access point is trusted.
  - 11. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for:
    - receiving the trust credential from the device through the second access point prior to facilitating the ZSO access to the media services; and
      
      limiting the ZSO access according to entitlements associated with the received trust credential.
  - 12. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for instructing the device to connect with a third access point to obtain the trust credential if the first access point is untrusted, the third access point being trusted.
  - 13. The non-transitory computer-readable medium of claim 1 further comprising non-transitory instructions sufficient for:
    - instructing the device to obtain a security input from a user thereof through the first access point if the first access point is trusted;
      
      transporting the trust credential through the first access point if the security input is verified and the first access point is trusted; and
      
      denying transport of the trust credential through the first access point if the security input is unverified.

14. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being sufficient for:
- determining a first credential request received from the device through a first access point of the plurality of access points, the first credential request being issued to request a trust credential sufficient for authenticating access to the media services;
  
  determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the first credential request;
  
  requesting the device to transmit a security input obtained from a user thereof through the first access point if the first access point is trusted;
  
  facilitating transport of the trust credential through the first access point to the device if the security input is valid and denying transport of the trust credential if the security input is invalid;
  
  instructing the device to attempt a second credential request for the trust credential through a second access point if the first access point is untrusted, the second access point being trusted; and
  
  determining the first access point to be one of trusted and untrusted as a function of identifying information included with the credential request.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer-readable medium of claim 14 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the first credential request includes an Internet protocol (IP) address within a trusted domain and to be untrusted if the IP address fails to be within the trusted domain.
  - 16. The non-transitory computer-readable medium of claim 14 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if the first credential request includes a Media Access Control (MAC) address within a trusted domain and to be untrusted if the MAC address fails to be within the trusted domain.
  - 17. The non-transitory computer-readable medium of claim 16 further comprising non-transitory instructions sufficient for determining the first access point to be untrusted if the MAC address is within the trusted domain and a duplicate of the MAC address is determined.
  - 18. The non-transitory computer-readable medium of claim 14 further comprising non-transitory instructions sufficient for determining the first access point to be trusted if a trust score is greater than a threshold and untrusted if the trust score is less than the threshold, including determining the trust score at least based in part on whether a wireless capability of the first access point is locked or unlocked, whether a software version identified in a Management Information Base (MIB) of the first access point is correct or incorrect and whether a known device is physically connected to or disconnected from the first access point.
  - 19. The non-transitory computer-readable medium of claim 14 further comprising non-transitory instructions sufficient for:
    - determining a media request received from the device through a third access point of the plurality of access points, the media request being issued to request access to the media services through the third access point;
      
      determining whether the third access point is one of trusted and untrusted as a function of identifying information included with the media request;
      
      facilitating ZSO access to a first portion of the media services through the third access point if the third access point is trusted, the first portion corresponding with media services entitled to a subscriber associated with the third access point; and
      
      facilitating ZSO access to the a second portion of media services through the second access point if the trust credential is received from the device through the third access point, the second portion of the media services corresponding with media services associated with the trust credential.

20. A non-transitory computer-readable medium having a plurality of non-transitory instructions operable with a processor to facilitate authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the non-transitory instructions being sufficient for:
- determining a first credential request received from the device through a first access point of the plurality of access points, the first credential request being issued to request a trust credential sufficient for authenticating access to the media services;
  
  determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the first credential request;
  
  requesting the device to transmit a security input obtained from a user thereof through the first access point;
  
  facilitating transport of the trust credential through the first access point to the device in the form of a certificate if the security input is valid and the first access point is trusted;
  
  facilitating transport of the trust credential through the first access point to the device in the form of a cookie if the security input is valid and the first access point is untrusted;
  
  determining a media request received from the device through a second access point of the plurality of access points, the media request including the trust credential and being issued to request access to the media services through the second access point;
  
  determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request;
  
  facilitating ZSO access to the media services through the second access point if the second access point is trusted and without verifying whether the received trust credential has expired; and
  
  facilitating ZSO access to the media services through the second access point if the second access point is untrusted and without verifying whether the received trust credential has expired if the received trust credential is the certificate; and
  
  facilitating ZSO access to the media services through the second access point if the second access point is untrusted and the received trust credential is the cookie if the cookie is unexpired and denying ZSO access to the media services if the cookie is expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart A., Durbha, Seetharama R.

Granted Patent

US 9,961,067 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 9/3263   involving certificates, e.g...

ZERO SIGN-ON AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ZERO SIGN-ON AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links