Shared network access using different access keys
First Claim
Patent Images
1. A method of authenticating a client to one or more computing devices at an edge of one or more communications networks, the method comprising the steps of:
- obtaining, by the client, a computing device identifier associated with a computing device;
selecting, at said client, a set of authentication parameters associated with said computing device identifier, said authentication parameters being stored in a tamper-resistant physical token operatively coupled to said client, said tamper-resistant physical token further permanently storing a unique identifier associated with said client, said tamper resistant physical token further storing a first cryptographic key; and
implementing an authentication process employing said set of authentication parameters, the authentication process comprising the steps of;
transmitting, by the client to the computing device, a first challenge, wherein said first challenge comprises an encrypted first random number and said unique identifier associated with said client, said first random number being generated inside said tamper-resistant physical token, said encrypted first random number being encrypted with said first cryptographic key;
receiving, by the client from the computing device, a second challenge, wherein said second challenge comprises an encrypted second random number, said second random number generated at said computing device and encrypted with a second cryptographic key, said second cryptographic key being obtained by said computing device and associated with said computing device identifier; and
permitting, at said client, said client to access said communications network via said computing device if said authentication process results in a successful authentication of said client.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for consistent authentication and security mechanism to enable a client device to easily roam from one network to another without requiring the client to manually change network configurations is disclosed. In one embodiment, a client device listens for a “beacon frame” broadcast from a Wi-Fi access point. The beacon frame identifies the basic service set identifier (BSSID) of the access point. A tamper-resistant token, or client key, installed at the client device stores a set of authentication parameters, e.g., cryptographic keys, for each Wi-Fi network the client is permitted to access. Each set of authentication parameters is associated with a particular BSSID. Using the BSSID received from the access point, the client device identifies and implements the appropriate set of authentication parameters necessary to authenticate the client device according to an authentication process generally accepted by all the Wi-Fi networks potentially servicing the client.
73 Citations
17 Claims
-
1. A method of authenticating a client to one or more computing devices at an edge of one or more communications networks, the method comprising the steps of:
-
obtaining, by the client, a computing device identifier associated with a computing device; selecting, at said client, a set of authentication parameters associated with said computing device identifier, said authentication parameters being stored in a tamper-resistant physical token operatively coupled to said client, said tamper-resistant physical token further permanently storing a unique identifier associated with said client, said tamper resistant physical token further storing a first cryptographic key; and implementing an authentication process employing said set of authentication parameters, the authentication process comprising the steps of; transmitting, by the client to the computing device, a first challenge, wherein said first challenge comprises an encrypted first random number and said unique identifier associated with said client, said first random number being generated inside said tamper-resistant physical token, said encrypted first random number being encrypted with said first cryptographic key; receiving, by the client from the computing device, a second challenge, wherein said second challenge comprises an encrypted second random number, said second random number generated at said computing device and encrypted with a second cryptographic key, said second cryptographic key being obtained by said computing device and associated with said computing device identifier; and permitting, at said client, said client to access said communications network via said computing device if said authentication process results in a successful authentication of said client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for authenticating a client to one or more computing devices at an edge of one or more communications networks, the system comprising:
-
one or more computing devices, a client, wherein the client is operatively coupled to a unique tamper-resistant physical token, the tamper-resistant physical token comprising; one or more unique sets of authentication parameters, wherein each set of authentication parameters is associated with one or more of said one or more computing devices; a first cryptographic key, wherein said first cryptographic key is permanently stored in said tamper-resistant physical token; a random number generator; and a unique identifier, wherein said unique identifier is permanently stored in said tamper-resistant physical token; and software installed in said client configured to cause said client to; obtain a unique identifier of one of said one or more computing devices; select a set of authentication parameters from said one or more unique sets of authentication parameters associated with the one of said one or more computing devices; transmit, by the client to the one of said one or more computing devices, a first challenge, wherein the first challenge comprises an encrypted first random number and said unique identifier, wherein the first random number is generated by said random number generator within said unique tamper-resistant physical token, wherein said encrypted first random number is encrypted using the first cryptographic key; receive, by the client from the one of said one or more computing devices, a second challenge, wherein the second challenge comprises an encrypted second random number, said second random number generated at the one of said one or more computing devices and encrypted using a second cryptographic key, said second cryptographic key being obtained by the one of said one or more computing devices and associated with the one of said one or more computing devices; and permit, at said client, said client to access said communications network via the one of said one or more computing devices if the one of said one or more computing devices successfully responds to the first challenge and the client successfully responds to the second challenge. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKoolSpan, Inc.
-
Original AssigneeKoolSpan, Inc.
-
InventorsFascenda, Anthony C.
-
Primary Examiner(s)Barron, Jr.; Gilberto
-
Assistant Examiner(s)ARMOUCHE, HADI S
-
Application NumberUS10/679,268Publication NumberTime in Patent Office2,205 DaysField of Search713/155, 713/168, 713/171, 709/203, 709/229US Class Current713/171CPC Class CodesG06F 2221/2153 Using hardware token as a s...H04L 2209/80 Wireless network architectu...H04L 63/0428 wherein the data content is...H04L 63/0853 using an additional device,...H04L 63/104 Grouping of entitiesH04L 63/205 involving negotiation or de...H04L 9/0844 with user authentication or...H04W 12/06 AuthenticationH04W 12/08 Access securityH04W 12/50 Secure pairing of devicesH04W 12/73 Access point logical identityH04W 84/04 Large scale networks; Deep ...H04W 84/12 WLAN [Wireless Local Area N...H04W 88/08 Access point devices
