Method and system for securely authenticating network access credentials for users
First Claim
1. A system for facilitating access to a network-based service offered by a service provider, the system comprising:
- a network connection program configured, to execute in one or more processors, to receive a user credential for use in accessing the network-based service, wherein the user credential was not issued by the service provider;
convert the user credential into an encrypted credential using an encryption method that requires a private key to decrypt the encrypted credential, and wherein the private key is unknown to the service provider;
convert the encrypted credential into a plain text credential by application of a character encoding scheme to the encrypted credential, wherein the plain text format is required by one or more standardized network authentication protocols; and
transmit, via the one or more standardized network authentication protocols, the plain text credential to the service provider;
a decryption server, having the one or more processors, configured to receive, via the one or more standardized network authentication protocols, the plain text credential from the service provider;
convert the plain text credential back into the encrypted credential by application of the character encoding scheme;
convert the encrypted credential back into the user credential based on the private key; and
transmit, via the one or more standardized network authentication protocols, the user credential for authentication.
11 Assignments
0 Petitions
Accused Products
Abstract
A method is provided to securely authenticate user credentials. The method includes encrypting a user credential with a public key at an access device wherein the public key is part of a public/private key pair suitable for use with an encryption algorithm. The encrypted network user credential is transmitted from the access device to a decryption server where it is decrypted with a private key, the private key being part of the public/private key pair suitable for use with the encryption algorithm. The decrypted user credential is then transmitted from the decryption server to an authentication server for verification. The decryption server typically forms part of a multi-party service access environment including a plurality of access providers, the method including decrypting the user credential of a user proximate an access provider associated with the user credential. The method can be used in legacy protocols such as Point-to-Point protocol (PPP), Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Remote Authentication Dial In User Service (RADIUS) protocol, Terminal Access Controller Access Control System (TACACS) protocol, Lightweight Directory Access Protocol (LDAP), NT Domain authentication protocol, Unix password authentication protocol, HyperText Transfer Protocol (HTTP), HyperText Transfer Protocol over Secure sockets layer (HTTPS), Extended Authentication Protocol (EAP), Transport Layer Security (TLS) protocol, Token Ring protocol and/or Secure Remote Password protocol (SRP).
153 Citations
15 Claims
-
1. A system for facilitating access to a network-based service offered by a service provider, the system comprising:
-
a network connection program configured, to execute in one or more processors, to receive a user credential for use in accessing the network-based service, wherein the user credential was not issued by the service provider; convert the user credential into an encrypted credential using an encryption method that requires a private key to decrypt the encrypted credential, and wherein the private key is unknown to the service provider; convert the encrypted credential into a plain text credential by application of a character encoding scheme to the encrypted credential, wherein the plain text format is required by one or more standardized network authentication protocols; and transmit, via the one or more standardized network authentication protocols, the plain text credential to the service provider; a decryption server, having the one or more processors, configured to receive, via the one or more standardized network authentication protocols, the plain text credential from the service provider; convert the plain text credential back into the encrypted credential by application of the character encoding scheme; convert the encrypted credential back into the user credential based on the private key; and transmit, via the one or more standardized network authentication protocols, the user credential for authentication. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for electronically facilitating access to a network-based service offered by a service provider, the method comprising:
-
receiving, in a decryption server independent of the service provider, a data packet from the network-based service provider, wherein the data packet is formatted according to a first network authentication protocol, wherein the packet includes a user credential that has been converted to text format via a character conversion scheme, wherein the user credential is encrypted such that a private key unknown to the service provider is required for decryption; converting the user credential into another format by applying the character conversion scheme; decrypting the user credential based on the private key, wherein the decrypting results in the user credential being in the text format; forwarding the user credential, via a second network authentication protocol, to an authentication server; authenticating, at the authentication server independent of the service provider, the user credential; and transmitting, to the service provider, a signal including an indication that the user credential is authentic. - View Dependent Claims (8, 9, 10, 11)
-
-
12. One or more machine-readable storage device including instructions with when executed by a machine cause the machine to perform operations for enabling access to a service offered by a service provider, the operations comprising:
-
receiving, at the service provider, a data packet formatted according to a standard network authentication protocol, wherein the data packet includes a access credential in ASCII text format as required by the standard network authentication protocol, wherein the access credential can be decrypted with a private key unknown to the service provider, and wherein the data packet was forwarded by the service provider; modifying the access credential by applying a character conversion scheme that transforms characters of the access credential; decrypting the network access credential based on the private key and a decryption algorithm associated with the encryption algorithm, wherein the decrypting renders the access credential in the ASCII text format; transmitting the access credential for authentication, wherein the access credential is in the ASCII text format as a result of the decrypting. - View Dependent Claims (13, 14, 15)
-
Specification
-
- Resources
-
Current AssigneeChannel IP BV
-
Original AssigneeIpass Incorporated (Pareteum Corp.)
-
InventorsEdgett, Jeff Steven, Sunder, Singam, Underwood, James Marion, Albert, Roy David
-
Primary Examiner(s)Dada; Beemnet W
-
Application NumberUS10/117,868Publication NumberTime in Patent Office3,287 DaysField of Search713/168, 713150-153, 713/170, 713/182, 713/155, 713/161, 726 2- 5, 726/14, 726/12, 726/8, 726/9, 380/28, 380/29, 380/30, 380/267, 380/255, 709/227, 709/230, 709217-219, 709223-225, 709/229, 705/64, 705/18, 370/230, 455/410, 455/411US Class Current713/168CPC Class CodesG06F 21/31 User authenticationG06Q 20/14 specially adapted for billi...H04L 63/0442 wherein the sending and rec...H04L 63/083 using passwords cryptograph...H04L 63/108 when the policy decisions a...
