Automatic, connection-based terminal or user authentication in communication networks

US 8,127,339 B2
Filed: 12/19/2003
Issued: 02/28/2012
Est. Priority Date: 12/19/2002
Status: Expired due to Fees

First Claim

Patent Images

1. Method for automatically identifying an access right to protected areas in a first network using a unique connection identifier of a second network, comprising the following procedural steps:

dynamic or static assignment of a unique identifier of the first network for a terminal, during or prior to the latter'"'"'s connection to the first network by means of the second network;

storage of a combination of at least the unique connection identifier of the second network by means of which the connection was made, and the unique identifier of the first network in an authentication unit;

a provider of the protected area requesting the authentication unit to determine the unique connection identifier of the second network using the unique identifier of the first network when the terminal would like access to the protected area;

authenticating the unique connection identifier of the second network and/or communicating the unique connection identifier of the second network to the provider of the protected area by means of the authentication unit; and

checking whether an access right for the protected area exists for the unique connection identifier of the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The aim of the invention is to permit the automatic identification of access rights to protected areas in networks, in particular on the Internet. This is achieved by a method for automatically identifying the access rights to protected areas in a first network using a unique connection identifier of a second network, in particular in the interconnection of networks that constitutes the Internet. According to the invention: a unique identifier of the first network is dynamically or statically assigned to a terminal, during or prior to the latter'"'"'s connection to the first network; a combination of at least the unique connection identifier of the second network and the unique identifier of the first network, said combination being stored in an authentication unit, is polled when the terminal requests access to the protected area, in order to determine the unique connection identifier of the second network using the unique identifier of the first network; and the existence of access rights to the protected area for the unique connection identifier of the second network is then verified.

9 Citations

View as Search Results

23 Claims

1. Method for automatically identifying an access right to protected areas in a first network using a unique connection identifier of a second network, comprising the following procedural steps:
- dynamic or static assignment of a unique identifier of the first network for a terminal, during or prior to the latter'"'"'s connection to the first network by means of the second network;
  
  storage of a combination of at least the unique connection identifier of the second network by means of which the connection was made, and the unique identifier of the first network in an authentication unit;
  
  a provider of the protected area requesting the authentication unit to determine the unique connection identifier of the second network using the unique identifier of the first network when the terminal would like access to the protected area;
  
  authenticating the unique connection identifier of the second network and/or communicating the unique connection identifier of the second network to the provider of the protected area by means of the authentication unit; and
  
  checking whether an access right for the protected area exists for the unique connection identifier of the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 22, 23)
- - 2. Method in accordance with claim 1, wherein the combination stored in the current authentication unit contains further data in addition.
  - 3. Method in accordance with claim 2, wherein the additional data has at least one of the following:
    - the dial-in number into the first network, a user name (login) and a password.
  - 4. Method in accordance with claim 1, wherein the authentication unit is only run temporarily.
  - 5. Method in accordance with claim 4, wherein the combination of data is deleted from the authentication unit as soon as the terminal ends its connection with one of the two networks.
  - 6. Method in accordance with claim 1, wherein the unique identifier of the second network is a call-up number.
  - 7. Method in accordance with claim 1, wherein the protected area includes the provision of an online individual connection identification.
  - 8. Method in accordance with claim 7, wherein an individual connection identification takes place automatically for the unique connection identifier of the second network.
  - 9. Method in accordance with claim 7, wherein, before release of an individual connection identification, a further entry on the terminal is necessary.
  - 10. Method in accordance with claim 9, wherein the further entry includes the entry of an invoice number and/or a customer number and/or a PIN.
  - 11. Method in accordance with claim 1, wherein only authorized services have access to the authentication unit.
  - 12. Method in accordance with claim 1, wherein the protected area includes at least one of the following services:
    - provision of contents, electronic trade (e-commerce), payment or settlement services and authorized services.
  - 13. Method in accordance with claim 12, wherein with a payment service, the costs arising are automatically invoiced by means of the unique connection identifier of the second network.
  - 14. Method in accordance with claim 1, wherein further data are automatically called up from the terminal and/or further procedural steps are initiated in the protected area using the unique connection identifier of the second network.
  - 15. Method in accordance with claim 1, wherein further personalization of the terminal takes place by entering a PIN.
  - 22. Method in accordance with claim 1 or 16, wherein the first and second networks are based on different protocols.
  - 23. Method in accordance with claim 1 or 16, wherein the first network is the internet, and the second network is a telephone network.

16. Method for providing data for automatic identification of access rights to protected areas in networks, comprising the following procedural steps:
- provision of at least one unique identifier respectively from at least two different networks while a connection to both networks exists, whereby the connection to one of the networks happens by means of the other network;
  
  storage of a combination of the unique identifiers in an authentication unit;
  
  authenticating and/or issuing of one of the unique identifiers when a corresponding enquiry is made regarding an other of the unique identifiers; and
  
  deletion of data from the authentication unit as soon as a connection with at least one of the two networks has ended.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. Method in accordance with claim 16, wherein at least one of the identifiers is an IP number and/or a unique connection identifier of a terminal.
  - 18. Method in accordance with claim 16, wherein it is checked whether the enquiry originates from an authorized place or from an authorized service.
  - 19. Method in accordance with claim 16, wherein the combination stored in the current authentication unit contains further information in addition.
  - 20. Method in accordance with claim 19, wherein the additional data have at least one of the following:
    - a dial-in number into one of the networks, a user name (login) and a password.
  - 21. Method in accordance with claim 16, wherein a call-up number block or a target number block is identified by means of the authentication unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BT GmbH & Company OHG (BT Group PLC)
Original Assignee
BT GmbH & Company OHG (BT Group PLC)
Inventors
Ernst, Matthias, Stotter, Tobias, Elbs, Stefan
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US10/539,506
Publication Number

US 20060165226A1
Time in Patent Office

2,993 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

H04L 61/4535   using an address exchange p...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04M 15/00   Arrangements for metering, ...

H04M 15/41   Billing record details, i.e...

H04M 15/43   Billing software details

H04M 15/46   Real-time negotiation betwe...

H04M 15/8207   Time based data metric aspe...

H04M 2215/0164   Billing record, e.g. Call D...

H04M 2215/56   On line or real-time flexib...

H04M 2215/7813   Time based data, e.g. VoIP ...

Automatic, connection-based terminal or user authentication in communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic, connection-based terminal or user authentication in communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links