Automatic, connection-based terminal or user authentication in communication networks
First Claim
1. Method for automatically identifying an access right to protected areas in a first network using a unique connection identifier of a second network, comprising the following procedural steps:
- dynamic or static assignment of a unique identifier of the first network for a terminal, during or prior to the latter'"'"'s connection to the first network by means of the second network;
storage of a combination of at least the unique connection identifier of the second network by means of which the connection was made, and the unique identifier of the first network in an authentication unit;
a provider of the protected area requesting the authentication unit to determine the unique connection identifier of the second network using the unique identifier of the first network when the terminal would like access to the protected area;
authenticating the unique connection identifier of the second network and/or communicating the unique connection identifier of the second network to the provider of the protected area by means of the authentication unit; and
checking whether an access right for the protected area exists for the unique connection identifier of the second network.
1 Assignment
0 Petitions
Accused Products
Abstract
The aim of the invention is to permit the automatic identification of access rights to protected areas in networks, in particular on the Internet. This is achieved by a method for automatically identifying the access rights to protected areas in a first network using a unique connection identifier of a second network, in particular in the interconnection of networks that constitutes the Internet. According to the invention: a unique identifier of the first network is dynamically or statically assigned to a terminal, during or prior to the latter'"'"'s connection to the first network; a combination of at least the unique connection identifier of the second network and the unique identifier of the first network, said combination being stored in an authentication unit, is polled when the terminal requests access to the protected area, in order to determine the unique connection identifier of the second network using the unique identifier of the first network; and the existence of access rights to the protected area for the unique connection identifier of the second network is then verified.
9 Citations
23 Claims
-
1. Method for automatically identifying an access right to protected areas in a first network using a unique connection identifier of a second network, comprising the following procedural steps:
-
dynamic or static assignment of a unique identifier of the first network for a terminal, during or prior to the latter'"'"'s connection to the first network by means of the second network; storage of a combination of at least the unique connection identifier of the second network by means of which the connection was made, and the unique identifier of the first network in an authentication unit; a provider of the protected area requesting the authentication unit to determine the unique connection identifier of the second network using the unique identifier of the first network when the terminal would like access to the protected area; authenticating the unique connection identifier of the second network and/or communicating the unique connection identifier of the second network to the provider of the protected area by means of the authentication unit; and checking whether an access right for the protected area exists for the unique connection identifier of the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 22, 23)
-
-
16. Method for providing data for automatic identification of access rights to protected areas in networks, comprising the following procedural steps:
-
provision of at least one unique identifier respectively from at least two different networks while a connection to both networks exists, whereby the connection to one of the networks happens by means of the other network; storage of a combination of the unique identifiers in an authentication unit; authenticating and/or issuing of one of the unique identifiers when a corresponding enquiry is made regarding an other of the unique identifiers; and deletion of data from the authentication unit as soon as a connection with at least one of the two networks has ended. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification