Systems and methods for user access authentication based on network access point
First Claim
1. A method of user access authentication, the method comprising:
- receiving an authentication request;
determining whether to grant a user device access to a secure data network via a plurality of network access points, the plurality of network access points including a first network access point and a second network access point; and
,responding to the authentication request with an authentication response indicating whether the user device is granted access to the secure data network via the plurality of network access points;
wherein;
the authentication request travels along a communication path including the first network access point and the second network access point; and
whether to grant the user device access is determined based on at least three data points, the at least three data points comprising a user identity provided by the user device, a first network access point identity associated with the first network access point, and a second network access point identity associated with the second network access point;
wherein the combination of the user identity, the first network access point identity and the second network access point identity results in at least one of;
(i) not granting the user device access to the secure data network; and
(ii) granting the user device access to the secure data network,wherein the secure data network includes at least one of an Internet Protocol (IP) network;
a Local Area Network (LAN);
a Wide Area Network (WAN);
a wireless network;
a WiFi network;
a General Packet Radio Service (GPRS) network;
a public IP network; and
a private IP network;
wherein the user device includes at least one of a desktop personal computer, a laptop personal computer, a personal data assistance (PDA), a cellular phone, a smart-phone, and a device having a computing unit connectable to a network;
wherein the user identity includes at least one of a user name;
an identity of user device;
a Media Access Control (MAC) address;
an Internet Protocol (IP) address and port number;
a device serial number;
subscriber information in a subscriber identity module (SIM) card;
subscriber information in a Universal Subscriber Identity Module (USIM) card;
a telephone number;
security information;
a password;
a security code;
a secret answer to a security question;
biometric characteristics;
fingerprint data, eye retinal data, eye iris data voice pattern recognition data and signature recognition data;
wherein the first network access point and/or the second network access point includes at least one of a firewall;
a wireless access point a Dynamic Host Configuration Protocol (DHCP) server;
a Remote Access Server (RAS);
a Broadband Remote Access Server (BRAS);
a web server;
a secure web server;
a virtual private network (VPN) server;
a termination point of an access tunnel;
a termination point of a virtual private network (VPN) tunnel;
a termination point of a Generic Routing Encapsulation (GRE) tunnel; and
a termination point of a Layer-2 Tunnel Protocol (L2TP) tunnel; and
wherein the first network access point identity and/or the second network access point identity includes at least one of a network access point name;
an IP address;
a port number;
security information;
a password;
a security code;
a device name;
a machine identity;
a serial number;
an identity of an access tunnel termination point and an Access Point Name (APN).
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response. The secure data network may comprise an application level secure data network, in which the user uses the user device to request access to a network application. Furthermore, the identity server may validate the combined user identity and network access point identity data in conjunction with time information, access allowance data, and/or traffic volume data.
33 Citations
33 Claims
-
1. A method of user access authentication, the method comprising:
-
receiving an authentication request; determining whether to grant a user device access to a secure data network via a plurality of network access points, the plurality of network access points including a first network access point and a second network access point; and
,responding to the authentication request with an authentication response indicating whether the user device is granted access to the secure data network via the plurality of network access points; wherein; the authentication request travels along a communication path including the first network access point and the second network access point; and whether to grant the user device access is determined based on at least three data points, the at least three data points comprising a user identity provided by the user device, a first network access point identity associated with the first network access point, and a second network access point identity associated with the second network access point;
wherein the combination of the user identity, the first network access point identity and the second network access point identity results in at least one of;(i) not granting the user device access to the secure data network; and (ii) granting the user device access to the secure data network, wherein the secure data network includes at least one of an Internet Protocol (IP) network;
a Local Area Network (LAN);
a Wide Area Network (WAN);
a wireless network;
a WiFi network;
a General Packet Radio Service (GPRS) network;
a public IP network; and
a private IP network;
wherein the user device includes at least one of a desktop personal computer, a laptop personal computer, a personal data assistance (PDA), a cellular phone, a smart-phone, and a device having a computing unit connectable to a network;wherein the user identity includes at least one of a user name;
an identity of user device;
a Media Access Control (MAC) address;
an Internet Protocol (IP) address and port number;
a device serial number;
subscriber information in a subscriber identity module (SIM) card;
subscriber information in a Universal Subscriber Identity Module (USIM) card;
a telephone number;
security information;
a password;
a security code;
a secret answer to a security question;
biometric characteristics;
fingerprint data, eye retinal data, eye iris data voice pattern recognition data and signature recognition data;wherein the first network access point and/or the second network access point includes at least one of a firewall;
a wireless access point a Dynamic Host Configuration Protocol (DHCP) server;
a Remote Access Server (RAS);
a Broadband Remote Access Server (BRAS);
a web server;
a secure web server;
a virtual private network (VPN) server;
a termination point of an access tunnel;
a termination point of a virtual private network (VPN) tunnel;
a termination point of a Generic Routing Encapsulation (GRE) tunnel; and
a termination point of a Layer-2 Tunnel Protocol (L2TP) tunnel; andwherein the first network access point identity and/or the second network access point identity includes at least one of a network access point name;
an IP address;
a port number;
security information;
a password;
a security code;
a device name;
a machine identity;
a serial number;
an identity of an access tunnel termination point and an Access Point Name (APN).- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system of user access authentication, the system comprising:
-
a secure data network having a plurality of network access points; a first network access point selected from the plurality of network access points; an identity server in communication with the secure data network via the first network access point, wherein; the identity server processes an authentication request, sent by the first network access point, based on an access request that travels along a communication path including the first network access point and a second network access point and is received by the first network access point from a user device controlled by a user; the identity server determines whether to grant the user device access to the secure data network via the first network access point and the second network access point based on at least three data points, the at least three data points comprising a user identity associated with the user, a first network access point identity associated with the first network access point, and a second network access point identity associated with the second network access point;
wherein the combination of the user identity, the first network access point identity and the second network access point identity results in at least one of;
(i) not granting the user device access to the secure data network; and
(ii) granting the user device access to the secure data network; and
,the identity server responds to the authentication request with an authentication response sent to the first network access point indicating whether the user device is granted access to the secure data network via the first network access point and the second network access point wherein the secure data network includes at least one of an Internet Protocol (IP) network;
a Local Area Network (LAN);
a Wide Area Network (WAN);
a wireless network;
a WiFi network;
a General Packet Radio Service (GPRS) network;
a public IP network; and
a private IP network;wherein the user device includes at least one of a desktop personal computer, a laptop personal computer, a personal data assistance (PDA), a cellular phone, a smart-phone, and a device having a computing unit connectable to a network; wherein the user identity includes at least one of a user name;
an identity of user device;
a Media Access Control (MAC) address;
an Internet Protocol (IP) address and port number;
a device serial number;
subscriber information in a subscriber identity module (SIM) card;
subscriber information in a Universal Subscriber Identity Module (USIM) card;
a telephone number;
security information;
a password;
a security code;
a secret answer to a security question;
biometric characteristics;
fingerprint data, eye retinal data, eye iris data voice pattern recognition data; and
signature recognition data;wherein the first network access point and/or the second network access point includes at least one of a firewall;
a wireless access point;
a Dynamic Host Configuration Protocol (DHCP) server;
a Remote Access Server (RAS);
a Broadband Remote Access Server (BRAS);
a web server;
a secure web server;
a virtual private network (VPN) server;
a termination point of an access tunnel;
a termination point of a virtual private network (VPN) tunnel;
a termination point of a Generic Routing Encapsulation (GRE) tunnel; and
a termination point of a Layer-2 Tunnel Protocol (L2TP) tunnel; andwherein the first network access point identity and/or the second network access point identity includes at least one of a network access point name;
an IP address;
a port number;
security information;
a password;
a security code;
a device name;
a machine identity;
a serial number;
an identity of an access tunnel termination point; and
an Access Point Name (APN). - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of user access authentication, the method comprising:
-
receiving an authentication request; determining whether to grant a user device access to a secure data network via a plurality of network access points, the plurality of network access points including a first network access point and a second network access point; and
,responding to the authentication request with an authentication response indicating whether the user device is granted access to the secure data network via the plurality of network access points; wherein; the authentication request travels along a communication path including the first network access point and the second network access point; and whether to grant the user device access is determined based on at least three data points, the at least three data points comprising a user identity provided by the user device, a first network access point identity associated with the first network access point, and a second network access point identity associated with the second network access point;
wherein the combination of the user identity, the first network access point identity and the second network access point identity results in at least one of;(i) not granting the user device access to the secure data network; and (ii) granting the user device access to the secure data network, wherein the authentication request maintains a log of the communication path and tracks identities of network nodes, including the first and second access points, encountered while traversing the communication path to reach a destination.
-
Specification