Zero sign-on authentication

US 8,793,769 B2
Filed: 12/31/2009
Issued: 07/29/2014
Est. Priority Date: 12/31/2009
Status: Active Grant

First Claim

Patent Images

1. A method of providing zero sign-on authentication comprising:

identifying a gateway through which a first user device issues a media access request for media services, the media access request being generated through user interaction with a webpage connected to through signaling carried via the gateway;

establishing a gateway level of trust for the gateway following issuance of the media access request, the gateway level of trust being determined based on gateway identification information electronically collected from the gateway, at least part of the gateway identification information being unique to the gateway;

after establishing the gateway level of trust, authenticating the first user device to access the media service depending on the gateway level of trust, including automatically limiting media services made accessible to the first user device through the gateway to a certain portion of the media services depending on the gateway level of trust;

establishing the gateway level of trust with a server in electronic communication with the gateway, the server determining the gateway level of trust based on a comparison of information collected from the gateway to data previously associated with the gateway;

granting the first user device limited access to facilitate communications with the server via the gateway prior to determining the gateway level of trust, the limited access allowing the first user device to interact with the webpage;

establishing the gateway level of trust to be one of a first, second, and third level of trust depending on whether the server supports Simple Network Management Protocol (SNMP) communications with the gateway, whether the server supports a privacy certificate exchange with the gateway, and whether a Media Access control (MAC) address of the gateway has the same domain name as a domain previously associated with the MAC address;

authenticating the first user device to a first tier of the media service if the first user device is determined to have the first level of trust, authenticating the first user device to a second tier of the media service if the first user device is determined to have the second level of trust, and authenticating the first user device to a third tier of the media service if the first user device is determined to have the third level of trust; and

authenticating a second user device to access the same certain portion of the media services through the gateway as function of the gateway level of trust regardless of an identity of the second user device and regardless of an identity of a user of the second user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A authenticating system and process for authenticating user devices to a access a media service where access to certain portions of the media service may be limited according to a gateway or other device used by a user device to facilitate interfacing a user with the media service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.

27 Citations

View as Search Results

15 Claims

1. A method of providing zero sign-on authentication comprising:
- identifying a gateway through which a first user device issues a media access request for media services, the media access request being generated through user interaction with a webpage connected to through signaling carried via the gateway;
  
  establishing a gateway level of trust for the gateway following issuance of the media access request, the gateway level of trust being determined based on gateway identification information electronically collected from the gateway, at least part of the gateway identification information being unique to the gateway;
  
  after establishing the gateway level of trust, authenticating the first user device to access the media service depending on the gateway level of trust, including automatically limiting media services made accessible to the first user device through the gateway to a certain portion of the media services depending on the gateway level of trust;
  
  establishing the gateway level of trust with a server in electronic communication with the gateway, the server determining the gateway level of trust based on a comparison of information collected from the gateway to data previously associated with the gateway;
  
  granting the first user device limited access to facilitate communications with the server via the gateway prior to determining the gateway level of trust, the limited access allowing the first user device to interact with the webpage;
  
  establishing the gateway level of trust to be one of a first, second, and third level of trust depending on whether the server supports Simple Network Management Protocol (SNMP) communications with the gateway, whether the server supports a privacy certificate exchange with the gateway, and whether a Media Access control (MAC) address of the gateway has the same domain name as a domain previously associated with the MAC address;
  
  authenticating the first user device to a first tier of the media service if the first user device is determined to have the first level of trust, authenticating the first user device to a second tier of the media service if the first user device is determined to have the second level of trust, and authenticating the first user device to a third tier of the media service if the first user device is determined to have the third level of trust; and
  
  authenticating a second user device to access the same certain portion of the media services through the gateway as function of the gateway level of trust regardless of an identity of the second user device and regardless of an identity of a user of the second user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising determining the gateway level of trust without collecting information used to establish the gateway level of trust from the first user device.
  - 3. The method of claim 1 further comprising authenticating the first user device without requiring a user of the first user device to contemporaneously complete a sign-on operation.
  - 4. The method of claim 1 further comprising authenticating the first user device without requiring a user of the first user device to complete a sign-on operation.
  - 5. The method of claim 1 further comprising authenticating the first user device without relying on the first user device to transmit certificates.
  - 6. The method of claim 1 wherein the media service available within the first tier is limited to viewing of non-premium television channels, wherein the media service available within the second tier is limited to viewing of non-premium and premium television channels, and wherein the media service available within the third tier is unlimited and includes viewing of non-premium and premium television channels as well as viewing of previously recorded, personal media.
  - 7. The method of claim 1 wherein the server collects the information used for the comparison proximate in time to the service provider receiving the media request, the information allowing to facilitate approximating a current physical location of the gateway, the current physical location being compared to a previously physical location of the gateway to facilitate establishing the gateway level of trust, including establishing the gateway level trust to be greater when the current physical location matches the previous physical location than when the current physical location fails to match the previous physical location.
  - 8. The method of claim 7 wherein the gateway supports access to the media service by interfacing wireline signals used to communicate with the service provider with wireless signals used to communicate with the first user device.
  - 9. The method of claim 1 further comprising:
    - establishing a user level of trust for a user of the first device, the user level of trust being determined based on user identification information collected from the user as part of a sign-on operation, the user level of trust being unique to the user and independent of the gateway level of trust; and
      
      allowing the first user device to access additional media services beyond the certain portion of media services depending on the user level of trust.

10. A method of authenticating user devices to access a media service available from a service provider when at least a portion of signaling used to support access to the media service is exchanged through a gateway configured to interconnect one or more user devices with the service provider, the method comprising:
- for each user device requesting access to a media service, determining a level of trust for each gateway used to support signaling therewith;
  
  authenticating the user devices requesting access to the media service to access certain portions of the media service depending on the level of trust determined for the gateway used to support signaling therewith such that user devices connected to gateways having greater levels of trust are permitted access to larger portions of the media service than gateways having lesser levels of trust;
  
  authenticating each user device connected to the same gateway to the same certain portions of the media service regardless of a user associated therewith;
  
  determining the level of trust for each gateway to be one of a first, second, and third level of trust depending on whether the gateway supports Simple Network Management Protocol (SNMP) communications with the gateway, whether the gateway supports a privacy certificate exchange or whether a Media Access Control (MAC) address of the gateway has the same domain name as a domain name previously associated with the MAC address;
  
  authenticating a first user device of the user devices to a first tier of the media service if the first user device is determined to be requesting access to the media service through one of the gateways having the first level of trust, authenticating the first user device to a second tier of the media service if the first user device is determined to be requesting access to the media service through one of the gateways having the second level of trust, and authenticating the first user device to a third tier of the media service if the first user device is determined to be requesting access to the media service through one of the gateways having the third level of trust.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 wherein authenticating at least one of the user devices includes:
    - prior to the at least one of the user devices performing a sign-on operation, providing the at least one of the user devices with decryption keys suitable for decrypting one or more television channels of the service provider, wherein the number of television channels suitable for decryption with the decryption keys is proportional to the level of trust of the gateway; and
      
      following the at least one of the user devices performing the sign-on operation, providing each signed-on user device access to more television channels than the number of television channels available based on the level of trust of the corresponding gateway.
  - 12. The method of claim 10 further comprising determining the user devices requesting access to the media service as a function of signaling carried through the gateway, the signaling being representative of user interaction with a graphical user interface, an electronic programming guide (EPG) or Web page used to facilitate requesting the media service, the media service, and thereby the certain portions of the media service, being one of one or more media services offered through the graphical user interface, the EPG or the Web page, the user devices being granted access to the graphical user interface, the EPG or the Web page through one of the gateways prior to being authenticated to access the certain portions of the media service.

13. A system for supporting zero sign-on authentication to a media service comprising:
- a provider network used to carry signaling associated with sourcing of the media service;
  
  a plurality of gateways configured to interface the signaling of the provider network with one or more of the user devices; and
  
  a server computer configured to;
  
  electronically query the plurality of gateways for information;
  
  determine a level of trust for each of the gateways from the information;
  
  determine a media access request for each user device attempting to access the media service, the media access request being transmitted through the gateway connected to each user device attempting to access the media service;
  
  authenticate each user device associated with at least one media access request to access certain portions of the media service according to the level of trust of the gateway connected thereto such that at least a first gateway is provided access to more of the certain portion than at least a second gateway due to the level of trust of the second gateway being less than the level of trust of the first gateway, the level of trust for each gateway being determined at least based in part on information included with the corresponding media access request;
  
  wherein the server determines the level of trust for each gateway as a trust score, the trust score increasing with each positive metric, the metrics including (i) whether the server supports Simple Network Management Protocol (SNMP) communications with the gateway, (ii) whether the server supports a privacy certificate exchange with the gateway or (iii) whether a Media Access Control (MAC) address of the gateway has the same domain name as a domain previously associated with the MAC address, wherein the first gateway is determined to have more positive metrics than the second gateway; and
  
  authenticating a first user device of the user devices to a first tier of the media service if the first user device is determined to be requesting access to the media service through the first gateway having the first level of trust, authenticating the first user device to a second tier of the media service if the first user device is determined to be requesting access to the media service through the second gateways having the second level of trust, and authenticating the first user device to a third tier of the media service if the first user device is determined to be requesting access to the media service through a third gateways having the third level of trust.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13 wherein the server automatically authenticates each user device interfacing signals with the same one of the gateways to the same certain portion of the media service regardless of an identity of each user device and a user thereof and wherein the server determines the level of trust for each gateway based at least in part on Dynamic Name System (DNS) data include as at least part of the information.
  - 15. The system of claim 13 wherein, in the event one of the gateways is determined to be untrustworthy, the server thereafter authenticates user devices connected thereto to access the certain portion of the media service if the user devices successfully complete a sign-on process or provide sufficient trust certificates, the sign-on process and the trust certificates each uniquely identifying a user of the corresponding user device, thereby providing a user level of trust that is independent of the level of trust determined for the corresponding gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Marcia, Oscar, Hoggan, Stuart, Krauss, Simon
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US12/650,664
Publication Number

US 20110158406A1
Time in Patent Office

1,671 Days
Field of Search

726/2, 726/4, 726/12, 713/182, 713/176, 380/200, 380/201
US Class Current

726/4
CPC Class Codes

G06F 21/10 Protecting distributed prog...

Zero sign-on authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Zero sign-on authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links