EP2062130A2 - Systeme und verfahren zur gewinnung eines netzwerkzugriffs - Google Patents

Systeme und verfahren zur gewinnung eines netzwerkzugriffs

Info

Publication number
EP2062130A2
EP2062130A2 EP07837823A EP07837823A EP2062130A2 EP 2062130 A2 EP2062130 A2 EP 2062130A2 EP 07837823 A EP07837823 A EP 07837823A EP 07837823 A EP07837823 A EP 07837823A EP 2062130 A2 EP2062130 A2 EP 2062130A2
Authority
EP
European Patent Office
Prior art keywords
credential
network
authentication
request
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07837823A
Other languages
English (en)
French (fr)
Other versions
EP2062130A4 (de
Inventor
Simon Wynn
John Gordon
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Devicescape Software Inc
Original Assignee
Devicescape Software Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Devicescape Software Inc filed Critical Devicescape Software Inc
Publication of EP2062130A2 publication Critical patent/EP2062130A2/de
Publication of EP2062130A4 publication Critical patent/EP2062130A4/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • Embodiments of the present invention are directed to networking and more particularly to providing a credential to a network device in order to access a communication network.
  • hotspots may be established in areas where users are not known in advance.
  • Examples of hotspots may comprise hotels, coffee shops, campuses, and other public or private locations where digital device users may be interested in connecting to a communication network such as the Internet.
  • these hotspots are wireless.
  • the hotspots require the users to be authorized .
  • the user is typically required to perform a login process before the user's digital device is allowed access to the hotspot.
  • a common login process comprises opening a web browser and connecting to a captive portal website where a user name and password may be entered.
  • Another process may require the. user to provide payment information. After confirmation of the payment, an access point will allow the user's digital device access to the hotspot.
  • Such digital devices may include, for example, Wi-Ft VoIP phones, cameras, and MP3 players. These digital devices, typically, do not include a web browser or mechanism to enter credentials or payment information. As a result, it is difficult for these digital devices to use hotspots.
  • One conventional solution to this problem is to pre-configure credentials into the digital device.
  • the digital device must comprise enough memory to store all the credential information.
  • Embodiments of the present invention provide systems and methods for providing a network credential in order to access a communication network.
  • the network device may comprise an access point for the communication network.
  • the digital device may need to obtain a network credential to provide to a network device.
  • a credential engine of the digital device may generate a credential request to obtain the network credential.
  • the credential request may be sent to a credential server.
  • a credential request response may then be received by the credential engine and analyzed to retrieve the network credential.
  • the credential request response may also comprise login procedural information.
  • the digital device attempting to access the communication network may receive an authentication request from the network device upon attempting to access the communication network.
  • An authentication record based on the authentication request is retrieved by an authentication record module of the digital device.
  • the retrieval may be based on the login procedural information received in the credential request response.
  • the credential is then provided within the authentication record and transmitted as an authentication response to the network device.
  • the digital device Upon authentication by the network device, the digital device is provided access to the communication network.
  • FlG. 1 is a diagram of an environment in which embodiments of the present invention may be practiced.
  • FIG. 2 is a block diagram of an exemplary digital device.
  • FIG. 3 is a flowchart of an exemplary method for providing network access to the digital device.
  • FIG. 4 is a flowchart of an exemplary method for obtaining network credentials.
  • FIG. 5 is a flowchart of an exemplary method for authenticating the digital device with the network device.
  • FIG. 6 is a display of an exemplary network access authentication page, according to one embodiment of the present invention.
  • FIG. 7 is a flow diagram of an exemplary process for providing network access to the digital device.
  • FiG. 8 is a block diagram of an exemplary credential request.
  • Embodiments of the present invention provide systems and methods for accessing a communication network via a hotspot.
  • a digital device is associated with a user.
  • a network device e.g., hotspot access point
  • the authentication may comprise a request for a network credential from the digital device which is verified by the network device prior to granting access.
  • the communication network comprises the Internet.
  • FIG. 1 illustrates a diagram of an environment 100 in which embodiments of the present invention may be practiced.
  • a user with a digital device 102 enters a hotspot.
  • the digital device 102 may automatically transmit a credential request as a standard protocol over a network device 104.
  • the credential request may be forwarded to a credential server 116 which, based on the information contained within the credential request, transmits a credential request response back to the digital device 102.
  • the credential request response contains network credentials which the digital device 102 may provide to the network device 104, the authentication server 108, or the access controller 112 to obtain access to the communication network 114.
  • a hotspot comprises the network device 104, the authentication server 108, the DNS server 110, and the access controller 112 which are coupled to the local area network 106 (e.g., a "walled garden").
  • the network device 104 may comprise an access point which allows the digital device 102 to communicate with the authentication server 108, the DNS server 110, and the access controller 112 over the local area network 106.
  • the digital device 102 may comprise a laptop, mobile phone, camera, personal digital assistant, or any other computing device.
  • the authentication server 108 is a server that requires network credentials from the digital device 102 before allowing the digital device 102 access to communicate over the communication network 114.
  • the network creder comprise a username, password, and login procedure information.
  • the DNS server 110 provides DNS services over the local area network 106 and may relay requests to other DNS servers (not shown) across the communication network 114.
  • the access controller 112 is an access device such as a router or bridge that can allow communication between devices operationally coupled to the network device 104 with devices coupled to the communication network 114.
  • the hotspot in FIG. 1 depicts separate servers coupled to the local area network 106, those skilled in the art will appreciate that there may be any number of devices (e.g., servers, digital devices, access controllers, and network devices) coupled to the local area network 106.
  • the local area network 106 is optional.
  • the authentication server 108, the DNS server 110, and the access controller 112 are coupled directly to the network device 104.
  • the authentication server 108, the DNS server 110, and the access controller 112 may be combined within one or more servers or one or more digital devices.
  • FIG. 1 depicts wireless access, the digital device 102 may be coupled to the network device 104 wirelessly or over wires (such as lObaseT).
  • the authentication server 108 may require the digital device 102 to provide one or more network credentials for access to the hotspot.
  • the network credential may comprise, for example, a username and password for an account associated with the hotspot.
  • network credentials other than a user name and password may be utilized.
  • the digital device 102 may dynamically acquire the network credentials from the credential server 116.
  • the digital device " J 02 may send a credential request comprising an identity of the digital device 102 (or the user of the digital device 102) and details about the network device 104 (e.g., name of the network device 104 or Wi-Fi service provider) to the credential server 116.
  • the network device 104 may provide an IP address to which DNS queries may be submitted, for example, via DHCP (Dynamic Host Configuration Protocol).
  • the credential request may be formatted as a standard protocol.
  • the credential request may be formatted as a DNS request.
  • the credential request may be a text record request (e.g., TXT), which comprises a standard record type such that the network infrastructure (e.g., the access controller 112) will not block the request.
  • TXT text record request
  • the network infrastructure e.g., the access controller 112
  • the credential request is received by the DNS server 110 which may forward the credential request to the credential server 116 for the network credential.
  • the credential server 116 may perform a lookup to determine the proper network credential(s) to send back to the DNS server 110 which forwards the network credential back to the requesting digital device 102.
  • the proper network credential(s) are sent from the credential server 116 to the digital device 102 over the same path as the transmission of the credential request.
  • Patent Application No. entitled "System and Method for Providing
  • Network Credentials filed September 6, 2007.
  • the credential request may be forwarded through any number of servers, including but not limited to DNS servers, prior to being received by the credential server 116.
  • the credential request is forwarded directly from the network device 104 to the credential server 116.
  • a credential request response from the credential server 116 may comprise the username, password and/or login procedure information.
  • the login procedural information may comprise, for example, HTML form element names, submission URL, or submission protocol.
  • the network credential response may be encrypted by the c ⁇ server 116 using an encryption key associated with the digital device 102 prior to transmission back to the digital device 102.
  • the digital device 102 may submit the network credential (retrieved from the network credential response) to the network device 104 in an authentication response.
  • the authentication response may be forwarded to an authentication server 108 for verification.
  • the authentication server 108 may comprise an AAA server or RADIUS server.
  • FIG. 1 is exemplary. Alternative embodiments may comprise more, less, or functionally equivalent components and still be within the scope of present embodiments.
  • the functions of the various servers e.g., DNS server 110, credential server 116, and authentication server 108, may be combined into one or two servers. That if, for example, the authentication server 108 and the DNS server 110 may comprise the same server, or the functionality of the authentication server 108, the DNS server 110, and the access controller 112 may be combined into a single device.
  • the exemplary digital device 102 comprises a processor 202, input/output (I/O) interface(s) 204, a communication network interface 206, a memory system 208, and a storage system 210.
  • the I/O interfaces 204 may comprise interfaces for various I/O devices such as, for example, a keyboard, mouse, and display device.
  • the exemplary communication network interface 206 is configured to allow the digital device 102 to allow communications with the communication network 114 and/or the local area network 106.
  • the storage system 210 may comprise various databases or storage, such as, for example, a DDID storage 212 which stored a digital device identifier for the digital device 102.
  • the storage system 210 comprises a plurality of modules utilized by embodiments of the present invention to access the hotspot.
  • the storage system 210 comprises a network module 214, a credential engine 21 network access engine 218, and an encryption/decryption module 220.
  • Alternative embodiments of the digital device 102 and/or the memory system 208 may comprise more, less, or functionally equivalent components and modules.
  • the network module 214 may be configured to perform operations in order to access the local area network 106. In some embodiments, the network module 214 may receive and transmit communications associated with accessing the hotspot. The network module 214 may also perform a search for the communication network 114. For example, if the network module 214 determines that there is no access to the communication network 114, embodiments of the present invention herein may be practiced.
  • the exemplary credential engine 216 is configured to obtain the network credential.
  • the credential engine 216 may comprise a request module 222, a verification module 224, and a retrieval module 226.
  • the exemplary request module 222 is configured to generate a credential request for the network credential.
  • the credential engine 216 may also receive a credential request response (via the network module 214) and verify, via the verification module 224, that the credential request response is from the credential server 116.
  • the exemplary retrieval module 226 is configured to analyze the credential request response to obtain the network credentials. The process for obtaining the network credential will be discussed in more details in connection with FIG. 4 below.
  • the exemplary network access engine 218 is configured to receive an authentication request and provide an authentication response to the network device 104 comprising the network credential.
  • the network access engine 218 may comprise an authentication record module 228, a field module 230, and a submit module 232.
  • the exemplary authentication record module 228 is configured to identify an authentication record associated with the.digital device 102.
  • the field module 230 identifies fields or elements in the authentication record and provides the proper element inputs (e.g., network credential) in the fields.
  • the subrr module 232 is configured to automatically submit the authentication record to the network device 104 as the authentication response. The process for providing the authentication response is discussed in more details in connection with FIG. 5 below.
  • the encryption/decryption module 220 is configured to encrypt or decrypt communications sent/received by the digital device 102.
  • the credential request response may be encrypted by the credential server 116.
  • the encryption/decryption module 220 will decrypt the credential request response.
  • the encryption/decryption module 208 may establish a secure communication via SSL and/or https between the digital device 102 and the authentication server 108. It should be noted that, in accordance with some embodiments, the encryption/decryption module 220 may be optional or not required.
  • step 302 the digital device 102 enters a hotspot.
  • a user may turn on their digital device 102 in a coffee shop or hotel where communication network access (e.g., hotspot) is available.
  • communication network access e.g., hotspot
  • the digital device 102 may sense the hotspot.
  • the network module 214 may automatically attempt to access the communication network 114.
  • the network module 214 of the digital device 102 may query the network device 104 of the hotspot in step 304.
  • the network device 104 comprises the access point for the hotspot.
  • the network module 214 may receive one or more IP addresses associated with a central server (e.g., the DNS server 110) which may be associated with a service provider. Other information may also be received such as DNS records and gateway records.
  • the IP addresses may be provided via DHCP.
  • the network module 214 may attempt to access a known server to determine whether there is live connection to the communication network 114.
  • the digital device 102 requests and obtains the network credential from the DNS server 110. The process of step 306 will be discussed in more details in connection with FIG. 4 below.
  • the digital device 102 may provide an authentication response to the network device 104 in order to access the communication network 114 via the network device 104 in step 308.
  • the process of step 308 will be discussed in more details in connection with FIG. 5 below.
  • the network device 104 will then attempt to authenticate the digital device 102 by comparing the network credential received in the authentication response.
  • the network device 104 may authenticate the network credential utilizing the authentication server 108.
  • the network credential may be compared against a database of network credentials stored or associated with the authentication server 108.
  • the digital device 102 will be granted access to the communication network in step 310.
  • the authentication server 108 may instruct the access controller 112 to allow the digital device 102 access to the communication network 114.
  • step 402 the network credential request is generated.
  • the request module 222 may construct a string using a DNS structure that may already be on a platform of the digital device 102.
  • the exemplary DNS string generated by the request module 222 is discussed in more details in connection with FIG. 8 below.
  • the generated credential request is sent by the digital device 102.
  • the digital device 102 utilizes one of the IP addresses (of the DNS server 110) received from the network device 104.
  • the DNS string is then transmitted to the selected DNS IP address received by the network module 214.
  • the digital device 102 receives the credential request response.
  • the credential request response is received from the credential server 116 via the DNS server 110.
  • the credential request response may be encrypted.
  • the encryption/decryption module 220 will decrypt the credential request response.
  • the credential request response is then verified in step 408.
  • the credential request response is encrypted.
  • the digital device 102 e.g., the verification module 2214 may decrypt the credential request response.
  • the credential request response is digitally signed.
  • the digital device 102 e.g., the verification module 224) may verify the authenticity of the credential request response by decrypting the digital signature or decrypting the credential request response.
  • other mechanisms may be used by the verification module 224 to authenticate the credential request response.
  • the network credentials may then be retrieved in step 410.
  • the retrieval module 226 will analyze the credential request response to obtain the network credentials embedded therein.
  • the retrieval module 226 identifies data within the retrieval module 226 (e.g., via delimited fields) and may retrieve a encryption key, a user name, a password, a form identifier, or the like.
  • step 502 an authentication request is received from the network device 104 by the network module 214.
  • the authentication record module 228 then identifies and retrieves an authentication record in step 504.
  • the authentication request from the network device 104 may comprise HTML form element names associated with an authentication record in which the network credential may be provided.
  • the authentication record module 228 may parse out the form(s)/authentication record(s) needed for logging in with the network device 104, for example, via the name or identifier (e.g., login form).
  • the field module 230 determines field(s) or elements(s) within the authentication record that require an authentication input (e.g., network credential). According to exemplary embodiments, the field module 230 will analyze the authentication records identified and retrieved in step 504 to find input fields. As such, a list of these input fields may be generated (e.g., a linked list of forms and input fields).
  • step 508 network credentials are associated with the determined field(s) or element(s).
  • the field module 230 will associate a proper network credential with each input element. The association may be based on an input name or identifier found in the script of the HTML of the authentication request.
  • the authentication record may comprise an input element requesting a username or an e-mail address.
  • An authentication response comprising the authentication record is transmitted in step 510.
  • a post is generated.
  • the authentication record may comprise a plurality of hidden values used to identify the digital device 102 and session information in addition to network access credentials. Such information and values may include, for example, network device MAC address, session identifier, and other values which may be stored in hidden form elements.
  • the authentication request may not be the first webpage presented by the network device 104.
  • the first webpage may be a welcome webpage from the coffee shop. This welcome webpage may provide a plurality of login options.
  • a unique fragment of a URL associated with the authentication request may be embedded on the first webpage.
  • the digital device 102 e.g., the network module 2114 may skim t the webpage to find the fragment. Once the fragment is found, the digital device 102 will perform a get on this subsequent webpage (e.g., authentication request).
  • the authentication page 600 may comprise a username field 602 and a password field 604.
  • the username field 602 may be replaced with an e-mail field or any other field for providing a unique identifier associated with the digital device 102 or associated user.
  • the field module 230 may automatically fill in the username field 602 and password field 604 with the network credentials.
  • the authentication page 600 may also comprise an authenticate selector 606 (e.g., a submit selector or button).
  • the authenticate selector 606 will submit the network credentials (e.g., user name and password) to the network device 104.
  • the submit module 232 may automatically activate the authenticate selector 606 once the network credentials have been associated with their respective fields 602 and 604.
  • FIG. 7 illustrates a flow diagram of an exemplary process for providing network access to the digital device 102.
  • the digital device 102 e.g., network module 214
  • the network device 104 may provide network configuration information in step 702.
  • the network configuration information may comprise one or more IP address for access to the DNS server 110.
  • a credential request is generated by the digital device 102.
  • the request module 222 may generate the credential request.
  • the credential request is sent to the DNS server 110 in step 706 using one of the IP addresses previously received from the network device 104.
  • the credential server 116 is identified by the DNS server 110 in step 708.
  • the credential server 116 then identifies the network credential needed based on the credential request in step 712.
  • the credential request may comprise a unique identifier for the digital device 102. This unique identifier along with the location identifier may be compared against a table of such identifiers at the credential server 116 to determine the proper network credential.
  • a credential request response is then generated in step 714 and sent back to the DNS server 110 in step 716.
  • the DNS server 110 forwards the credential request response back to the digital device in step 718.
  • the digital device 102 may then retrieve the network credentials from the credential request response in step 720.
  • the retrieval module 226 will analyze the credential request response to retrieve the network credential embedded therein.
  • the network credential may then be provided to the network device 104 in step 722.
  • An exemplary method for providing the network credentials to the network device 104 is discussed in connection "with FIG. 5 above.
  • the network device 104 Upon verifying the network credentials, the network device 104 provides network access to the digital device 102 in step 724.
  • the request module 222 may generate the credential request 800.
  • the credential request 800 may be a DNS string having a structure that comprise a location identifier 802, a sequence identifier 804, a signature 806, a digital device identifier (DDID) 808, a service set identifier (SSID) 810, and a version identifier 812.
  • DDID digital device identifier
  • SSID service set identifier
  • the optional location identifier 802 may indicate a physical or geographic location of the digital device 102, the network device 104, the authentication server 108, or the access controller 112. In various embodiments, the location identifier 402 may be used by the credential server 116 to track the usage of hotspots, users of the digital device 102, as well as the digital device 102.
  • the sequence identifier 804 may comprise any number or set of numbers used to correspond to a subsequent request to the credential server 116 to determine if the login is successful. That is, the sequence identifier 804 provides a correlation mechanism by which verification of the login process may be made by the credential server 116.
  • the signature 806 comprises a cryptographic signature that is utilized to prevent spoofing.
  • the signature 406 of the request from digital device 102 is verified by the credential server 116. If the signature 406 is not valid, then the request is rejected by the credential server 116.
  • the DDID 808 comprises a unique identifier of the digital device 102.
  • the DDID 808 may comprise a MAC address or any other universally unique identifier of the digital device 102.
  • the DDID is retrieved from the DDID storage 212.
  • the SSID 810 comprises an identifier of the network access point or Wi- Fi service provider.
  • the SSID 810 may comprise the name of the service provider, or the name of the venue operating the network device 104.
  • the version identifier 812 may identify the protocol or format of the credential request 800.
  • a digital device may generate the credential request 800 and organize the data in a number of different formats. Each different format may be associated with a different version identifier.
  • the components of the credential engine 216 and the network access engine 218 may be updated, reconfigured, or altered over time, which may affect the structure of the credential request 800.
  • the credential server 116 may receive a plurality of credential requests 800 which are formatted differently. The credential server 116 may access the required information from each credential request based on the respective version identifier.
  • the above-described functions and components can be comprised of instructions that are stored on a storage medium.
  • the instructions can be retrieved and executed by a processor.
  • Some examples of instructions are software, program code, and firmware.
  • Some examples of storage medium are memory devices, tape, disks, integrated circuits, and servers.
  • the instructions are operational when executed by the processor to direct the processor to operate in accord with embodiments of the present invention. Those skilled in the art are familiar with instructions, processor(s), and storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
EP07837823A 2006-09-06 2007-09-06 Systeme und verfahren zur gewinnung eines netzwerkzugriffs Withdrawn EP2062130A4 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US82475606P 2006-09-06 2006-09-06
PCT/US2007/019463 WO2008030526A2 (en) 2006-09-06 2007-09-06 Systems and methods for obtaining network access

Publications (2)

Publication Number Publication Date
EP2062130A2 true EP2062130A2 (de) 2009-05-27
EP2062130A4 EP2062130A4 (de) 2011-03-16

Family

ID=39157841

Family Applications (3)

Application Number Title Priority Date Filing Date
EP07837822A Withdrawn EP2062129A4 (de) 2006-09-06 2007-09-06 Systeme und verfahren zur bereitstellung von netzwerkberechtigungen
EP07837823A Withdrawn EP2062130A4 (de) 2006-09-06 2007-09-06 Systeme und verfahren zur gewinnung eines netzwerkzugriffs
EP07837824A Withdrawn EP2060050A4 (de) 2006-09-06 2007-09-06 Systeme und verfahren zur erfassung von netzwerkberechtigungen

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP07837822A Withdrawn EP2062129A4 (de) 2006-09-06 2007-09-06 Systeme und verfahren zur bereitstellung von netzwerkberechtigungen

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP07837824A Withdrawn EP2060050A4 (de) 2006-09-06 2007-09-06 Systeme und verfahren zur erfassung von netzwerkberechtigungen

Country Status (3)

Country Link
EP (3) EP2062129A4 (de)
JP (3) JP5368307B2 (de)
WO (3) WO2008030526A2 (de)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5270947B2 (ja) 2008-04-01 2013-08-21 キヤノン株式会社 通信システムの制御方法、無線通信装置、基地局、管理装置、プログラムおよび記録媒体
US8825876B2 (en) 2008-07-17 2014-09-02 Qualcomm Incorporated Apparatus and method for mobile virtual network operator (MVNO) hosting and pricing
US8769612B2 (en) 2008-08-14 2014-07-01 Microsoft Corporation Portable device association
US8099761B2 (en) * 2008-08-14 2012-01-17 Microsoft Corporation Protocol for device to station association
US8943551B2 (en) 2008-08-14 2015-01-27 Microsoft Corporation Cloud-based device information storage
US20100263022A1 (en) * 2008-10-13 2010-10-14 Devicescape Software, Inc. Systems and Methods for Enhanced Smartclient Support
WO2010045249A1 (en) * 2008-10-13 2010-04-22 Devicescape Software, Inc. Systems and methods for identifying a network
GB2464553B (en) 2008-10-22 2012-11-21 Skype Controlling a connection between a user terminal and an access node connected to a communication network
GB2464552B (en) 2008-10-22 2012-11-21 Skype Authentication system and method for authenticating a user terminal with an access node providing restricted access to a communication network
US9883271B2 (en) 2008-12-12 2018-01-30 Qualcomm Incorporated Simultaneous multi-source audio output at a wireless headset
US10448317B2 (en) 2014-08-21 2019-10-15 Huawei Technologies Co., Ltd. Wireless network access control method, device, and system
EP3289788B1 (de) * 2015-04-28 2023-09-13 Telecom Italia S.p.A. Verfahren und system zur authentifizierung von benutzern in öffentlichen drahtlosnetzwerken

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010034837A1 (en) * 1997-12-23 2001-10-25 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
US20040003081A1 (en) * 2002-06-26 2004-01-01 Microsoft Corporation System and method for providing program credentials
US20060048214A1 (en) * 2004-08-24 2006-03-02 Whitehat Security, Inc. Automated login session extender for use in security analysis systems

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6233577B1 (en) * 1998-02-17 2001-05-15 Phone.Com, Inc. Centralized certificate management system for two-way interactive communication devices in data networks
RU2001116571A (ru) * 1998-11-19 2003-06-10 Аркот Системз Способ и устройство для защищенного распределения верительных данных аутентификации для пользователей роуминга
JP2003196241A (ja) * 2001-12-25 2003-07-11 Dainippon Printing Co Ltd ユーザー認証情報設定装置およびクライアントコンピュータ
US7295556B2 (en) * 2002-03-01 2007-11-13 Enterasys Networks, Inc. Location discovery in a data network
US20030188201A1 (en) * 2002-03-28 2003-10-02 International Business Machines Corporation Method and system for securing access to passwords in a computing network environment
JP3791464B2 (ja) * 2002-06-07 2006-06-28 ソニー株式会社 アクセス権限管理システム、中継サーバ、および方法、並びにコンピュータ・プログラム
JP2004310581A (ja) * 2003-04-09 2004-11-04 Nec Corp ネットワーク接続方法およびネットワークシステム
JP2004320593A (ja) * 2003-04-18 2004-11-11 Sony Computer Entertainment Inc 通信管理システムおよび方法
WO2004097590A2 (en) * 2003-04-29 2004-11-11 Azaire Networks Inc. Method and system for providing sim-based roaming over existing wlan public access infrastructure
JP2005286783A (ja) * 2004-03-30 2005-10-13 Hitachi Software Eng Co Ltd 無線lan接続方法および無線lanクライアントソフトウェア
US7603700B2 (en) * 2004-08-31 2009-10-13 Aol Llc Authenticating a client using linked authentication credentials
US20060130140A1 (en) * 2004-12-14 2006-06-15 International Business Machines Corporation System and method for protecting a server against denial of service attacks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010034837A1 (en) * 1997-12-23 2001-10-25 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
US20040003081A1 (en) * 2002-06-26 2004-01-01 Microsoft Corporation System and method for providing program credentials
US20060048214A1 (en) * 2004-08-24 2006-03-02 Whitehat Security, Inc. Automated login session extender for use in security analysis systems

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MENEZES ET AL: "Handbook of Applied Cryptography", HANDBOOK OF APPLIED CRYPTOGRAPHY, XX, XX, 1 January 1965 (1965-01-01), pages 4,24-25,359, XP002315753, *
See also references of WO2008030526A2 *

Also Published As

Publication number Publication date
JP2010503318A (ja) 2010-01-28
JP5276593B2 (ja) 2013-08-28
EP2060050A2 (de) 2009-05-20
WO2008030527A2 (en) 2008-03-13
WO2008030526A2 (en) 2008-03-13
WO2008030525A3 (en) 2008-07-31
EP2062129A4 (de) 2011-03-16
JP5368307B2 (ja) 2013-12-18
WO2008030525A2 (en) 2008-03-13
JP2010503319A (ja) 2010-01-28
WO2008030526A3 (en) 2008-07-17
EP2062130A4 (de) 2011-03-16
JP2010503317A (ja) 2010-01-28
WO2008030527A3 (en) 2008-09-25
JP5276592B2 (ja) 2013-08-28
EP2060050A4 (de) 2011-03-16
EP2062129A2 (de) 2009-05-27

Similar Documents

Publication Publication Date Title
US8549588B2 (en) Systems and methods for obtaining network access
EP2340477B1 (de) Systeme und verfahren zur netzwerkidentifikation
US8191124B2 (en) Systems and methods for acquiring network credentials
US8194589B2 (en) Systems and methods for wireless network selection based on attributes stored in a network database
JP5276592B2 (ja) ネットワーク・アクセスを獲得するためのシステムおよび方法
US8743778B2 (en) Systems and methods for obtaining network credentials
US8196188B2 (en) Systems and methods for providing network credentials
US9326138B2 (en) Systems and methods for determining location over a network
US8554830B2 (en) Systems and methods for wireless network selection
US20100263022A1 (en) Systems and Methods for Enhanced Smartclient Support
EP2206278B1 (de) Systeme und verfahren zur auswahl drahtloser netze auf der basis von in einer netzdatenbank gespeicherten attributen
EP2676399A1 (de) Systeme und verfahren zur netzwerkpflege
EP2443562B1 (de) Systeme und verfahren zur positionsbestimmung über ein netzwerk
EP2446347A1 (de) Systeme und verfahren zur gewinnung von netzwerkberechtigungen

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090318

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20110210

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 7/04 20060101ALI20110204BHEP

Ipc: H04L 9/32 20060101AFI20110204BHEP

17Q First examination report despatched

Effective date: 20120813

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20170401