Performing a security action with regard to an access token based on clustering of access requests
US-2024406160-A1 · Dec 5, 2024 · US
Service access authentication method and system
US9432349B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9432349-B2 |
| Application number | US-201214125859-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 13, 2012 |
| Priority date | Jun 16, 2011 |
| Publication date | Aug 30, 2016 |
| Grant date | Aug 30, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of operation at an operator access authentication system that authenticates subscriber devices for access to a service provided by a telecommunication network associated with the operator access system, wherein the method comprises: receiving a request from a subscriber device for access to the service; detecting that the subscriber device is associated with a private access authentication system that manages subscriber credentials for authenticating the subscriber device with respect to the service; responsive to said detecting, initiating communications towards the private access authentication system and, in response, receiving verification data and a subscriber authentication data item from the private access authentication system, said subscriber authentication data item associated with the subscriber credentials; and verifying from the verification data that the private access authentication system is operated in a trusted state, and authenticating the subscriber device for access to the service, based on the authentication data item. 2. The method according to claim 1 , wherein initiating communications towards the private access authentication system comprises forwarding a request for authentication data to the private authentication system. 3. An operator access authentication system operative to authenticate subscriber devices for access to a service provided by a telecommunication network associated with the operator access authentication system, wherein the operator access authentication system is configured to: receive a request from a subscriber device for access to the service; detect that the subscriber device is associated with a private access authentication system that manages subscriber credentials for authenticating the subscriber device with respect to the service; initiate communications towards the private access authentication system and, in response, receive verification data and a subscriber authentication data item from the private access authentication system, said subscriber authentication data item associated with the subscriber credentials; and responsive to verifying from the verification data that the private access authentication system is operated in a trusted state, authenticate the subscriber device for access to the service according to the subscriber credentials. 4. The operator access authentication system according to claim 3 , further configured to identify, based on the received request, the private access authentication system from a set of private access authentication systems; and request from the identified private access authentication system at least one verification data item as said verification data along with the subscriber authentication data item. 5. A method of operation by a private access authentication system connected to an operator access authentication system, wherein the method comprises: maintaining subscriber credentials for authenticating a subscriber device with respect to accessing a service provided by a telecommunication network; receiving a request from the operator access authentication system, for authentication of the subscriber device with respect to accessing the service; responsive to the request, communicating verification data and a subscriber authentication data item to the operator access authentication system, said subscriber authentication data item associated with the subscriber credentials and enabling the operator access authentication system to authenticate the subscriber device for access to the service, and said verification data indicating a state in which the private access authentication system is operated and thereby enabling determination by the operator access authentication system as to whether said state is trustable by the operator access authentication system. 6. A private access authentication system configured to: maintain subscriber credentials for authenticating a subscriber device with respect to accessing a service provided by a telecommunication network; receive a request from an operator access authentication system associated with the telecommunication network, for authentication of the subscriber device with respect to accessing the service; responsive to the request, communicate verification data and a subscriber authentication data item to the operator access authentication system, said subscriber authentication data item associated with the subscriber credentials and enabling the operator access authentication system to authenticate the subscriber device for access to the service, and said verification data indicating a state in which the private access authentication system is operated and thereby enabling determination by the operator access authentication system whether said state is trustable by the operator access authentication system. 7. An access authentication system for controlling and granting access by a subscriber device to a telecommunication network, the access authentication system comprising an operator access authentication system associated with the telecommunication network and a private access authentication system associated with a subscriber of the telecommunication network: said operator access authentication system configured to: receive an access request from a subscriber device attempting to access the telecommunication network; responsive to detecting that the subscriber device is associated with a subscription that is managed by the private access authentication system, request authentication data for the subscriber device from the private access authentication system; and receive the authentication data in an authentication response returned from the private access authentication system; determine from verification data included in the authentication response as to whether or not the private access authentication system is operating in a trusted state; and conditioned upon verifying that the private access authentication system is operating in the trusted state, perform authentication of the subscriber device using the authentication data returned for the subscriber device in the authentication response; and said private access authentication system configured to: maintain subscription credentials for the subscriber device; respond to the request for authentication data from the operator access authentication system by generating the verification data in a manner that proves that the private access authentication system is operating in the trusted state, and including the verification data together with authentication data associated with the subscription credentials in the authentication response returned to the operator access authentication system. 8. The access authentication system of claim 7 , wherein the private access authentication system includes a Trusted Platform Module (TPM), and wherein the TPM is configured to verify that the private access authentication system is operating in the trusted state by verifying software running on the TPM. 9. The access authentication system of claim 7 , wherein the operator access authentication system is configured to further condition the use of the authentication data for authenticating the subscriber device based on verifying that a certificate of the private access authentication system is valid. 10. The access authentication system of claim 7 , wherein the operator access authentication system and the private access authentication system are configured to communicate over a secure connection. 11. The access authentication system of claim 7 , wherein the operator access authentication system is configured to include a nonce in the request
Assignees
Inventors
Classifications
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
- H04L63/0815Primary
providing single-sign-on or federations · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9432349B2 cover?
- An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted…
- Who is the assignee on this patent?
- Smeets Bernard, Näslund Mats, ERICSSON TELEFON AB L M (publ)
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 30 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).