U.S. patent application Ser. No. 10/851,633, titled “METHOD FOR PROVIDING WIRELESS SERVICES” and filed on May 21, 2004, is hereby incorporated by reference in its entirety as though fully and completely set forth herein.
U.S. Pat. No. 5,835,061, titled “METHOD AND APPARATUS FOR GEOGRAPHIC-BASED COMMUNICATIONS SERVICE” is hereby incorporated by reference in its entirety as though fully and completely set forth herein.
The present disclosure is in the field of Internet access and, more specifically, Internet access at distributed locations.
Several Internet service providers (ISPs) provide services at public locations such as hotels, airports, restaurants, coffee shops, etc. (so-called “hot-spots”). Many of these locations provide services for a fee. The fee may be provided via a web-browser interface using credit card, debit card, prepaid card, etc., or the user may be part of a subscriber group where access may be granted for the subscriber via user submission of subscription credentials (e.g., a username and password).
Authentication mechanisms for accessing services work well for devices that support a web browser and have a keyboard to enter username and password or credit card credentials. The authentication mechanisms may not work well (e.g., may be inconvenient) for devices that are small and have limited user input capabilities. Moreover, implementation of authentication mechanisms may be difficult for devices or systems that do not support web browsers.
Many ISPs control access to a site via the MAC (media access control) address of the network interface card that connects to the internet. Hence, some ISPs have taken the approach of storing a database of MAC addresses of devices, then, when input including a MAC address of a device is received, the device is automatically authenticated based on a match of the MAC address with an MAC address entry in the database.
Whereas this MAC address identification may be convenient since it may not require user input for various network access, and also since it is device specific, unfortunately it is not secure and can be compromised. That is, the MAC address can be changed and/or “spoofed,” where the MAC address of an unauthorized device is masqueraded with a MAC address of an authorized device.
Another method for authentication that is slightly more secure is to use a certificate-based system (e.g., using X.509 certificates). While this is more secure, the X.509 certificates can be shared. Moreover, an individual certificate would have to be created, managed and placed on each device, creating a management problem for millions of devices.
What is needed is a convenient method of authentication that is manageable and may not be easily compromised.
The preferred embodiments will become apparent upon reading the following detailed description and upon reference to the accompanying drawings in which:
While the embodiments presented herein are susceptible to various modifications and alternative forms, specific embodiments are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the drawings and detailed description thereto are not intended to limit claimed subject matter to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present disclosure as defined by the appended claims.
Turning to
Each of APs 120A-120D may be coupled to a network 130A. Network 130A may be coupled to a network management device (NMD) 105. NMD 105 may be coupled to a network 130B. In various embodiments, NMD 105 may provide authentication, quality of service (QoS), communication traffic shaping, and/or access control from one or more computing devices (e.g., PCDs 110A-110F, retail entity computing devices (RECDs) 111A-111C, and back office devices (BODs) 170A-170C) coupled to network 130A through one of APs 120A-120D to network 130B. In some embodiments, NMD 105 may include an access control mechanism and/or a firewall mechanism. For example, the access control mechanism and/or the firewall mechanism may be used in conducting data communications in accordance and/or in association with providing various network access, qualities of services, and/or traffic shaping.
In various embodiments, network 130A, network 130B, or both, may include a wired network, a wireless network or a combination of wired and wireless networks. Network 130A, network 130B, or both, may include and/or be coupled to various types of communications networks, such as a public switched telephone network (PSTN), an Internet, a wide area network (WAN) (e.g., a private WAN, corporate WAN, etc.), and a local area network (LAN). Thus, NMD 105 may be coupled to a PSTN (e.g., via Ethernet cable and DSL); a cable (television) based network; a satellite-based system; and/or a fiber based network; among others.
In some embodiments, network 130A, network 130B, or both, may include one or more wireless networks (e.g., a network based on IEEE 802.11 and/or IEEE 802.16). For instance, one or more wired and/or wireless APs 120A-120D may be coupled to network 130A in a wireless fashion. Network 130A, network 130B, or both, may include one or more DSL (digital subscriber line) and/or cable (e.g., cable television) networks and/or infrastructures. For example, network 130A, network 130B, or both, may include one or more of: cable modems, cable modem termination systems (CMTSs), satellite modems, DSL modems, digital subscriber line access multiplexers (DSLAMs), broadband remote access servers (BRASs), telecommunications circuits, and/or metropolitan area networks (MANs), among others. In various embodiments, network 130B may form part of the Internet, or may couple to other networks (e.g., other local or wide area networks, such as the Internet).
In various embodiments, access to these networks may include one or more “services” these networks may provide. For example, these one or more services may include: email, world wide web, file transfer, printing, file sharing, file system sharing, remote file system, network file system (NFS), news, multicast, netbios, encryption, domain name service (DNS), routing, tunneling, chat such as Internet Remote Chat and/or AOL Instant Messenger, gaming, licensing, license management, digital rights management, network time, remote desktop, remote windowing, database (e.g., Oracle, Microsoft SQL Server, PostgreSQL, etc.), authentication, accounting, authorization, virtual local area network (VLAN) (e.g., IEEE 802.1q), virtual private network or VPN, audio, phone, Voice Over Internet Protocol (VoIP), paging, and/or video, among others. In some embodiments, these one or more service may be associated with and/or correspond to one or more protocols of one or more computer and/or software applications.
NCS 100 may include one or more content providers 160A, 160B. In some embodiments, content provider 160A may be coupled to network 130A. In some embodiments, content provider 160B may be coupled to network 130B. Content provider 160A, content provider 160B, or both may provide content such as audio, video, text, pictures, and/or maps among others through one or more protocols. Some or all of the information from content provider 160A, content provider 160B, or both may be pre-distributed to a local cache device 162 (such as a computer system, a computer hard drive, and/or other memory media) which may facilitate faster local access to the content and/or which may minimize delays and/or costs of transmitting the content through a network, such as network 130B.
The content may be based on a retail entity and/or one or more promotions of the retail entity. For example, the content may be entertainment type content to entice customers into the retail entity locations. For example, for a fast food restaurant, such as a McDonalds, content may be provided that is geared to children, such as games based on current McDonalds' promotions and/or themes, etc. In some embodiments, network access to this type of enticement content may be given freely to purchasing customers to entice them to visit the retail location. This type of network content may be provided in lieu of traditional “plastic toys” or other items routinely given out to children in these restaurants.
In some embodiments, content provider 160A, content provider 160B, or both may provide content that may be used by a business itself (e.g., content to train employees of the retail entity and/or provide necessary business information). In some embodiments, NMD 105 may include content provider 160A or the content and/or functionality of content provider 160A. A portion or all of the content may be cached on the local cache device 162.
In some embodiments, one or more back office devices (BODs) 170A-170C may be coupled to network 130A. For example, one or more of a BODs 170A-170C may include a cash register, a point of sale (POS) terminal, a smart card reader, a camera, a bar code reader, a radio frequency identification (RFID) reader, a credit card reading mechanism, and/or a remote order placing device, among others. In some embodiments, the remote order placing device may allow a retail entity to remotely accept orders from customers using the remote order placing device. For example, a customer may use a “drive-thru” window and the remote order placing device at one location, and the retail entity may accept the order at another location. For instance, the retail entity may accept orders in a first city from customers using the remote order placing device in a different second city.
In various embodiments, one or more of BODs 170A-170C may be configured to contact a clearinghouse through one or more networks (e.g., one or more of networks 130A-130B) to debit one or more credit and/or debit card accounts. One or more of BODs 170A-170C may include other mechanisms to identify a customer and/or customer account information. The POS terminal may include a smart card reader. In some embodiments, a back office device (BOD) may be coupled to a network through a wired AP. For example, BOD 170A may be coupled to network 130A through wired AP 120D. In various embodiments, a BOD may be coupled to a network in a wireless fashion. For example, BOD 170C may be coupled to network 130A through wireless AP 120B.
In some embodiments, a retail entity computing device (RECD) may be coupled to network 130A. Retail entity computing devices (RECDs) 111A-111B may be coupled to network 130A in a wired fashion (e.g., through wired AP 120D) while RECD 111C may be coupled to network 130A in a wireless fashion (e.g., through wireless AP 120B). A retail entity may provide RECDs 111A-111C at various locations of the retail entity. RECDs 111A-111C may be used by customers of the retail entity to access content and/or network services offered at the various locations. In various embodiments, the retail entity may distribute access codes, and the access codes may be used to authenticate a user for service. For example, an access code may be used to authenticate a user for access to network 130B. One or more of RECDs 111A-111C may be “locked down” to prevent theft.
The retail entity may distribute access codes to access content through one or more of RECDs 111A-111C. For example, a customer of the retail entity may receive an access code and use the access code with RECD 111B to access content from one or more of content providers 160A-160B. In various examples, the content may include audio, video, maps, pictures, and/or text, among others. For instance, the content may include a movie trailer, a music video, a computer-implemented game, web pages, graphics, a digital news publication, and/or a digital magazine, among others. Some or all of the content may be cached on a local cache device 162. The content cache may be updated, replaced, or added to based on various factors including the date of the content (e.g., digital magazines and/or digital newspapers may be updated once/day or once/week), the local demographics or local area attractions, size of the data, available bandwidth for download, and/or other scheduled mechanism for updating the cached content.
In some embodiments, NCS 100 may include a server computing device (SCD) 145 coupled to network 130A. SCD 145 may store and/or provide various shared secrets to various computing devices coupled to network 130A. In various embodiments, SCD 145 may communicate with various computing devices coupled to network 130A using use one or more secure and/or encrypted methods and/or systems. For example, SCD 145 may communicate with various computing devices coupled to network 130A using transport layer security (TLS), HTTPS (secure hypertext transfer protocol), and/or a secure socket layer (SSL), among others.
In some embodiments, NCS 100 may include one or more server computing devices (SCDs) 140A-140C and/or one or more PCDs 110G-110H coupled to network 130B. In one example, SCD 140A may include various authentication and/or authorization services used in providing access from network 130A to network 130B. In a second example, one or more of SCDs 140B-140C may provide content and/or other network services described herein. For instance, SCD 140B may provide SCD 145 with one or more shared secret updates. SCD 140B and SCD 145 may communicate in a secure fashion (e.g., using TLS, HTTPS, SSL, etc.). In another example, one or more PCDs 110G-110H may exchange data associated with one or more network services described herein. In various embodiments, one or more computing devices coupled to network 130A may be permitted to access and/or communication with computing devices coupled to network 130B after being permitted to do so.
NCS 100 may include a management information base (MIB) 150. MIB 150 may be coupled to network 130A. In various embodiments, MIB 150 may be a mechanism, such as a memory, which may allow the persistent storage and management of information that may be used by network 130A to operate. In some embodiments, MIB 150 may store a data structure, such as a table comprising a list of identification information and a corresponding list of two or more possible networks and/or services. The data structure may also store access information, which may include associated methods for providing data to/from the respective two or more possible networks and/or services. The access information may include access level and/or privilege level information. The data structure may include a table of two or more tuples, with each tuple including the identification information. In various embodiments, the data structures that store this information may be included in each of the APs 120A-120D, or may be provided in various other locations.
MIB 150 may store other information, such as a directory of one or more of the elements (e.g., access points, computing devices, etc) in NCS 100, network topology information, characteristics of individual network elements, characteristics of connection links, performance and trend statistics, and/or any information that may be of interest in operating network 130A. For example, MIB 150 may store longitude, latitude, altitude and/or other geographic information that may be used to locate one or more access points and/or one or more geographic regions.
In some embodiments, NMD 105 may be a computer system operable to include one or more of MIB 150, network 130A, SCD 145, various networking equipment, and/or one or more APs 120A-120D, among others.
In various embodiments, a user operating a computing device (e.g., one of PCDs 110A-110F) may communicate with one of the APs 120A-120D to gain access to a network and its services, such as the Internet. One or more of PCDs 110B, 110C may have a wireless communication device (e.g., a wireless Ethernet card) for communicating with one or more of the wireless APs 120A, 120B. One or more of PCDs 110A and 110D-110F may have a wired communication device (e.g., an Ethernet card) for communicating with one or more of the wired APs 120C-120D. In various embodiments, one or more of PCDs 110A-110F may be any of various types of devices, including a computer system, such as a portable computer, a personal digital assistant (PDA), a mobile telephone (e.g., a cellular telephone, a satellite telephone, etc.), a wearable computing device, an Internet appliance, a communications device, or other wired or wireless device. One or more of PCDs 110A-110F, RECDs 111A-111C, BODs 170A-170C, and/or content provider 160A may include various wireless or wired communication devices, such as a wireless Ethernet card, paging logic, RF (radio frequency) communication logic, a wired Ethernet card, a modem, a DSL device, an ISDN device, an ATM (asynchronous transfer mode) device, a parallel and/or serial port bus interface, and/or other type of communication device.
In some embodiments, one or more of PCDs 110A-110F, RECDs 111A-111C, BODs 170A-170C, and/or content provider 160A may include a memory medium which stores identification (ID) information and/or shared secret information. The identification information may be a System ID (e.g., an IEEE 802.11 System ID), a processor or CPU ID, a Media Access Control (MAC) ID of a wireless or wired Ethernet device (e.g., a MAC address), network identification information, and/or other type of information that identifies the computing device. The identification information may be included in a digital certificate (e.g., an X.509 certificate), which may be stored in a web browser, in a client software, and/or in a memory medium of the computing device. In various embodiments, the shared secret information may be stored in a memory medium of the computing device and may be accessible by client software of the computing device. For example, the shared secret information may include various strings of data that may be combined with other data which may be used in determining a result of a one-way hash function.
In communicating with wireless APs 120A, 120B, the wireless communication may be accomplished in a number of ways. In some embodiments, one or more of PCDs 110B, 110C, BOD 170C, RECD 111C, and wireless APs 120A, 120B may be equipped with appropriate transmitters and receivers compatible in power and frequency range (e.g., 900 MHz, 2.4 GHz, 3.6 GHz, 5 GHz, among others) to establish a wireless communication link. Wireless communication may also be accomplished through cellular, satellite, digital, and/or infrared communication technologies, among others. To provide user identification and/or ensure security, a computing device and/or wireless AP may use any of various security systems and/or methods.
In communicating with wired APs 120C, 120D, the wired connection may be accomplished through a variety of different ports, connectors, and/or transmission mediums. For example, one or more PCDs 110A and 110D-110F, RECDs 111A, 111B, and BOD 170A may be coupled through an Ethernet, universal serial bus (USB), FireWire (e.g., IEEE 1394), serial transmission cables, and/or parallel transmission cables, among others. One or more of PCDs 110A and 110D-110F may include various communication devices for connecting to one of the wired APs 120C, 120D, such as wired Ethernet cards, modems, DSL adapters, ATM adapters, IDSN devices, or other communication devices. In one example, a hotel may have Ethernet connections in the restaurants, shops, meeting rooms, and/or guest rooms. In a second example, a fast-food restaurant and/or a coffee shop may have both wireless and wired connections for mobile users. A user may connect to a wired AP 120C through the use of a laptop computer (e.g., one of PCDs 110D-110F), an Ethernet network card, and a network cable. This connection may have the same impact as a connection made to the wireless AP 120B. In other words, a user using a wired portable computing device may be able to use various network infrastructures in the same manner as a user using a wireless portable computing device.
In some embodiments, access codes to content may be provided to customers with a purchase of goods and/or services. For example, a customer may receive an access code to download a computer-implemented game. The computer-implemented game may be downloaded to one or more of PCDs 110A-110F, for instance. The access code to download a computer-implemented game may be distributed instead of a toy or trinket that may have accompanied a purchase of a meal. The computer-implemented game may include one or more digital rights management schemes. For instance, a digital rights management scheme may provide protection against further distribution of the computer-implemented game (e.g., not allowing distribution of the computer-implemented game to another computing device after it is downloaded). A digital rights management scheme may allow the computer-implemented game to only be played at a location of the retail entity.
In various embodiments, NCS 100 may be geographic-based. In other words, the NCS 100 may provide information and/or services to a computing device (e.g., one of PCDs 110A-110F, RECDs 111A-111C, and BODs 170A-170C) based at least partly on the geographic location of the computing device (e.g., as indicated by one or more of APs 120A-120D and/or as indicated by geographic information, such as GPS information, fast-food restaurant location and/or coffee shop location, room identification, room number, room name, and/or room area, among others) provided from the computing device. In some embodiments, one or more of APs 120A-120D may be arranged at known geographic locations and may provide geographic location information regarding the geographic location of the user and/or the computing device. In some embodiments, a computing device (e.g., one of PCDs 110A-110F, RECDs 111A-111C, and BODs 170A-170C) may provide geographic location information of the computing device through an access point (e.g., one of APs 120A-120D) to network 130A. For example, the computing device may include GPS (Global Positioning System) equipment enabling the computing device to provide its geographic location through the access point to network 130A.
In various embodiments, NMD 105 may service a single location. In some embodiments, NMD 105 may service two or more locations (e.g., locations 175A-175C), as shown in the embodiment depicted in
One or more of the systems described herein, such as PCDs 110A-110F, APs 120A-120D, BODs 170A-170C, MIB 150, content providers 160A, 160B, server computing devices (SCDs) 140A-140C, and NMD 105 may include a memory medium on which computer programs and/or data according to the present invention may be stored. For example, each of the APs 120A-120D, MIB 150, or both may store a data structure as described above including information regarding identification information, application identification information, protocol identification information, corresponding networks, and/or access information such as associated data routing and/or QoS methods. Each of the APs 120A-120D, and/or MIB 150 may further store a software program for accessing these data structures and using the information therein to properly provide and/or route data between computing devices and networks, and/or to selectively provide and/or route data depending on the access information and/or the QoS. In various embodiments, various of the systems and/or methods described herein may be used to provide network access from a first network to a second network. For example, the first network may include network 130A, and the second network may include network 130B.
In some embodiments, one or more computer systems may communicate with the one or more other computer systems using use one or more secure and/or encrypted methods and/or systems. For example, PCD 110A may communicate with the one or more computer systems (e.g., PCDs 110A-110F, NMD 105, SCDs 145, 140A-140C, and/or content providers 160A, 160B depicted in
The term “memory medium” and/or “computer readable medium” is intended to include various types of memory or storage, including an installation medium (e.g., a CD-ROM, or floppy disks, a random access memory or computer system memory such as DRAM, SRAM, EDO RAM, Rambus RAM, NVRAM, EPROM, EEPROM, flash memory etc., and/or a non-volatile memory such as a magnetic media, such as a hard drive and/or optical storage). The memory medium may include other types of memory as well, or combinations thereof. In some embodiments, the memory medium may be and/or include an article of manufacture and/or a software product. In addition, the memory medium may be located in a first computer in which the programs are executed, or may be located in a second different computer and/or hardware memory device that connects to the first computer over a network. In some embodiments, the second computer provides the program instructions to the first computer for execution. The memory medium may also be a distributed memory medium (e.g., for security reasons) where a portion of the data is stored on one memory medium and the remaining portion of the data may be stored on a different memory medium. Also, the memory medium may include one of the networks to which the current network is coupled (e.g., a SAN (Storage Area Network)).
In various embodiments, each of the systems described herein may take various forms, including a personal computer system, server computer system, workstation, network appliance, Internet appliance, wearable computing device, personal digital assistant (PDA), laptop, mobile telephone, mobile multimedia device, embedded computer system, television system, and/or other device. In general, the terms “computing device”, “computer”, and/or “computer system” can be broadly defined to encompass any device having a processor which executes instructions from a memory medium.
The memory medium in one or more systems thus may store a software program and/or data for performing and/or enabling access and/or selective network access and/or network service. A CPU or processing unit in one or more systems executing code and data from a memory medium includes a means for executing one or more software program according to the methods and/or flowcharts described herein.
Referring now to
Turning now to
Turning now to
Next, at 410, it may be determined whether or not to redirect the request. For example, the access controller may determine to redirect the request based on information from the one or more data packets. For instance, the access controller may determine that the requests includes information such as a destination port (e.g., a known port of a web server, etc.), a destination address such as an Internet protocol (IP) address, and/or a source address of the computing device, among others. The source address of the computing device may include an IP address and/or a media access control (MAC) address, among others. In some embodiments, the destination address may not correspond to a computer system. For example, the destination address may be a mock address. For instance, the mock address may not be assigned to a computer system.
In various embodiments, an access control list may be used in determining whether or not to redirect the request. For example, the access control list may include a list of one or more addresses that may be accessed. For instance, an address of SCD 140A of
If it is determined to redirect the request, the method may proceed to 430 where redirection information may be transmitted to the computing device. In some embodiments, a hypertext transfer protocol (HTTP) redirect may be transmitted to the computing device. For example, the redirect may include a location of a server. In one instance, the location may include an address of NMD 105 of
In various embodiments, the authentication seed may include a number (e.g., a string of numbers and/or digits) and/or an ASCII string of characters. In various embodiments, a first authentication seed may be combined with first data, a second, different, authentication seed may be combined with the first data, and a first result of a one-way hash function of the combination of the first authentication seed and the first data and a second result of the one-way hash function of the combination of the second authentication seed and the first data may be differing results from each other. In some embodiments, an authentication seed may be preselected, may be a result of a non-repetitive function, may be chosen at random, may be a result of a pseudo-random function generator, and/or may be a result of a random function generator.
As an example, possible redirection information is shown below in Table 1.
As shown, one or more portions of authentication support information may be included in a data description language such as an extensible markup language (XML).
Turning now to
In some embodiments, the shared secret may include characters and/or binary data. For example, the computing device may attain the shared secret by selecting from the one or more shared secrets in Table 2. In various embodiments, the shared secrets shown in Table 2 may be stored in a memory medium of a client and/or a server in the client-server system. In some embodiments, the computing device may communicate with a server computing device (e.g., SCD 145 of
Next at 520, the computing device may determine a network address. In some embodiments, the computing device may determine its MAC address as the network address. Next at 530, the network address, the authentication seed, and the shared secret string may be combined. In one example, the network address may include “00:0d:a3:88:be:fe”, the authentication seed may include “1809212008”, and the selected or attained shared secret may include “Mary had a little lamb”, and the combination may include “00:0d:a3:88:be:fe1809212008Mary had a little lamb”.
Next at 540, a result of a one-way hash function of the combination of the network address, the authentication seed, and the shared secret may be determined. In some embodiments, the result of the one-way hash function may be considered a message authentication code that may be used to authenticate data.
In various embodiments, a one-way hash function may be relatively easy to compute (e.g., calculate by a processor executing instructions from a computer-readable medium) and significantly difficult to reverse. For example, for a value x (e.g., a number, a string, binary data, etc.) and a one-way hash function f, f(x) is relatively easy to compute, and for a value f(z), z is significantly difficult to compute. In various embodiments, significantly difficult to compute may mean that it could take years to compute z from f(z), even if multiple computers were applied to the task. In some embodiments, a one-way hash function may be considered collision free. For example, the one-way hash function may be one-to-one or injective and, thus, may be considered collision free. In various instances, one-way hash functions may be considered a cryptographic checksum, a message digest, a digital fingerprint, a message integrity check, a contraction function, a compression function, and/or a manipulation detection code. Various examples of one-way hash functions may include one or more of message digest (MD) 2, MD 4, MD 5, RIPE-MD, Abreast Davies-Meyer, Davies-Meyer, HAVAL, GOST Hash, N-HASH, SHA (secure hash algorithm), and/or SNEFRU, among others. In some embodiments, a one-way hash function may be a composite function of two or more one-way hash functions. For example, a function g may include a MD 5 one-way hash function, a function h may include a SHA one-way hash function, and a function j may include a MD 5 one-way hash function, and a function f may include a composite function such that f(x)=g(h(j(x))). A one-way hash function that is a composite function of two or more one-way hash functions may be considered to be and/or said to be strengthened.
In one example, the one-way hash function applied at 540 may include a MD 5 one-way hash function, and a result of the MD 5 one-way hash function of the combination from 530 may include “98ae32fb785a882bf607be669e9790c2” which is a hexadecimal representation of a 128-bit number.
Next at 550, the computing device may transmit a network access request to a server. The network access request may include the address determined at 520 and the result of the one-way hash function determined at 540. In one example, the network access request may be transmitted to SCD 140A. In a second example, the access request may be transmitted to NMD 105 of
In various embodiments, SCD 140A and/or NMD 105 of
As shown in Table 3, the username may include a realm. For example, the realm may include “Wellcent” that may indicate a roaming partner and/or a network provider associated with an operator of NCS 100 of
In some embodiments, one or more of SCDs 140A-140C and/or NMD 105 of
In one example, AAA processes and/or services of SCD 140A and/or NMD 105 of
In some embodiments, SCD 140A and/or NMD 105 of
Turning now to
If the test case result matches the result of the one-way hash function received from the computing device, the method may proceed from 640 to either 665 of
Turning now to
In some embodiments, access to a second network (e.g., network 130B of
Turning now to element 667 of
Turning now to
Turning now to
Turning now to
In various embodiments, the software and/or shared secret(s) update may be received from a network. In some embodiments, the computer system may communicate with the one or more other computer systems using use one or more secure and/or encrypted methods and/or systems. For example, PCD 110A may communicate with the one or more computer systems (e.g., PCDs 110A-110F, NMD 105, SCDs 140A-140C, and/or content providers 160A, 160B of
Next at 910, the software and/or shared secret(s) update may be stored in a memory medium of the computing device.
Turning now to
Next at 1010, the server computing device (e.g., SCD 145 of
It is noted that, in various embodiment, one or more of the method elements described herein and/or one or more portions of an implementation of a method element may be performed in varying orders, may be performed concurrently with one or more of the other method elements, or may be omitted. Additional method elements may be performed as desired. In various embodiments, concurrently may mean simultaneously. In some embodiments, concurrently may mean apparently simultaneously according to some metric. For example, two or more method elements and/or two or more portions of an implementation of a method element may be performed such that they appear to be simultaneous to a human. It is also noted that, in various embodiments, one or more of the system elements described herein may be omitted and additional system elements may be added as desired.
Further modifications and alternative embodiments of various aspects of the invention may be apparent to those skilled in the art in view of this description. Accordingly, this description is to be construed as illustrative only and is for the purpose of teaching those skilled in the art the general manner of carrying out the invention. It is to be understood that the forms of the invention shown and described herein are to be taken as embodiments. Elements and materials may be substituted for those illustrated and described herein, parts and processes may be reversed, and certain features of the invention may be utilized independently, all as would be apparent to one skilled in the art after having the benefit of this description of the invention. Changes may be made in the elements described herein without departing from the spirit and scope of the invention as described in the following claims.
The present application claims priority from and is a continuation application of U.S. patent application Ser. No. 14/096,737, filed Dec. 4, 2013, which is a continuation application of U.S. application Ser. No. 13/525,873, now U.S. Pat. No. 8,627,416, filed Jun. 18, 2012, which is a continuation application of U.S. patent application Ser. No. 12/172,517, now U.S. Pat. No. 8,261,327, filed Jul. 14, 2008, which claims the benefit of and priority from U.S. Provisional Application Ser. No. 60/949,404, filed Jul. 12, 2007 and titled “SYSTEM AND METHOD FOR DEVICE-SPECIFIC AUTHORIZATION AT DISTRIBUTED LOCATIONS,” each of which is expressly incorporated herein by reference in its entirety.
Number | Name | Date | Kind |
---|---|---|---|
4026642 | Tanaka et al. | May 1977 | A |
4233661 | Bolton et al. | Nov 1980 | A |
4509277 | Bolton | Apr 1985 | A |
4654793 | Elrod | Mar 1987 | A |
4806743 | Thenery | Feb 1989 | A |
4816654 | Anderl et al. | Mar 1989 | A |
4845504 | Roberts et al. | Jul 1989 | A |
5019697 | Postman | May 1991 | A |
5030807 | Landt et al. | Jul 1991 | A |
5149945 | Johnson et al. | Sep 1992 | A |
5287269 | Dorrough et al. | Feb 1994 | A |
5321395 | Van Santbrink | Jun 1994 | A |
5351186 | Bullock et al. | Sep 1994 | A |
5365516 | Jandrell | Nov 1994 | A |
5377060 | Nigam | Dec 1994 | A |
5487103 | Richardson, Jr. et al. | Jan 1996 | A |
5538007 | Gorman | Jul 1996 | A |
5606616 | Sprunk et al. | Feb 1997 | A |
5623601 | Vu | Apr 1997 | A |
5664228 | Mital | Sep 1997 | A |
5696898 | Baker et al. | Dec 1997 | A |
5727950 | Cook et al. | Mar 1998 | A |
5761683 | Logan et al. | Jun 1998 | A |
5768384 | Berson | Jun 1998 | A |
5781909 | Logan et al. | Jul 1998 | A |
5805803 | Birrell et al. | Sep 1998 | A |
5835061 | Stewart | Nov 1998 | A |
5845070 | Ikudome | Dec 1998 | A |
5851149 | Xidos et al. | Dec 1998 | A |
5889958 | Willens | Mar 1999 | A |
5892829 | Aiello et al. | Apr 1999 | A |
5936542 | Kleinrock et al. | Aug 1999 | A |
5968176 | Nessett et al. | Oct 1999 | A |
5969678 | Stewart | Oct 1999 | A |
5987606 | Cirasole et al. | Nov 1999 | A |
5991287 | Diepstraten et al. | Nov 1999 | A |
5991292 | Focsaneanu et al. | Nov 1999 | A |
5996011 | Humes | Nov 1999 | A |
6021201 | Bakhle et al. | Feb 2000 | A |
6049289 | Waggamon | Apr 2000 | A |
6130892 | Short et al. | Oct 2000 | A |
6194992 | Short et al. | Feb 2001 | B1 |
6219694 | Lazaridis et al. | Apr 2001 | B1 |
6226277 | Chuah | May 2001 | B1 |
6226677 | Slemmer | May 2001 | B1 |
6233618 | Shannon | May 2001 | B1 |
6240533 | Slemmer | May 2001 | B1 |
6253321 | Nikander et al. | Jun 2001 | B1 |
6259405 | Stewart et al. | Jul 2001 | B1 |
6285665 | Chuah | Sep 2001 | B1 |
6317790 | Bowker et al. | Nov 2001 | B1 |
6317837 | Kenworthy | Nov 2001 | B1 |
6327254 | Chuah | Dec 2001 | B1 |
6363421 | Barker et al. | Mar 2002 | B2 |
6370247 | Takaragi et al. | Apr 2002 | B1 |
6377548 | Chuah | Apr 2002 | B1 |
6377982 | Rai et al. | Apr 2002 | B1 |
6377990 | Slemmer et al. | Apr 2002 | B1 |
6393468 | McGee | May 2002 | B1 |
6393482 | Rai et al. | May 2002 | B1 |
6400722 | Chuah et al. | Jun 2002 | B1 |
6414950 | Rai et al. | Jul 2002 | B1 |
6421714 | Rai et al. | Jul 2002 | B1 |
6449272 | Chuah et al. | Sep 2002 | B1 |
6453419 | Flint et al. | Sep 2002 | B1 |
6460084 | Van Home et al. | Oct 2002 | B1 |
6480888 | Pedersen | Nov 2002 | B1 |
6490620 | Ditmer et al. | Dec 2002 | B1 |
6496491 | Chuah et al. | Dec 2002 | B2 |
6512754 | Feder et al. | Jan 2003 | B2 |
6523068 | Beser et al. | Feb 2003 | B1 |
6564327 | Klensin et al. | May 2003 | B1 |
6571221 | Stewart et al. | May 2003 | B1 |
6577643 | Rai et al. | Jun 2003 | B1 |
6577644 | Chuah et al. | Jun 2003 | B1 |
6636894 | Short et al. | Oct 2003 | B1 |
6654610 | Chen et al. | Nov 2003 | B1 |
6665718 | Chuah et al. | Dec 2003 | B1 |
6668322 | Wood | Dec 2003 | B1 |
6675208 | Rai et al. | Jan 2004 | B1 |
6704311 | Chuah et al. | Mar 2004 | B1 |
6727830 | Lui et al. | Apr 2004 | B2 |
6732176 | Stewart et al. | May 2004 | B1 |
6790927 | Inoue et al. | Sep 2004 | B2 |
6801509 | Chuah et al. | Oct 2004 | B1 |
6829355 | Lilly | Dec 2004 | B2 |
6886095 | Hind et al. | Apr 2005 | B1 |
7009556 | Stewart | Mar 2006 | B2 |
7200566 | Moore et al. | Apr 2007 | B1 |
7310730 | Champagne et al. | Dec 2007 | B1 |
7356596 | Ramanujan et al. | Apr 2008 | B2 |
7370197 | Huitema | May 2008 | B2 |
7428413 | Fink | Sep 2008 | B2 |
7614083 | Khuti et al. | Nov 2009 | B2 |
7706775 | Uhlik et al. | Apr 2010 | B2 |
7856659 | Keeler et al. | Dec 2010 | B2 |
8108916 | Fink et al. | Jan 2012 | B2 |
8261327 | Keeler et al. | Sep 2012 | B2 |
9232077 | Yu et al. | Jan 2016 | B2 |
20010044787 | Shwartz et al. | Nov 2001 | A1 |
20020022483 | Thompson et al. | Feb 2002 | A1 |
20020112071 | Kim | Aug 2002 | A1 |
20020132661 | Lind et al. | Sep 2002 | A1 |
20020144144 | Weiss et al. | Oct 2002 | A1 |
20030009382 | D'Arbeloff et al. | Jan 2003 | A1 |
20030117434 | Hugh | Jun 2003 | A1 |
20030126021 | Mizushima et al. | Jul 2003 | A1 |
20030185169 | Higgins | Oct 2003 | A1 |
20030187786 | Swift et al. | Oct 2003 | A1 |
20030194988 | Knox | Oct 2003 | A1 |
20030233329 | Laraki | Dec 2003 | A1 |
20030233580 | Keeler et al. | Dec 2003 | A1 |
20040128199 | Cusack et al. | Jul 2004 | A1 |
20040141488 | Kim et al. | Jul 2004 | A1 |
20040164898 | Stewart | Aug 2004 | A1 |
20040167929 | Osborne et al. | Aug 2004 | A1 |
20040170153 | Stewart et al. | Sep 2004 | A1 |
20040193464 | Szrek et al. | Sep 2004 | A1 |
20040193906 | Dar | Sep 2004 | A1 |
20040215799 | Lehmann, Jr. et al. | Oct 2004 | A1 |
20050004840 | Wanninger | Jan 2005 | A1 |
20050021781 | Sunder et al. | Jan 2005 | A1 |
20050076108 | Li et al. | Apr 2005 | A1 |
20050086528 | Darziv | Apr 2005 | A1 |
20050094566 | Hares | May 2005 | A1 |
20050165711 | Hamatsu | Jul 2005 | A1 |
20050187834 | Painter et al. | Aug 2005 | A1 |
20050261970 | Vucina et al. | Nov 2005 | A1 |
20050270232 | Masuda | Dec 2005 | A1 |
20060050719 | Barr et al. | Mar 2006 | A1 |
20060092955 | Durbin et al. | May 2006 | A1 |
20060143701 | Dos Santos | Jun 2006 | A1 |
20060168253 | Baba | Jul 2006 | A1 |
20060189298 | Marcelli | Aug 2006 | A1 |
20060200855 | Willis | Sep 2006 | A1 |
20060268902 | Bonner | Nov 2006 | A1 |
20070063015 | Mebruer | Mar 2007 | A1 |
20080022084 | Raftelis | Jan 2008 | A1 |
20080095180 | Vucina et al. | Apr 2008 | A1 |
20080097858 | Vucina et al. | Apr 2008 | A1 |
20080155453 | Othmer | Jun 2008 | A1 |
20080263652 | McMurtry | Oct 2008 | A1 |
20080285544 | Qiu | Nov 2008 | A1 |
20090031404 | Bazzinotti et al. | Jan 2009 | A1 |
20090150977 | Carley | Jun 2009 | A1 |
20120260320 | Keeler et al. | Oct 2012 | A1 |
Number | Date | Country |
---|---|---|
0848338 | Jun 1998 | EP |
0889418 | Jan 1999 | EP |
0909073 | Apr 1999 | EP |
0917320 | May 1999 | EP |
0986230 | Mar 2000 | EP |
9639668 | Dec 1996 | WO |
9812643 | Mar 1998 | WO |
9957865 | Nov 1999 | WO |
9957866 | Nov 1999 | WO |
9966400 | Dec 1999 | WO |
03073688 | Sep 2003 | WO |
2005112598 | Dec 2005 | WO |
2007060016 | May 2007 | WO |
Entry |
---|
Chapman, D.B. et al., Building Internet Firewalls, Sep. 1995, O'Reily & Associates, Inc., Sebastopol, CA, pp. 131-188 and 191-207. |
Hinrichs, S., Policy-Based Management: Bridging the Gap, ACSAC '99 Proceedings 15th of the Annual Computer Security Applications Conference, 1999, IEEE Computer Society, Washington, DC, pp. 209-219. |
IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks, IEEE, Std 802.1Q-1998, Mar. 8, 1999, IEEE, New York, NY, pp. i-xii and 1-199. |
International Search Report and Written Opinion, Application No. PCT/US2005/017738, dated Oct. 10, 2005, 12 pages. |
Single-User Network Access Security TACACS+, Cisco White Paper, XP002124521, Mar. 30, 1995, pp. 1-9. |
iPass Generic Interface Specification, Between Smart Clients and Access Gateway, Mar. 9, 2004, Version 1.3, iPass Inc., Redwood Shores, CA, pp. 2-3, 8-27. |
Get TEAclipper-Ready at Zero Cost, www.flexipanel.com, Nov. 17, 2007, FlexiPanel LTD, London, UK, p. 1. |
HexWax Explorer, TEAclipper Firmware Management Utility, HexWax Explorer HW050-1, www.flexipanel.com, Jun. 26, 2007, FlexiPanel LTD, London, UK, pp. 1-3. |
TEAclipper/PIC, Firmware Delivery for Microchip PIC Microcontrollers, TEAclipper/PIC DS508-6, www.flexipanel.com, Jan. 13, 2008, FlexiPanel Ltd, London, UK, pp. 1-8. |
TEAclipper/Stamp, Firmware Delivery for BASIC Stamps, TEAclipper/Stamp DS507-4, www.flexipanel.com, Feb. 12, 2008, FlexiPanel LTD, London, UK, pp. 1-3. |
TEAclipper/USB, USB Adapter for TEAclipper Programming Clips, TEAclipper USB DS510-4, www.flexipanel.com, Dec. 2, 2007, FlexiPanel LTD, London, UK, p. 1. |
Edgett, J. et al., Generic Interface Specification, 2003, iPass Inc., Redwood Shores, CA, pp. 2-9. |
Schneier, B., One-Way Hash Functions, Applied Cryptography, 2nd Edition, Chapter 18, 1996, John Wiley & Sons, pp. 429-459. |
Number | Date | Country | |
---|---|---|---|
20140380435 A1 | Dec 2014 | US |
Number | Date | Country | |
---|---|---|---|
60949404 | Jul 2007 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 14096737 | Dec 2013 | US |
Child | 14481376 | US | |
Parent | 13525873 | Jun 2012 | US |
Child | 14096737 | US | |
Parent | 12172517 | Jul 2008 | US |
Child | 13525873 | US |