| CPC H04L 63/0815 (2013.01) [H04L 63/04 (2013.01); H04L 63/20 (2013.01); H04W 12/06 (2013.01); H04W 36/0038 (2013.01)] | 19 Claims |
|
1. A method comprising:
authenticating an identity of a user of a client device after the client device is associated with an access network provider separate from the client device, wherein authenticating the identity of the user comprises:
receiving, by the access network provider and from an identity provider separate from the client device and the access network provider, a credential associated with the identity; and
receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device;
establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service, wherein the access network provider is separate from the service provider;
receiving, at the access network provider and over the secure connection, network traffic from the service provider, wherein packets of the network traffic include assurance information that enables the client device to determine that the network-based service is being provided by the service provider, and wherein the assurance information is determined using a function based on a first token communicated by the identity provider to the service provider and the client device; and
communicating, by the access network provider, the network traffic to the client device, wherein characterization information of the network traffic is communicated from the client device to the service provider through a channel (i) between the client device and the service provider and (ii) separate from the secure connection, and wherein the service provider communicates to the client device a response indicating whether the characterization information is present in a cache table of the service provider.
|