Authentication in data communication
First Claim
1. A method of authenticating a client to a communication system comprising the steps of:
- receiving from a mobile station a subscriber identity corresponding to a subscriber of a mobile telecommunication network, wherein the mobile telecommunication network is separate from the communication system to which the client is to be authenticated;
sending the subscriber identity to an authentication block of the mobile telecommunication network;
receiving from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
sending the at least one challenge to the subscriber identity module;
receiving at least one second secret in response to the at least one challenge; and
using the second secret for authenticating the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A client 110 may be authenticated by transmitting or beaming a telecommunication network subscriber'"'"'s authentication to the client from a device 120, over a wireless link. For example, a GSM telephone 120 may authenticate an electronic book 110 to a content providing service within the Internet. The service verifies the authentication using the subscriber'"'"'s GSM network operator'"'"'s Authentication Center 161 to generate an authenticator and the client correspondingly generates a local copy of the authenticator using a GSM SIM over the wireless local link. The authentication is then determined by checking that these authenticators match and thereafter the authenticator can be used as a session key to encrypt data in the service.
-
Citations
37 Claims
-
1. A method of authenticating a client to a communication system comprising the steps of:
-
receiving from a mobile station a subscriber identity corresponding to a subscriber of a mobile telecommunication network, wherein the mobile telecommunication network is separate from the communication system to which the client is to be authenticated;
sending the subscriber identity to an authentication block of the mobile telecommunication network;
receiving from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
sending the at least one challenge to the subscriber identity module;
receiving at least one second secret in response to the at least one challenge; and
using the second secret for authenticating the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29)
-
-
13. A client for authenticating a client to a communication system comprising:
-
a means for receiving from a mobile station a subscriber identity corresponding to a subscriber of a mobile telecommunication network, wherein the mobile telecommunication network is separate from the communication system to which the client is to be authenticated;
a means for sending the subscriber identity to an authentication block of the mobile telecommunication network;
a means for receiving from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
a means for sending the at least one challenge to the subscriber identity module;
a means for receiving at least one second secret in response to the at least one challenge; and
a means for using the second secret for authenticating the client.
-
-
25. A method for providing at least one secret based on a subscriber identity comprising the steps of:
-
retrieving from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunication network;
sending wirelessly the subscriber identity to a client for authenticating the client to the communication system;
receiving wirelessly from the client at least one challenge based on a subscriber'"'"'s secret specific to the subscriber identity;
generating at least one secret in response to the at least one challenge and sending wirelessly the at least one secret.
-
-
30. A mobile station for providing at least one secret based on a subscriber identity comprising:
-
means for retrieving from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunication network;
means for sending wirelessly the subscriber identity to a client for authenticating the client to the communication system;
means for receiving wirelessly from the client at least one challenge based on a subscriber'"'"'s secret specific to the subscriber identity;
means for generating at least one secret in response to the at least one challenge and means for sending wirelessly the at least one secret. - View Dependent Claims (31, 32, 33, 34)
-
-
35. A computer program product for controlling a client in order to authenticate the client to a communication system by using a subscriber identity module of a mobile telecommunications network, wherein the mobile telecommunications network is separate from the communications system to which the client is to be authenticated;
- the computer program product comprising;
computer executable program code to enable the client to retrieve from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunications network;
computer executable program code to enable the client to send the subscriber identity to an authentication block of the mobile telecommunications network;
computer executable program code to enable the client to receive from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
computer executable program code to enable the client to send the at least one challenge to the subscriber identity module;
computer executable program code to enable the client to receive at least one second secret in response to the at least one challenge; and
computer executable program code to enable the client to use the second secret for authenticating the client;
characterised in that the subscriber identity module is accessed over a local wireless link when retrieving the subscriber identity.
- the computer program product comprising;
-
36. A computer program product for controlling a client in order to authenticate the client to a communication system by using a subscriber identity module of a mobile telecommunications network, wherein the mobile telecommunications network is separate from the communications system to which the client is to be authenticated;
- the computer program product comprising;
computer executable program code to enable the client to retrieve from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunications network;
computer executable program code to enable the client to send the subscriber identity to an authentication block of the mobile telecommunications network;
computer executable program code to enable the client to receive from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
computer executable program code to enable the client to send the at least one challenge to the subscriber identity module;
computer executable program code to enable the client to receive at least one second secret in response to the at least one challenge; and
computer executable program code to enable the client to use the second secret for authenticating the client;
characterised in that the subscriber identity module is accessed over a local wireless link when retrieving the subscriber identity.
- the computer program product comprising;
-
37. A computer program product for controlling a device for authentication a client to a communications system using a subscriber identity module of a mobile telecommunications network, wherein the communications system is separate from the mobile telecommunications network, the computer program product comprising:
-
computer executable program code to enable the device to retrieve from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunications network;
computer executable program code to enable the device to send the subscriber identity to a client over a local wireless link for authenticating the client to the communications system;
computer executable program code to enable the device to receive over the local wireless link from the client at least one challenge based on a subscriber'"'"'s secret specific to the subscriber identity;
computer executable program code to enable the device to provide the at least one challenge to the subscriber identity module and receiving at least one authentication secret in response to the challenge; and
computer executable program code to enable the device to send the at least one authentication secret over the local wireless link to the client.
-
Specification