Authentication in data communication

US 20020169966A1
Filed: 05/29/2001
Published: 11/14/2002
Est. Priority Date: 05/14/2001
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a client to a communication system comprising the steps of:

receiving from a mobile station a subscriber identity corresponding to a subscriber of a mobile telecommunication network, wherein the mobile telecommunication network is separate from the communication system to which the client is to be authenticated;

sending the subscriber identity to an authentication block of the mobile telecommunication network;

receiving from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;

sending the at least one challenge to the subscriber identity module;

receiving at least one second secret in response to the at least one challenge; and

using the second secret for authenticating the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client 110 may be authenticated by transmitting or beaming a telecommunication network subscriber'"'"'s authentication to the client from a device 120, over a wireless link. For example, a GSM telephone 120 may authenticate an electronic book 110 to a content providing service within the Internet. The service verifies the authentication using the subscriber'"'"'s GSM network operator'"'"'s Authentication Center 161 to generate an authenticator and the client correspondingly generates a local copy of the authenticator using a GSM SIM over the wireless local link. The authentication is then determined by checking that these authenticators match and thereafter the authenticator can be used as a session key to encrypt data in the service.

Citations

37 Claims

1. A method of authenticating a client to a communication system comprising the steps of:
- receiving from a mobile station a subscriber identity corresponding to a subscriber of a mobile telecommunication network, wherein the mobile telecommunication network is separate from the communication system to which the client is to be authenticated;
  
  sending the subscriber identity to an authentication block of the mobile telecommunication network;
  
  receiving from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  sending the at least one challenge to the subscriber identity module;
  
  receiving at least one second secret in response to the at least one challenge; and
  
  using the second secret for authenticating the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29)
- - 2. The method of authenticating of claim 1 further comprising:
    - receiving a PIN from a user; and
      
      transmitting wirelessly the PIN to the mobile station.
  - 3. The method according to claim 2 further comprising:
    - encrypting the PIN before the step of transmitting.
  - 4. The method according to claim 1 wherein the step of using further comprises:
    - encrypting the second secret to provide a encrypted second secret; and
      
      transmitting the encrypted second secret to the communication system.
  - 5. The method according to claim 4 wherein the step of using further comprises:
    - refreshing the encrypted second secret.
  - 6. The method according to claim 1 wherein the step of sending the subscriber identity to an authentication block comprises sending wirelessly the subscriber identity to the authentication block;
    - and the step of receiving from the authentication block comprises receiving wirelessly from the authentication block.
  - 7. The method according to claim 1 wherein the steps of:
    - receiving from a mobile station a subscriber identity comprises receiving wirelessly from a mobile station a subscriber identity;
      
      sending the at least one challenge comprises sending wirelessly the at least one challenge; and
      
      receiving at least one second secret comprises receiving wirelessly at least one second secret.
  - 8. The method of authenticating of claim 7 further comprising:
    - receiving a PIN from a user; and
      
      transmitting wirelessly the PIN to the mobile station.
  - 9. The method of authenticating of claim 8 wherein the step of transmitting wirelessly comprises transmitting an infrared signal.
  - 10. The method of authenticating of claim 8 wherein the step of transmitting wirelessly comprises transmitting a radio signal.
  - 11. The method of authenticating of claim 8 wherein the step of transmitting wirelessly comprises transmitting a low power radio signal.
  - 12. The method of authenticating of claim 8 wherein the step of transmitting wirelessly comprises transmitting an acoustic signal.
  - 14. The client for authenticating of claim 13 further comprising:
    - a means for receiving a PIN from a user; and
      
      a means for transmitting wirelessly the PIN to the mobile station.
  - 15. The client according to claim 14 further comprising:
    - a means for encrypting the PIN before the step of transmitting.
  - 16. The client according to claim 13 wherein means for using further comprises:
    - a means for encrypting the second secret to provide a encrypted second secret; and
      
      a means for transmitting the encrypted second secret to the communication system.
  - 17. The method according to claim 16 wherein the step of using further comprises:
    - refreshing the encrypted second secret.
  - 18. The client according to claim 13 wherein the a means for sending the subscriber identity to an authentication block comprises a means for sending wirelessly the subscriber identity to the authentication block;
    - and the a means for receiving from the authentication block comprises a means for receiving wirelessly from the authentication block.
  - 19. The client according to claim 13 wherein:
    - a means for receiving from a mobile station a subscriber identity comprises a means for receiving wirelessly from a mobile station a subscriber identity;
      
      a means for sending the at least one challenge comprises a means for sending wirelessly the at least one challenge; and
      
      a means for receiving at least one second secret comprises a means for receiving wirelessly at least one second secret.
  - 20. The client of claim 19 further comprising:
    - a means for receiving a PIN from a user; and
      
      a means for transmitting wirelessly the PIN to the mobile station.
  - 21. The client of claim 19 wherein the a means for transmitting wirelessly comprises a means for transmitting an infrared signal.
  - 22. The client of claim 19 wherein the a means for transmitting wirelessly comprises a means for transmitting a radio signal.
  - 23. The client of claim 19 wherein the a means for transmitting wirelessly comprises a means for transmitting a low power radio signal.
  - 24. The client of claim 19 wherein the a means for transmitting wirelessly comprises a means for transmitting an acoustic signal.
  - 26. The method of claim 25 wherein the method further comprises a step of wirelessly receiving a request.
  - 27. The method of claim 26 wherein the request contains a PIN.
  - 28. The method of claim 27 wherein the request contains an encrypted PIN.
  - 29. The method of claim 27 further comprising a step of confirming that the PIN matches a identity module PIN.

13. A client for authenticating a client to a communication system comprising:
- a means for receiving from a mobile station a subscriber identity corresponding to a subscriber of a mobile telecommunication network, wherein the mobile telecommunication network is separate from the communication system to which the client is to be authenticated;
  
  a means for sending the subscriber identity to an authentication block of the mobile telecommunication network;
  
  a means for receiving from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  a means for sending the at least one challenge to the subscriber identity module;
  
  a means for receiving at least one second secret in response to the at least one challenge; and
  
  a means for using the second secret for authenticating the client.

25. A method for providing at least one secret based on a subscriber identity comprising the steps of:
- retrieving from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunication network;
  
  sending wirelessly the subscriber identity to a client for authenticating the client to the communication system;
  
  receiving wirelessly from the client at least one challenge based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  generating at least one secret in response to the at least one challenge and sending wirelessly the at least one secret.

30. A mobile station for providing at least one secret based on a subscriber identity comprising:
- means for retrieving from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunication network;
  
  means for sending wirelessly the subscriber identity to a client for authenticating the client to the communication system;
  
  means for receiving wirelessly from the client at least one challenge based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  means for generating at least one secret in response to the at least one challenge and means for sending wirelessly the at least one secret.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The mobile station of claim 30 wherein the method further comprises a means for wirelessly receiving a request.
  - 32. The mobile station of claim 31 wherein the request contains a PIN.
  - 33. The mobile station of claim 32 wherein the request contains an encrypted PIN.
  - 34. The mobile station of claim 32 further comprising means for confirming that the PIN matches a identity module PIN.

35. A computer program product for controlling a client in order to authenticate the client to a communication system by using a subscriber identity module of a mobile telecommunications network, wherein the mobile telecommunications network is separate from the communications system to which the client is to be authenticated;
- the computer program product comprising;
  
  computer executable program code to enable the client to retrieve from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunications network;
  
  computer executable program code to enable the client to send the subscriber identity to an authentication block of the mobile telecommunications network;
  
  computer executable program code to enable the client to receive from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  computer executable program code to enable the client to send the at least one challenge to the subscriber identity module;
  
  computer executable program code to enable the client to receive at least one second secret in response to the at least one challenge; and
  
  computer executable program code to enable the client to use the second secret for authenticating the client;
  
  characterised in that the subscriber identity module is accessed over a local wireless link when retrieving the subscriber identity.

36. A computer program product for controlling a client in order to authenticate the client to a communication system by using a subscriber identity module of a mobile telecommunications network, wherein the mobile telecommunications network is separate from the communications system to which the client is to be authenticated;
- the computer program product comprising;
  
  computer executable program code to enable the client to retrieve from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunications network;
  
  computer executable program code to enable the client to send the subscriber identity to an authentication block of the mobile telecommunications network;
  
  computer executable program code to enable the client to receive from the authentication block at least one challenge and at least one first secret based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  computer executable program code to enable the client to send the at least one challenge to the subscriber identity module;
  
  computer executable program code to enable the client to receive at least one second secret in response to the at least one challenge; and
  
  computer executable program code to enable the client to use the second secret for authenticating the client;
  
  characterised in that the subscriber identity module is accessed over a local wireless link when retrieving the subscriber identity.

37. A computer program product for controlling a device for authentication a client to a communications system using a subscriber identity module of a mobile telecommunications network, wherein the communications system is separate from the mobile telecommunications network, the computer program product comprising:
- computer executable program code to enable the device to retrieve from a subscriber identity module a subscriber identity corresponding to a subscriber of a mobile telecommunications network;
  
  computer executable program code to enable the device to send the subscriber identity to a client over a local wireless link for authenticating the client to the communications system;
  
  computer executable program code to enable the device to receive over the local wireless link from the client at least one challenge based on a subscriber'"'"'s secret specific to the subscriber identity;
  
  computer executable program code to enable the device to provide the at least one challenge to the subscriber identity module and receiving at least one authentication secret in response to the challenge; and
  
  computer executable program code to enable the device to send the at least one authentication secret over the local wireless link to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Malinen, Jari T., Olkkonen, Mikko, Nyman, Kai

Granted Patent

US 7,444,513 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

H04L 63/067   using one-time keys cryptog...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

Authentication in data communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication in data communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links