Mobile IP communication scheme incorporating individual user authentication

US 20020186688A1
Filed: 07/12/2002
Published: 12/12/2002
Est. Priority Date: 09/05/1997
Status: Active Grant

First Claim

Patent Images

1. A mobile computer management device located in a home network of a mobile computer for enabling the mobile computer to carry out communications while moving over inter-connected networks, the mobile computer management device comprising:

a registration unit for registering an information on a current location of the mobile computer, based on a registration message transmitted from the mobile computer, which is currently located outside the home network;

a transfer unit for transferring packets destined to the mobile computer to the current location of the mobile computer according to the information registered by the registration unit; and

a user authentication unit for carrying out a user authentication, prior to a registration of the information on the current location of the mobile computer, to judge a properness of a user of the mobile computer according to a user-input-based information received from the mobile computer, and controlling the registration of the information by the registration unit according to a result of the user authentication.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.

47 Citations

View as Search Results

30 Claims

1. A mobile computer management device located in a home network of a mobile computer for enabling the mobile computer to carry out communications while moving over inter-connected networks, the mobile computer management device comprising:
- a registration unit for registering an information on a current location of the mobile computer, based on a registration message transmitted from the mobile computer, which is currently located outside the home network;
  
  a transfer unit for transferring packets destined to the mobile computer to the current location of the mobile computer according to the information registered by the registration unit; and
  
  a user authentication unit for carrying out a user authentication, prior to a registration of the information on the current location of the mobile computer, to judge a properness of a user of the mobile computer according to a user-input-based information received from the mobile computer, and controlling the registration of the information by the registration unit according to a result of the user authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The mobile computer management device of claim 1, further comprising:
    - a host authentication unit for carrying out a host authentication, prior to the registration of the information on the current location of the mobile computer, to judge a properness of the mobile computer according to the registration message received from the mobile computer, and permitting the registration of the information by the registration unit when both the host authentication and the user authentication succeed.
  - 3. The mobile computer management device of claim 1, further comprising:
    - a transmission unit for transmitting, prior to the registration of the information, a challenge message that requests returning of a user authentication information to the mobile computer when a new registration message containing the information on the current location of the mobile computer is received from the mobile computer;
      
      wherein the user authentication unit judges the properness of the user according to the user input based information which is contained in a response message returned from the mobile computer in response to the challenge message as the user authentication information.
  - 4. The mobile computer management device of claim 3, wherein the transmission unit also transmits the challenge message that requests returning of the user authentication information to the mobile computer when another registration message for re-registration of an already registered current location is received from the mobile computer and a prescribed condition indicates that the user authentication is required to be executed again, prior to the re-registration by the registration unit.
  - 5. The mobile computer management device of claim 4, wherein said another message for re-registration is received at a prescribed interval, and the challenge message is transmitted at an interval longer than the prescribed interval.
  - 6. The mobile computer management device of claim 3, wherein the transmission unit transmits the challenge message that contains a challenge code, and the user authentication unit judges the properness of the user by checking a one-time password based on the challenge code which is returned from the mobile computer as the user-input-based information.
  - 7. The mobile computer management device of claim 1, wherein the user authentication unit refuses subsequent registration requests from the mobile computer when the user authentication according to the user-input-based information received from the mobile computer fails for a prescribed number of times consecutively.
  - 8. The mobile computer management device of claim 1, wherein the user authentication unit judges the properness of the user according to whether a password returned from the mobile computer as the user-input-based information coincides with a pre-registered one.

9. A mobile computer device capable of carrying out communications while moving over inter-connected networks, the mobile computer device comprising:
- a registration message transmission unit for transmitting a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device;
  
  a user input unit for accepting a user input for user authentication; and
  
  a user-input-based information transmission unit for transmitting to the mobile computer management device a response message containing information based on the user input as a user authentication information, when a challenge message that requests returning of the user authentication information is received from the mobile computer management device in response to the registration message.
- View Dependent Claims (10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27)
- - 10. The mobile computer device of claim 9, further comprising:
    - an authentication unit for judging a properness of the mobile computer management device according to the challenge message received from the mobile computer management device;
      
      wherein the user-input-based information transmission unit transmits the response message containing the information based on the user input when the mobile computer management device is judged as proper.
  - 11. The mobile computer device of claim 9, wherein the user input based information transmission unit transmits the response message containing a one-time password based on a challenge code contained in the challenge message received from the mobile computer management device as the user input based information.
  - 12. The mobile computer device of claim 9, further comprising:
    - a message transmission stopping unit for stopping subsequent transmissions of the registration message from the mobile computer device when a message indicating a failure of the user authentication is received from the mobile computer management device for a prescribed number of times consecutively.
  - 13. The mobile computer device of claim 9, wherein the user input based information transmission unit transmits a password entered by a user at the mobile computer device as the user input based information.
  - 15. The mobile computer device of claim 14, wherein the user authentication unit permits reading from the external memory device through the external interface unit when the first user authentication succeeds.
  - 16. The mobile computer device of claim 14, wherein the user authentication unit permits transmission of the registration message by the registration message transmission unit when the first user authentication succeeds.
  - 17. The mobile computer device of claim 14, wherein the user information stored in the external memory device contains a personal information of a user who uses the mobile computer device, and the user authentication unit judges that the first user authentication succeeds when a user authentication information stored in the mobile computer device in correspondence to the personal information stored in the external memory device coincides with the user input as entered by the user at a time of connecting the external memory device to the mobile computer device.
  - 18. The mobile computer device of claim 14, further comprising:
    - a reading prohibiting unit for prohibiting subsequent reading from the external memory device through the external interface unit when the first user authentication fails for a prescribed number of times consecutively.
  - 19. The mobile computer device of claim 14, further comprising:
    - a message transmission stopping unit for stopping subsequent transmissions of the registration message from the mobile computer device when the first user authentication fails for a prescribed number of times consecutively.
  - 20. The mobile computer device of claim 14, further comprising:
    - a reading prohibiting unit for prohibiting subsequent reading from the external memory device through the external interface unit when the second user authentication at the mobile computer management device fails for a prescribed number of times consecutively.
  - 21. The mobile computer device of claim 14, further comprising:
    - a message transmission stopping unit for stopping subsequent transmissions of the registration message from the mobile computer device when the second user authentication at the mobile computer management device fails for a prescribed number of times consecutively.
  - 22. The mobile computer device of claim 14, wherein the network information to be read out from the external memory device contains at least one of a home address information of the mobile computer device, an address information of the mobile computer management device, and an information for host authentication to be carried out between the mobile computer device and the mobile computer management device.
  - 23. The mobile computer device of claim 14, wherein the external memory device also stores a security information with respect to a packet relay device which is capable of processing encrypted packets transmitted from the mobile computer device, and the mobile computer device carries out cipher communications using an encryption processing from the visited site, by using the security information read out from the external memory device through the external interface unit.
  - 24. The mobile computer device of claim 14, further comprising:
    - an internal memory for temporarily storing the desired information read out from the external memory device, wherein the desired information temporarily stored in the internal memory is deleted when communications using the desired information is finished.
  - 26. The method of claim 25, wherein the user authentication is carried out at the mobile computer management device according to a user-input-based information transmitted from the mobile computer to the mobile computer management device.
  - 27. The method of claim 25, wherein the user authentication is carried out locally at the mobile computer according to an information entered by the user at the mobile computer.

14. A mobile computer device capable of carrying out communications while moving over inter-connected networks, the mobile computer device comprising:
- an external interface unit for reading out desired information from an external memory device connected to the mobile computer device, wherein the external memory device stores at least a user information and a network information to be used for communications at a visited site;
  
  a user authentication unit for carrying out first user authentication locally at the mobile computer device according to the user information stored in the external memory device and a user input;
  
  a registration message transmission unit for transmitting a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, by using the network information read out from the external memory device under a control by the user authentication unit, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device; and
  
  a user-input-based information transmission unit for transmitting to the mobile computer management device a user-input-based information to be used for second user authentication at the mobile computer management device.

25. A method for registering a mobile computer in a mobile computer management device for enabling the mobile computer to carry out communications while moving over inter-connected networks, the mobile computer management device having having a function for managing information on a current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device, the method comprising the steps of:
- transmitting a registration message containing the information on the current location of the mobile computer from the mobile computer at a visited site to a mobile computer management device at a home network of the mobile computer;
  
  carrying out a user authentication to judge a properness of a user of the mobile computer according to a user-input-based information; and
  
  registering the current location of the mobile computer at the mobile computer management device when the user is judged as a proper user.

28. An article of manufacture, comprising:
- a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer management device located in a home network of a mobile computer for enabling the mobile computer to carry out communications while moving over inter-connected networks, the computer readable program code means includes;
  
  first computer readable program code means for causing said computer to register an information on a current location of the mobile computer, based on a registration message transmitted from the mobile computer, which is currently located outside the home network;
  
  second computer readable program code means for causing said computer to transfer packets destined to the mobile computer to the current location of the mobile computer according to the information registered by the first computer readable program code means; and
  
  third computer readable program code means for causing said computer to carry out a user authentication, prior to a registration of the information on the current location of the mobile computer, to judge a properness of a user of the mobile computer according to a user-input-based information received from the mobile computer, and controlling the registration of the information by the first computer readable program code means according to a result of the user authentication.

29. An article of manufacture, comprising:
- a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer capable of carrying out communications while moving over inter-connected networks, the computer readable program code means includes;
  
  first computer readable program code means for causing said computer to transmit a registration message containing an information on a current location of the mobile computer, from outside a home network of the mobile computer to a mobile computer management device located at the home network, the mobile computer management device having a function for managing the information on the current location of the mobile computer and transferring packets destined to the mobile computer to the current location of the mobile computer; and
  
  second computer readable program code means for causing said computer to accept a user input for user authentication; and
  
  third computer readable program code means for causing said computer to transmit to the mobile computer management device a response message containing information based on the user input as a user authentication information, when a challenge message that requests returning of the user authentication information is received from the mobile computer management device in response to the registration message.

30. An article of manufacture, comprising:
- a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer device capable of carrying out communications while moving over inter-connected networks, the computer readable program code means includes;
  
  first computer readable program code means for causing said computer to read out desired information from an external memory device connected to the mobile computer device, wherein the external memory device stores at least a user information and a network information to be used for communications at a visited site;
  
  second computer readable program code means for causing said computer to carry out first user authentication locally at the mobile computer device according to the user information stored in the external memory device and a user input;
  
  third computer readable program code means for causing said computer to transmit a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, by using the network information read out from the external memory device under a control by the second computer readable program code means, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device; and
  
  fourth computer readable program code means for causing said computer to transmit to the mobile computer management device a user-input-based information to be used for second user authentication at the mobile computer management device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Ishiyama, Masahiro, Inoue, Atsushi, Fukumoto, Atsushi, Okamoto, Toshio, Tsuda, Yoshiyuki

Granted Patent

US 6,973,068 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/3224   Transactions dependent on l...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 67/00   Network arrangements or pro...

H04L 67/04   specially adapted for termi...

H04L 69/40   for recovering from a failu...

H04W 12/068   using credential vaults, e....

H04W 8/04   Registration at HLR or HSS ...

H04W 80/04   Network layer protocols, e....

Mobile IP communication scheme incorporating individual user authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile IP communication scheme incorporating individual user authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links