Method and system for authentification of a mobile user via a gateway

US 20040103283A1
Filed: 12/08/2003
Published: 05/27/2004
Est. Priority Date: 08/18/2000
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a first party (42) to a second party (44) via a gateway (46) the first party using an encryption protocol between itself and the gateway and the second party using an encryption protocol between itself and the gateway the method comprising the steps of:

installing in the second party that the gateway is a trusted certification authority (48);

the gateway issuing a digital certificate authenticating the first party; and

the second party verifying the digital certificate in order to confirm to the second party that the digital certificate comes from the trusted certification authority;

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a client (42) and a server (44) to each other via a gateway (46) in which the client uses a first encryption protocol between itself and the gateway and the server uses a second different encryption protocol between itself and the gateway, the method comprising the steps of: installing in the server that the gateway is a trusted certification authority (48); the gateway issuing a digital certificate authenticating the client; and the server verifying the digital certificate in order to confirm to itself that the digital certificate comes from the trusted certification authority.

Citations

28 Claims

1. A method of authenticating a first party (42) to a second party (44) via a gateway (46) the first party using an encryption protocol between itself and the gateway and the second party using an encryption protocol between itself and the gateway the method comprising the steps of:
- installing in the second party that the gateway is a trusted certification authority (48);
  
  the gateway issuing a digital certificate authenticating the first party; and
  
  the second party verifying the digital certificate in order to confirm to the second party that the digital certificate comes from the trusted certification authority;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method according to claim 1 in which the encryption protocols between the first party (42) and the gateway (46) and between the second party (44) and the gateway are different.
  - 3. A method according to claim 2 in which the encryption protocol between the first party (42) and the gateway (46) is WTLS and the encryption protocol between the gateway and the second party (44) is SSL.
  - 4. A method according to any preceding claim in which a gateway public key is provided to the second party (44) and is indicated to the second party (44) as being the public key of the trusted certification authority (48).
  - 5. A method according to any preceding claim in which the gateway (46) generates different public-private key-pairs for a plurality of first parties, each key-pair comprising a generated first party (42) public key and a generated first party private key.
  - 6. A method according to claim 5 in which the gateway (46) generates different certificates in the name of different first parties.
  - 7. A method according to claim 6 in which the gateway (46) signs these different certificates with a gateway private key.
  - 8. A method according to claim-6 or claim 7 in which these different certificates contain a distinguished name of the first party (42) and a first party public key.
  - 9. A method according to any preceding claim which comprises the step of providing the second party (44) with an identifier indicating its origin.
  - 10. A method according to claim 9 which comprises the step of providing the gateway (46) with an identifier indicating a common origin with the second party (44).
  - 11. A method according to claim 10 which comprises the step of requesting certificates for the second party (44) and the gateway (46) corresponding to the common identifier of the second party and the gateway, but containing different public keys belonging to the second party and to the gateway.
  - 12. A method according to any preceding claim which comprises a handshake in order to authenticate each party to the other and to negotiate one or more session keys.
  - 13. A method according to claim 12 in which the handshake is a double handshake.
  - 14. A method according to any preceding claim in which the first party (42) and the gateway (46) execute a common first handshake authenticating each other and negotiate a master secret.
  - 15. A method according to claim 14 in which the gateway (46) uses a first party (42) private key and the first party certificate to execute a second handshake with the second party (44).
  - 16. A method according to claim 14 or claim 15 in which at least one of the handshakes is a handshake which occurs prior to communication according to WTLS.
  - 17. A method according to claim 14 or claim 15 in which at least one of the handshakes is a handshake which occurs prior to SSL or TLS.
  - 18. A method according to any preceding claim in which the first party (42) is a client and the second party (44) is a server.
  - 19. A method according to any preceding claim which comprises the step of providing the first party (42) and the gateway (46) with a common public key to authenticate the source of information transferred from one to the other the common public key being the public key of the trusted certification authority (48).

20. A transaction system (40) comprising a first party (42) and a second party (44) which communicate via a gateway (46) communication between the parties requiring authentication of the first party to the second party using an encryption protocol between the first party and the gateway and an encryption protocol between the second party and the gateway wherein:
- the gateway comprises a digital certificate signer (48) to issue a digital certificate authenticating the first party;
  
  the second party comprises a digital certificate verifier corresponding to the digital certificate signer of the gateway which verifies the digital certificate in order to confirm to the second party that the gateway signed digital certificates are authentic.
- View Dependent Claims (21, 22)
- - 21. A transaction system (40) according to claim 20 comprising a communications system.
  - 22. A transaction system (40) according to claim 21 comprising a wireless telecommunications system having a network and a plurality of mobile terminals.

23. A gateway (46) through which a first party (42) and a second party (44) can communicate, communication between the parties requiring authentication of the first party to the second party using an encryption protocol between the first party and the gateway and an encryption protocol between the second party and the gateway, the gateway comprising a digital certificate signer (48) to issue a digital certificate authenticating the first party the signer of the gateway corresponding to a verifier of the second party which verifies the digital certificate in order to confirm to the second party that the gateway signed digital certificates are authentic.
- View Dependent Claims (24)
- - 24. A gateway (46) according to claim 23 which comprises a server (44).

25. A computer program product for authenticating a first party (42) to a second party (44) via a gateway (46) the first party using an encryption protocol between itself and the gateway and the second party using an encryption protocol between itself and the gateway, the computer program product comprising:
- computer executable code to indicate to the second party that the gateway is a trusted certification authority (48);
  
  computer executable code to enable the gateway to issue a digital certificate authenticating the first party; and
  
  computer executable code to enable the second party to verify the digital certificate in order to confirm to the second party that the digital certificate has been issued by the trusted certification authority.
- View Dependent Claims (26)
- - 26. The computer program product according to claim 25 which is stored on a computer readable medium.

27. A method of content delivery from a content provider (44) to a terminal (42) through a communications network in which the content provider and the terminal authenticate each other via a gateway (46) the terminal using an encryption protocol between itself and the gateway and the content provider using an encryption protocol between itself and the gateway the method comprising the steps of:
- the content provider determining that the gateway is a trusted certification authority (48);
  
  the gateway issuing a digital certificate authenticating the terminal; and
  
  the content provider verifying the digital certificate in order to confirm to the content provider that the digital certificate comes from the trusted certification authority.

28. A method for authenticating a first party (42) and a second party (44) to each other via a gateway (46), the method comprising the steps of:
- providing the gateway with a gateway public key and a corresponding gateway private key;
  
  providing the first party and the gateway with a common public key to authenticate the source of information transferred from one to the other; and
  
  providing the second party with the gateway public key to authenticate information received from the gateway, the gateway public key being different to the common public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Hornak, Zoltan

Granted Patent

US 7,742,605 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/0442   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 67/04   specially adapted for termi...

H04L 69/329   in the application layer [O...

H04L 9/3263   involving certificates, e.g...

H04L 9/40   Network security protocols

Method and system for authentification of a mobile user via a gateway

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authentification of a mobile user via a gateway

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links