Authentication and authorisation based secure ip connections for terminals

US 20040158716A1
Filed: 01/20/2004
Published: 08/12/2004
Est. Priority Date: 02/08/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of facilitating the authentication of an IP data transfer between a mobile wireless terminal and a network node via a radio access network (RAN), the method comprising the steps of:

generating a public-private key pair;

obtaining a certificate containing said public key, a unique identifier allocated to a subscriber, and a signature guaranteeing that the public key is associated with the unique identifier, the unique identifier being an identifier allocated to the terminal for the purpose of using the RAN;

storing the key pair and the certificate on a subscriber identity module (SIM) card;

coupling the SIM card to the mobile wireless terminal so that processing means of the terminal can access the key pair and the certificate; and

sending the certificate to a network node, whereby the network node can use the certificate to authenticate the subscriber.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of facilitating the authentication of IP data transfer between a mobile wireless terminal 4 and a network node 2. A computer is used to generate a public-private key pair, whilst a certificate guaranteeing that the key pair is associated with a unique identifier allocated to a subscriber is obtained from a CA 8. The key pair and the certificate are stored on a subscriber identity module (SIM) card 9 which is then coupled to the mobile wireless terminal 4 so that processing means of the terminal 4 can access the key pair and the certificate for use in authenticating itself to a remote node 2. The terminal is authorised to access services of the node 2 on the basis of the unique identifier.

Citations

9 Claims

1. A method of facilitating the authentication of an IP data transfer between a mobile wireless terminal and a network node via a radio access network (RAN), the method comprising the steps of:
- generating a public-private key pair;
  
  obtaining a certificate containing said public key, a unique identifier allocated to a subscriber, and a signature guaranteeing that the public key is associated with the unique identifier, the unique identifier being an identifier allocated to the terminal for the purpose of using the RAN;
  
  storing the key pair and the certificate on a subscriber identity module (SIM) card;
  
  coupling the SIM card to the mobile wireless terminal so that processing means of the terminal can access the key pair and the certificate; and
  
  sending the certificate to a network node, whereby the network node can use the certificate to authenticate the subscriber.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1 and comprising, at the network node, using the received certificate to identify the subscriber and determining the subscriber'"'"'s access rights using an access permissions database.
  - 3. A method according to claim 1 or 2, wherein the mobile wireless device has the capability to register with a GSM network or a UMTS network.
  - 4. A method according to any one of the preceding claims, wherein the terminal is a mobile telephone or communicator or a PDA, or a palmtop or laptop computer having mobile wireless facilities.
  - 5. A method according to any one of the preceding claims, where said unique identity allocated to a subscriber is the telephone number of the subscriber, or is an International Mobile Subscriber Identity (IMSI) code.
  - 6. A method according to any one of the preceding claims, wherein the certificate is generated by a Certification Authority (CA) which signs the certificate to guarantee the association of the key pair and the unique identifier.
  - 7. A method according to any one of the preceding claim, wherein the SIM card records the unique identity, and the operator of the mobile network is trusted to store key pairs and certificates on SIM cards having the correct unique identifiers.

8. A method of authenticating IP data transfer between a mobile wireless terminal and a network node via a radio access network (RAN), the mobile terminal comprising a SIM card having stored thereon a public-private key pair and a certificate containing at least the public key, a unique identifier being an identifier allocated to the terminal for the purpose of using the RAN, and a signature guaranteeing that the public key is associated with the unique identifier, the method comprising:
- sending the certificate from the mobile terminal to the node;
  
  authenticating the terminal using said certificate; and
  
  authorising the terminal to access a service of the node on the basis of said identifier.

9. A method of facilitating the authentication of IP data transfer between a mobile wireless terminal and a network node, the method comprising the steps of:
- 1) registering a subscriber to a mobile wireless telecommunications network;
  
  2) generating a public-private key pair;
  
  3) obtaining a certificate from a certification authority (CA) containing at least the public key, a unique identifier being an identifier allocated to the terminal for the purpose of using the telecommunications network, and a signature guaranteeing that the public key is associated with the unique identifier;
  
  4) storing the key pair and the certificate on a subscriber identity module (SIM) card;
  
  5) giving a mobile wireless terminal to the subscriber together with the SIM card; and
  
  7) coupling the SIM card to the mobile wireless terminal whereby processing means of the terminal can access the certificate for sending to a remote node and the remote node can authenticate the subscriber on the basis of the certificate and can authorise access to services of the node on the basis of the unique identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Arkko, Jari, Ahonen, Pasi, Turtiainen, Esa

Application Number

US10/470,872
Publication Number

US 20040158716A1
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

Authentication and authorisation based secure ip connections for terminals

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and authorisation based secure ip connections for terminals

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links