Service authentication in a communication system

US 20040162998A1
Filed: 04/11/2003
Published: 08/19/2004
Est. Priority Date: 02/14/2003
Status: Abandoned Application

First Claim

Patent Images

1. An authentication method for a service provided in a communication system, the method comprising the steps of:

providing a user of a first network with a first password comprising a first element derived from a second password stored in a second network external to the first network;

in response to the user requesting a service from the first network, supplying the first password to the first network;

transmitting from the first network a first request to the second network, the first request being such that the first request triggers in the second network a sending of a first response which requests the second password;

in response to the first response, sending a third password to the second network, the third password being derived from the first element;

matching the third password against the second password stored in the second network; and

offering the service to the user when the matching step indicates that the third password and the second password have a predetermined relationship.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerns authentication in an access network. In order to be able to utilize the infrastructure of a separate mobile communication network for the authentication of subscribers with traditional (non-SIM) terminals, a subscriber is provided with a first password comprising a first element derived from a second password stored in the mobile communication network. When the subscriber enters the access network, a first request is sent to the mobile communication network, the first request triggering in the mobile communication network the sending of a first response which requests the second password. A third password is then sent to the mobile communication network as a response, the third password being derived from the first element. The third password is matched against the second password and the service is provided to the subscriber when the matching indicates that the third password and the second password have a predetermined relationship.

Citations

21 Claims

1. An authentication method for a service provided in a communication system, the method comprising the steps of:
- providing a user of a first network with a first password comprising a first element derived from a second password stored in a second network external to the first network;
  
  in response to the user requesting a service from the first network, supplying the first password to the first network;
  
  transmitting from the first network a first request to the second network, the first request being such that the first request triggers in the second network a sending of a first response which requests the second password;
  
  in response to the first response, sending a third password to the second network, the third password being derived from the first element;
  
  matching the third password against the second password stored in the second network; and
  
  offering the service to the user when the matching step indicates that the third password and the second password have a predetermined relationship.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, further comprising the steps of:
    - providing the first password with a second element derived from a first identifier used to identify the user in the second network;
      
      sending a second request from the first network to the second network, the second request being such that the second request triggers in the second network a sending of a second response which includes the first identifier stored in the second network;
      
      comparing the first identifier included in the second response with the second element of the first password;
      
      wherein the comparing step is performed prior to the transmitting step, the transmitting step being performed when the comparing step indicates that the first identifier included in the second response has a predetermined relationship with the second element.
  - 3. A method according to claim 2, wherein the second network is a mobile communication network.
  - 4. A method according to claim 2, wherein the first network is an access network.
  - 5. A method according to claim 1, wherein the first element equals the second password stored in the second network.
  - 6. A method according to claim 1, wherein the third password equals the first element.
  - 7. A method according to claim 2, wherein the first identifier includes a character string and the second element comprises a substring of the first identifier.
  - 8. A method according to claim 3, wherein the first identifier is an International Mobile Subscriber Identity (IMSI) of the user.
  - 9. A method according to claim 3, wherein the second password is used for controlling the service in the mobile communication network.
  - 10. A method according to claim 9, wherein the first request is a message according to a MAP_ACTIVATE_SS service.
  - 11. A method according to claim 8, wherein the second request is a MAP_SEND_IMSI request.
  - 12. A method according to claim 3, wherein the supplying step further includes supplying a user identifier to the first network, the user identifier being a public identifier used in the mobile communication network.
  - 13. A method according to claim 12, wherein the user identifier is a Mobile Subscriber International ISDN Number (MSISDN) of the user.
  - 14. A method according to claim 4, wherein the offering step includes allowing the user to access the access network, whereby the service being offered is an access service.

15. An authentication system for a service provided in a communication system, the authentication system comprising:
- means for supplying a first password to a first network, the first password comprising a first element derived from a second password stored in a second network, the first network being external to the second network;
  
  first signaling means for sending a first request to the second network, the first request being such that the first request triggers in the second network a sending of a first response which requests the second password;
  
  second signaling means, responsive to the first response, for sending a third password to the second network, the third password being derived from the first element; and
  
  matching means for matching the third password against the second password stored in the second network.
- View Dependent Claims (16, 17, 18, 19)
- - 16. An authentication system according to claim 15, wherein the first password further comprises a second element derived from a first identifier used to identify a user in the second network, the authentication system further comprising:
    - third signaling means for sending a second request from the first network to the second network, the second request being such that the second request triggers in the second network a sending of a second response which includes the first identifier stored in the second network;
      
      comparison means for comparing the first identifier included in the second response with the second element of the first password;
      
      wherein the first signaling means are responsive to the comparison means.
  - 17. An authentication system according to claim 16, wherein the second network is a mobile communication network.
  - 18. An authentication system according to claim 17, wherein the first network is an access network.
  - 19. An authentication system according to claim 18, wherein the access network is a WLAN network and the service is an access service providing access to the WLAN network.

20. A network element for authenticating users in a first network, the network element comprising:
- first reception means for receiving a first password comprising a first element derived from a second password stored in a second network external to the first network;
  
  first signaling means for sending a first request to the second network, the first request being such that the first request triggers in the second network a sending of a first response which requests the second password;
  
  second signaling means, responsive to the first response, for sending a third password to the second network, the third password being derived from the first element;
  
  second reception means for receiving a notification indicating whether the third password and the second password have a predetermined relationship; and
  
  means for generating an authentication result on the basis of the notification.
- View Dependent Claims (21)
- - 21. A network element according to claim 20, the network element further comprising:
    - third signaling means for sending a second request from the first network to the second network, the second request being such that the second request triggers in the second network a sending of a second response which includes a first identifier stored in the second network, the first identifier identifying the user in the second network;
      
      comparison means for comparing a first identifier included in the second response with a second element in the first password, the second element being derived from the first identifier;
      
      wherein the first signaling means are responsive to the comparison means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Hartikainen, Auvo, Tuomi, Jukka

Application Number

US10/411,364
Publication Number

US 20040162998A1
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/72   Subscriber identity

H04W 84/12   WLAN [Wireless Local Area N...

Service authentication in a communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Service authentication in a communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links