Authentication between a cellular phone and an access point of a short-range network

US 20050130627A1
Filed: 11/26/2004
Published: 06/16/2005
Est. Priority Date: 11/26/2003
Status: Active Grant

First Claim

Patent Images

1. An authentication method between a short-range wireless network having access points and a mobile terminal within a cellular radio communication network comprising:

transmitting, to a controller linked to the cellular network, a request including a mobile terminal address and an address of an access point in a zone including the mobile terminal and generating a secret code, transmitting from the controller to the access point a confirming message including the secret code and a connection request message including the secret code and the mobile terminal address which is retrieved from the request, requesting a connection of the mobile terminal to the access point designated by the address as retrieved from the confirming message, so the mobile terminal and the access point can generate a session key as a function of (a) the access point address of the mobile terminal address and of the secret code retrieved from the confirming message, and from the connection request message and authenticating the mobile terminal by the access point as a function of the session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To render secure a connection between an access point of a short-range network and a mobile terminal within a cellular network while precluding acquisition of a PIN code, a platform transmits a confirming message, including a secret code and the access point address retrieved from a terminal request, to the terminal through the cellular network and a connection request message including the secret code and the mobile terminal address to the access point. The access point authenticates the terminal, or the terminals authenticate each other as a function of a session key determined as a function of the secret code retrieved from the connection request message and from the confirming message.

131 Citations

21 Claims

1. An authentication method between a short-range wireless network having access points and a mobile terminal within a cellular radio communication network comprising:
- transmitting, to a controller linked to the cellular network, a request including a mobile terminal address and an address of an access point in a zone including the mobile terminal and generating a secret code, transmitting from the controller to the access point a confirming message including the secret code and a connection request message including the secret code and the mobile terminal address which is retrieved from the request, requesting a connection of the mobile terminal to the access point designated by the address as retrieved from the confirming message, so the mobile terminal and the access point can generate a session key as a function of (a) the access point address of the mobile terminal address and of the secret code retrieved from the confirming message, and from the connection request message and authenticating the mobile terminal by the access point as a function of the session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the access point generates the session key as a function of (a) the access point address of the mobile terminal address and (b) the secret code retrieved from the confirming message, and from the connection request message.
  - 3. The method of claim 1, wherein authentication of the mobile terminal by the access point comprises generating from the access point, a reply as a function of the session key at the mobile terminal which transmits the reply to the access point through the short-range network, and by generating a reply as a function of the session key and by comparing the replies, responding to a favorable comparison by authorizing opening a session between the access point and the mobile terminal.
  - 4. The method of claims 1, wherein authentication of the access point by the mobile terminal as a function of the session key is in response to the access point authenticating the mobile terminal.
  - 5. The method of claim 4, wherein access point authentication by the mobile terminal comprises transmitting a request from the access point to the mobile terminal, in the transmitted request requesting the mobile terminal to authenticate the access point by asking the access point to generate a second reply as a function of the session key) and transmit the second reply to the mobile terminal through the short-range network, by generating a second reply as a function of the session key, and authorizing opening the session only in response to the replies being favorably compared at the mobile terminal.
  - 6. The method of claim 1 further comprising repeating the connection request steps at most a predetermined number of times or until the authentication thereof is successful, whichever occurs first.
  - 7. The method of claim 1 further comprising repeating the transmitting request and authenticating steps for another access point in the zone covered by the mobile terminal.
  - 8. The method of claim 7 further comprising repeating the connection request steps at most a predetermined number of times or until the authentication thereof is successful, whichever occurs first.
  - 9. The method of claim 1 further comprising the mobile terminal searching for the access point having the highest power level received by the mobile terminal among the access points of the zone covered by the mobile terminal, designating as the optimal access point the access point having the highest power level, and causing said mobile terminal to insert the address of the optimal access point into the request.
  - 10. The method of claim 1 further comprising, in the mobile terminal searching access points in the zone covered by mobile terminal, inserting addresses of the found access points into the request and inserting, into the controller a selection of the address of an optimal access point from among the access point addresses retrieved from the request according to a predetermined criterion, and inserting the optimal access point address into the confirming message transmitted to the mobile terminal and into the connection request message transmitted to the optimal access point.
  - 11. The method of claim 1 wherein the predetermined criterion relates to comparing power levels of the found access points received by the mobile terminal and transmitted jointly with the addresses of the access points found in the request, and causing the controller to designate the access point having the highest received power level as the optimal access point.
  - 12. The method of claim 10 wherein the predetermined criterion relates to comparing the traffic loads of the access points found in by the mobile terminal, and causing the controller to select as the optimal access point the access point exhibiting the least traffic load.
  - 13. The method of claim 10 wherein the predetermined criterion also relates to eliminating one of the addresses of the found access points that are situated outside a zone including the mobile terminal and defined within the cellular network before the address of the optimal access point is selected.
  - 14. The method of claim 1 wherein the secret code generated by the controller is generated in a pseudo-random manner, the code having a length larger than 16 octets.
  - 15. The method of claim 1 further comprising, causing the controller to generate the session key instead of the session key being generated in the mobile terminals and at the access point, and inserting the generated session key instead of the secret code in the confirming message and in the connection request message.

16. A controller linked to a cellular radio communication network adapted to participate in authenticating a link between a short-range wireless network and a mobile terminal (TM) in the cellular network, the controller being arranged to reply to a request including the address of the mobile terminal and the address of an access point in the zone covered by the mobile terminal, by generating (a) a secret code and transmitting a confirming message including the secret code and the access point address retrieved from the request to the mobile terminal through the cellular network and (b) a connection request message including the secret code and the mobile terminal address retrieved from the request to the access point so the mobile terminal can ask for a connection to the access point designated by the address retrieved from the confirming message.
- View Dependent Claims (17, 18, 19, 21)
- - 17. The controller of claim 16 in combination with a mobile terminal and the access point, the mobile terminal and the access point being arranged to generate a session key (1) as a function of (a) the access point address, (b) the mobile terminals assess, (c) the secret code retrieved from the confirming message, and (2) from the connection request message, the access point being arranged to authenticate the mobile terminal as a function of the session key.
  - 18. The combination of claim 17 wherein the controller is arranged to generate the session key and insert it, instead of the secret code, into the confirming message and into the connection request message.
  - 19. The controller of claim 17 wherein the controller is arranged to generate the session key and insert it, instead of the secret code, into the confirming message and into the connection request message
  - 21. A system including the access point, short range network, mobile terminal and cellular network of claim 19 for performing the method of claim 20.

20. A method of securing a connection between an access point of a short-range network and a mobile terminal within a cellular network while precluding acquisition of a PIN code, comprising transmitting (a) a confirming message including a secret code and the access point address retrieved from a terminal request to the terminal through the cellular network and (b) a connection request message including the secret code and the mobile terminal address to the access point causing the access point to authenticate the terminal or the terminals to authenticate each other as a function of a session key determined as a function of the secret code retrieved from the connection request message and from the confirming message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Calmels, Benoit, Maguy, Christophe, Trillaud, Sebastien

Granted Patent

US 7,590,246 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/71   Hardware identity

H04W 12/73   Access point logical identity

H04W 84/18   Self-organising networks, e...

H04W 88/06   adapted for operation in mu...

Authentication between a cellular phone and an access point of a short-range network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

131 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication between a cellular phone and an access point of a short-range network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links