Certificate based authentication authorization accounting scheme for loose coupling interworking
First Claim
1. A method for providing Authentication, Authorization and Accounting (AAA) in a first network for a mobile device that is associated with a second network, the first and second networks having respective AAA schemes, comprising the steps of:
- receiving a first key from the second network;
receiving a certificate from a mobile device; and
authenticating the certificate using the key, and if the certificate is authenticated, generating a session key, transmitting the session key to the mobile device, and allowing the mobile device to access the first network using the session key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of Authentication Authorization and Accounting (AAA) in an interworking between first and second networks that do not belong in the same asministrative domain, using certificate based transactions. In the method according to the invention, the second network sends a public key to the first network, and a certificate to a mobile device. The certificate includes information regarding the subscription level of the mobile device and is signed with a private key of the second network. Upon detection of the first network the mobile device transmits the certificate and the first network authenticates the certificate using the public and private keys of the second network, and authorizes access to the network in response. The first network then sends a session key encrypted with a public key of the mobile device. The mobile device decrypts the session key with a private key and access the first network using the session key. In this manner, interworking is implemented without requiring the deployment of a special interworking function to bridge between the two different types of networks.
87 Citations
20 Claims
-
1. A method for providing Authentication, Authorization and Accounting (AAA) in a first network for a mobile device that is associated with a second network, the first and second networks having respective AAA schemes, comprising the steps of:
-
receiving a first key from the second network;
receiving a certificate from a mobile device; and
authenticating the certificate using the key, and if the certificate is authenticated, generating a session key, transmitting the session key to the mobile device, and allowing the mobile device to access the first network using the session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for accessing a first network using a mobile device associated with a second network, including authentication, authorization, and accounting (AAA) via the first network, comprising the steps of:
-
receiving a certificate from a second network that has an existing interworking relationship with the first network;
in response to detection of the first network, transmitting the certificate to the first network, whereby AAA may be performed in response to the certificate and a first key transmitted from the second network to the first network;
receiving a session key from the first network upon authentication; and
accessing the first network using the session key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for accessing a first network, including authentication, authorization, and accounting via the first network, and for associating with a second network, comprising:
-
means for receiving a certificate from the second network, which has an existing interworking relationshipt with the first network;
means for storing the certificate;
means for detecting the presence of the first network, and transmitting the certificate to the first network in response to the detection of the first network, whereby AAA can be performed by the first network in response to the certificate and a key provided by the second network;
means for receiving a session key from the first network; and
means for accessing the first network using the session key. - View Dependent Claims (18, 19, 20)
-
Specification