Linked authentication protocols
First Claim
1. A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key;
- the method comprising;
executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity;
and subsequently executing a third authentication protocol by the steps of;
sharing challenge data between the network entity and the terminal;
forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means;
transmitting a message comprising terminal authentication data, from the terminal to the network entity;
and determining based on the terminal authentication data whether to provide the terminal with access to a service;
wherein in the determining step the terminal is provided with access to the service only if the terminal authentication data equals a predetermined function of at least the test data and the second key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key; the method comprising; executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity; and subsequently executing a third authentication protocol by the steps of: sharing challenge data between the network entity and the terminal; forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means; transmitting a message comprising authentication data, from the terminal to the network entity; and determining based on the authentication data whether to provide the terminal with access to a service; wherein in the determining step the terminal is provided with access to the service only if the authentication data equals a predetermined function of at least the test data and the second key.
71 Citations
22 Claims
-
1. A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key;
- the method comprising;
executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity;
and subsequently executing a third authentication protocol by the steps of;
sharing challenge data between the network entity and the terminal;
forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means;
transmitting a message comprising terminal authentication data, from the terminal to the network entity;
and determining based on the terminal authentication data whether to provide the terminal with access to a service;
wherein in the determining step the terminal is provided with access to the service only if the terminal authentication data equals a predetermined function of at least the test data and the second key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- the method comprising;
-
18. A communication system comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key;
- the system being arranged to perform an authentication method comprising the steps of;
executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity;
and subsequently executing a third authentication protocol by the steps of;
sharing challenge data between the network entity and the terminal;
forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means;
transmitting a message comprising terminal authentication data, from the terminal to the network entity;
and determining based on the terminal authentication data whether to provide the terminal with access to a service;
wherein in the determining step the terminal is provided with access to the service only if the terminal authentication data is consistent with the network authentication data computed as a predetermined function of at least the test data and the second key.
- the system being arranged to perform an authentication method comprising the steps of;
-
19. A communication system comprising a terminal, a network entity and an authentication functionality, the terminal comprising identification means for applying an authentication function to input data to form response data, and the communication system being arranged to utilise a first authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a key for use in securing subsequent communications between the terminal and the network entity;
- and the communication system being arranged to perform an authentication method comprising the steps of;
executing a second authentication protocol for authentication of the terminal, wherein an authentication functionality supplies challenge data to the terminal, the terminal forms response data and test data by applying the authentication function to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data; and
subsequently executing a third linking protocol by the steps of forming at the terminal secret session keys by at least applying a predetermined function to the secret test data by means of the shared key established in the first protocol;
forming at the network entity secret session keys by at least applying a predetermined function to the secret test data by means of the shared key established in the first protocol;
wherein in the secret session keys are used to secure the subsequent communication between the terminal and some network element.
- and the communication system being arranged to perform an authentication method comprising the steps of;
-
20. A an authentication method for use in a communication system comprising a terminal, a network entity and an authentication functionality, the terminal comprising identification means for applying an authentication function to input data to form response data, and the communication system being arranged to utilise a first authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a key for use in securing subsequent communications between the terminal and the network entity;
- and the authentication method comprising the steps of;
executing a second authentication protocol for authentication of the terminal, wherein an authentication functionality supplies challenge data to the terminal, the terminal forms response data and test data by applying the authentication function to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data; and
subsequently executing a third linking protocol by the steps of forming at the terminal secret session keys by at least applying a predetermined function to the secret test data by means of the shared key established in the first protocol;
forming at the network entity secret session keys by at least applying a predetermined function to the secret test data by means of the shared key established in the first protocol;
wherein in the secret session keys are used to secure the subsequent communication between the terminal and some network element.
- and the authentication method comprising the steps of;
-
21. (canceled)
-
22. (canceled)
Specification