Broker-based interworking using hierarhical certificates
First Claim
1. In a wireless LAN (WLAN) having an interworking function, a method for interworking between the WLAN and a second network, the WLAN and the second network capable of communicating with a broker, the method comprising the steps of:
- receiving from the broker, a first key;
receiving from a user device, a second network to user certificate that includes a broker to second network certificate and a second key;
authenticating the broker to second network certificate using the first key to derive a third key;
authenticating the second network to user certificate using the third key to derive the second key;
generating a session key, encrypting the session key using the second key, and transmitting the encrypted session key to the user device; and
communicating with the user device using the session key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authentication authorization and accounting (AAA) in an interworking between at least two networks. The at least two networks are capable of communicating with a broker and include a first network and a second network to user certificate from a user device corresponding to a user of the first network. The first network to user certificate is signed by at a first network private key and includes a broker to first network certificate and a user public key. The broker to first network certificate is signed by a broker private key and includes a first network public key. A session key is sent from the second network to the user device when the broker to first network certificate and the first network to user certificate are determined to be authentic by the second network based upon the broker public key and the first network public key, respectively. The session key is encrypted with the user public key. The session key is permitting the user device to access the second network.
28 Citations
15 Claims
-
1. In a wireless LAN (WLAN) having an interworking function, a method for interworking between the WLAN and a second network, the WLAN and the second network capable of communicating with a broker, the method comprising the steps of:
-
receiving from the broker, a first key;
receiving from a user device, a second network to user certificate that includes a broker to second network certificate and a second key;
authenticating the broker to second network certificate using the first key to derive a third key;
authenticating the second network to user certificate using the third key to derive the second key;
generating a session key, encrypting the session key using the second key, and transmitting the encrypted session key to the user device; and
communicating with the user device using the session key. - View Dependent Claims (2, 3, 4)
-
-
5. In a wireless LAN (WLAN) having an interworking function, a method for interworking between the WLAN and a second network, the WLAN and the second network capable of communicating with a broker, the method comprising the steps of:
-
receiving, from the broker, a broker public key;
receiving, from a user device, a second network to user certificate, which is signed with a second network private key and includes a broker to second network certificate and a user public key, the broker to second network certificate being signed with a broker private key and including a second network public key;
authenticating the broker to second network certificate using the broker public key and deriving the second network public key;
authenticating the second network to user certificate using the second network public key and deriving the user public key;
generating a session key, encrypting the session key using the user public key, and transmitting the encrypted session key to the user device; and
communicating with the user device using the session key. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for communicating with a wireless LAN (WLAN) using a user device that has a subscription to a second network, the second network having an interworking contract with the WLAN, the WLAN and the second network capable of communicating with a broker, the method comprising the steps of:
-
receiving, from the second network, a second network to user device certificate, which is signed with a second network private key, and includes a broker to network certificate and a user public key;
transmitting to the WLAN the second network to user device certificate, wherein the WLAN is able to derive the user public key using a broker public key received from the broker entity;
receiving, from the WLAN, a session key encrypted using the user public key;
decrypting the session key with a user private key; and
communicating with the WLAN using the session key. - View Dependent Claims (11, 12, 13)
-
-
14. A broker based system for authenticating users in networks having interworking relationships, comprising:
-
a wireless LAN (WLAN) having an interworking function;
a second network; and
a broker capable of communicating with the WLAN and the second network, the broker having means for transmitting a broker public key to the WLAN, and means for transmitting a broker to second network certificate, which is signed with a broker private key and includes a second network public key, to the second network, the second network including means for transmitting, to a user device, a second network to user certificate signed with a second network private key and includes the broker to second network certificate and the user public key, the WLAN including means for authenticating the broker to second network certificate and deriving the second network public key, means for authenticating the second network to user certificate and deriving the user public key, and means for generating a session key and encrypting the session key with the user public key. - View Dependent Claims (15)
-
Specification