GSM-like and UMTS-like authentication in a CDMA2000 network environment
First Claim
1. An authentication server used in a CDMA2000 network for authenticating a user terminal connected to a non-CDMA2000 network by using a root secret key in a GSM/UMTS-like authentication method, wherein said root secret key is shared between said user terminal and said CDMA2000 network.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication server (e.g., AAA server) is described herein which is located in a CDMA2000 network and used to authenticate a user terminal that is connected to a non-CDMA2000 network. The authentication server receives an access request for authenticating the user terminal connected to the non-CDMA2000 network. Then, it obtains a root secret key shared between the user terminal and the CDMA2000 network and generates a GSM or UMTS-like authentication vector which is used to authenticate the user terminal according to a GSM or UMTS-like authentication method. The access of the terminal to the non-CDMA2000 network is granted upon successful authentication. According to embodiments of the invention, the non-CDMA2000 network can be a WLAN network, and the authentication methods used can be EAP SIP or EAP AKA. The present invention allows one to use authentication servers that were originally intended for WLAN-3GPP interworking scenarios also in WLAN-CDMA2000 network interworking.
-
Citations
22 Claims
- 1. An authentication server used in a CDMA2000 network for authenticating a user terminal connected to a non-CDMA2000 network by using a root secret key in a GSM/UMTS-like authentication method, wherein said root secret key is shared between said user terminal and said CDMA2000 network.
-
4. A system comprising:
-
an user side located in a non-CDMA2000 network;
a network side, located in a CDMA2000 network, including an authentication server for authenticating a user terminal connected to the non-CDMA2000 network by using a root secret key in a GSM/UMTS-like authentication method;
said user side including an authenticating peer that uses the root secret key in the GSM/UMTS-like authentication method; and
wherein said root secret key is shared between said user side and said network side. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. An authentication server used in a CDMA2000 network to authenticate a user terminal connected to a non-CDMA2000 network, said authentication server comprising:
-
a processor for receiving an access request to authenticate the user terminal;
said processor for obtaining a root secret key shared between said user terminal and said CDMA2000 network; and
said processor for using the root secret key to derive a GSM/UMTS-like authentication vector used to authenticate the user terminal according to a GSM/UMTS-like authentication method. - View Dependent Claims (12, 13, 14)
-
-
15. An authenticating peer used in a non-CDMA2000 network to authenticate a user terminal connected to the non-CDMA2000 network, said authenticating peer comprising:
-
a processor for receiving a GSM/UMTS-like authentication challenge from an authentication server in a CDMA2000 network;
said processor for obtaining a root secret key shared with the CDMA2000 network; and
said processor for using the root secret key to generate a GSM/UMTS-like authentication response to the received GSM/UMTS-like authentication challenge. - View Dependent Claims (16, 17)
-
-
18. A method used in a CDMA2000 network for authenticating a user terminal connected to a non-CDMA2000 network, said method comprising the steps of:
-
a) receiving, at an authentication server in said CDMA2000 network, an access request for authenticating said user terminal;
b) obtaining, at the authentication server, a root secret key shared between said user terminal and said CDMA2000 network; and
c) using, at the authentication server, the root secret key to derive a GSM/UMTS-like authentication vector for authenticating the user terminal according to a GSM/UMTS-like authentication method. - View Dependent Claims (19, 20, 21)
-
-
22. A method for using an EAP AKA authentication mechanism to enable WLAN-CDMA2000 network interworking, said method comprising the steps of:
-
on a network side;
receiving an access-request message from a WLAN at an authentication server;
generating at the authentication server an EAP AKA authentication vector including RAND and AUTN using a CDMA2000 root secret key; and
sending from the authentication server an access-challenge message which contains the RAND, the AUTN and a MAC to the WLAN; and
on a user side;
receiving an access-challenge message which contains the RAND, the AUTN and a MAC from the WLAN;
generating RES, IK and CK using the CDMA2000 root secret key;
sending a response to the access-challenge message which contains the RES and the MAC to the WLAN; and
on the network side;
receiving at the authentication server a response to the access-challenge message which contains the RES and the MAC from the WLAN; and
checking at the authentication server the response to the access-challenge message and if the authentication is successful then sending an access-accept message to the WLAN; and
on the user side;
receiving an access-accept message from the WLAN.
-
Specification