Authenticating users

US 20050287990A1
Filed: 02/17/2005
Published: 12/29/2005
Est. Priority Date: 06/28/2004
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising:

allocating to a user a plurality of service-specific identities for accessing respective services;

issuing a request from the user, the request identifying the service to be accessed and including a public key of the user;

at a certification authority, authenticating the request and issuing a public key certificate for binding a service-specific identity with the public key in the request, and returning the public key certificate to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.

Citations

19 Claims

1. A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising:
- allocating to a user a plurality of service-specific identities for accessing respective services;
  
  issuing a request from the user, the request identifying the service to be accessed and including a public key of the user;
  
  at a certification authority, authenticating the request and issuing a public key certificate for binding a service-specific identity with the public key in the request, and returning the public key certificate to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the request includes a service identifier identifying the service to be accessed and a requester identifier identifying the user, the method comprising the further step of:
    - at the certification authority, mapping the service identifier and the requester identifier to the service-specific identity to be authenticated.
  - 3. The method according to claim 1, wherein the request identifies the service-specific identity and wherein the method comprises the further step of:
    - verifying by the certification authority that the user is authorized to use the service-specific identity.
  - 4. The method according to claim 1, wherein the step of issuing comprises issuing the request comprising a message including a plurality of fields, one of said fields holding a service identifier for identifying the service to be accessed.
  - 5. The method according to claim 4, wherein the field holding the service identifier is a subject field.
  - 6. The method according to claim 4, wherein the step of issuing comprises issuing the request comprising a PKCS#10 message.
  - 7. The method according to claim 4, wherein the step of issuing comprises issuing the request comprising a CRMF message.
  - 8. The method according to claim 4, wherein the step of issuing comprises issuing the request comprising a HTTP message.
  - 9. The method according to claim 1, comprising implementing the steps of allocating, issuing, authenticating and returning in a wireless communications network.

10. A user terminal for use in a communications network comprising:
- means for issuing a request identifying a service to be accessed and including a public key;
  
  means for receiving a public key certificate issued by a certification authority which associates a service-specific identity for the service to be accessed with the public key; and
  
  means for forwarding the public key certificate to a service provider for authenticating the service-specific identity for the user and thereby authorising the access to the service.
- View Dependent Claims (11, 12, 13)
- - 11. The user terminal according to claim 10, further comprising means for establishing shared key material with the certification authority prior to issuing the request.
  - 12. The user terminal according to claim 10, comprising means for generating an asymmetric key pair including the public key and a private key.
  - 13. The user terminal according to claim 10, comprising means for issuing said request over a wireless interface.

14. An authentication system for use in a communications network for allowing access to a service from a service provider, the system comprising:
- means for receiving a request from a user, the request identifying the service to be accessed and including a public key of the user; and
  
  a certification authority arranged to authenticate the request and issue a public key certificate for a service-specific identity of the service to be accessed and to return the public key certificate to the user.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The authentication system according to claim 14, comprising an authentication server configured to authenticate the identity of the user issuing the request.
  - 16. The authentication system according to claim 14, comprising a federation database being configured to map service and requester identifiers to service-specific identities for accessing respective services.
  - 17. An authentication server for use in an authentication system according to claim 14, the authentication server being adapted to authenticate the identity of the user issuing the request.
  - 18. A federation database for use in an authentication system according to claim 14, the federation database being adapted to map service and requestor identifiers to service-specific identities for accessing respective services.
  - 19. The authentication system according to claim 14, wherein said means for receiving said request comprises means for receiving said request over a wireless interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Asokan, Nadarajah, Laitinen, Pekka, Mononen, Risto

Granted Patent

US 7,788,493 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0421   Anonymous communication, i....

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

Authenticating users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links