Localized authentication, authorization and accounting (AAA) method and apparatus for optimizing service authentication and authorization in a network system

US 20060190601A1
Filed: 02/22/2006
Published: 08/24/2006
Est. Priority Date: 02/24/2005
Status: Abandoned Application

First Claim

Patent Images

1. An authentication and authorization method in a network system which includes a mobile terminal and a home authentication, authorization and accounting (AAA) server, the method comprising:

receiving a network access service request signal from the mobile terminal;

forwarding the received network access service request signal to the home AAA server which corresponds to the network access service request signal;

receiving a service list corresponding to the network access service request signal; and

sending a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication and authorization method/apparatus, in a network system which includes a mobile terminal and a home authentication, authorization and accounting (AAA) server, includes: receiving a network access service request signal from the mobile terminal; forwarding the received network access service request signal to the home AAA server which corresponds to the network access service request signal; receiving a service list corresponding to the network access service request signal; and sending a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list. The single network access service authorization is used for subsequent service authorizations so that the service delay due to the AAA protocol exchanges can be reduced. Delivery of the service list accompanied by an automatic security key generation mechanism achieves local authentication and authorization of local services without involving the home AAA server.

Citations

43 Claims

1. An authentication and authorization method in a network system which includes a mobile terminal and a home authentication, authorization and accounting (AAA) server, the method comprising:
- receiving a network access service request signal from the mobile terminal;
  
  forwarding the received network access service request signal to the home AAA server which corresponds to the network access service request signal;
  
  receiving a service list corresponding to the network access service request signal; and
  
  sending a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authentication and authorization method of claim 1, further comprising:
    - creating, by the mobile terminal, a service key which is used to secure a selected service request signal after receiving the network access service authorization signal.
  - 3. The authentication and authorization method of claim 2, further comprising:
    - creating, by the home AAA server, a service key which is used to secure a service authorization signal corresponding to the selected service request signal when the selected service request signal is received from the mobile terminal.
  - 4. The authentication and authorization method of claim 1, further comprising:
    - sending, by the mobile terminal, the network access service request signal to a service access point.
  - 5. The authentication and authorization method of claim 4, wherein the service access point comprises a network access server.
  - 6. The authentication and authorization method of claim 1, further comprising:
    - forwarding a corresponding service authorization signal according to a received authorized service list (ASL) of the mobile terminal when a selected service request signal is received from the mobile terminal.
  - 7. The authentication and authorization method of claim 6, further comprising:
    - forwarding, by the mobile terminal, the selected service request signal to a service access point.
  - 8. The authentication and authorization method of claim 7, wherein the service access point comprises one of a network access server, a home agent, and a session initiation protocol (SIP) server.
  - 9. The authentication and authorization method of claim 6, wherein the ASL includes a service code of an authorized service corresponding to the selected service request signal.
  - 10. The authentication and authorization method of claim 1, further comprising:
    - adding at least one authorized service to the received service list to comprise an authorized service list (ASL) of the mobile terminal.

11. A network system, comprising:
- a local authentication, authorization and accounting (AAA) server to receive a network access service request signal from a mobile terminal and forward the received network access service request signal according to information corresponding to the mobile terminal sending the network access service request signal; and
  
  a home AAA server to receive the forwarded network access service request signal and send a service list corresponding to the network access service request signal to the local AAA server, wherein the local AAA server sends a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 12. The network system of claim 11, wherein the mobile terminal creates a service key which is used to secure a selected service request signal after receiving the network access service authorization signal.
  - 13. The network system of claim 12, wherein the local AAA server creates a service key which is used to secure a service authorization signal corresponding to the selected service request signal when the selected service request signal is received from the mobile terminal.
  - 14. The network system of claim 11, further comprising:
    - a service access point to receive the network access service request signal from the mobile terminal.
  - 15. The network system of claim 14, wherein the service access point comprises a network access server.
  - 16. The network system of claim 11, wherein the local AAA server forwards a corresponding service authorization signal according to a received authorized service list (ASL) of the mobile terminal when a selected service request signal is received from the mobile terminal.
  - 17. The network system of claim 16, further comprising:
    - a service access point to receive the selected service request signal from the mobile terminal.
  - 18. The network system of claim 17, wherein the service access point comprises one of a network access server, a home agent, and a session initiation protocol (SIP) server.
  - 19. The network system of claim 16, wherein the ASL includes a service code of the authorized service corresponding to the selected service request signal.
  - 20. The network system of claim 11, wherein the local AAA server additionally adds at least one authorized service to the received service list to comprise an authorized service list (ASL) of the mobile terminal.
  - 21. The network system of claim 11, wherein the local AAA server sends a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list for a subsequent service authorization, without again submitting the network access service request signal to the home AAA server.
  - 22. The network system of claim 11, wherein the received service list includes a service code corresponding to an authorized service.
  - 23. The network system of claim 11, wherein the received service list comprises an authorized service list (ASL) of the mobile terminal and includes a service code corresponding to each authorized service of the mobile terminal on the authorized service list (ASL).
  - 24. The network system of claim 23, wherein the local AAA server additionally adds at least one authorized service to the received service list to comprise the authorized service list (ASL) of the mobile terminal.
  - 25. The network system of claim 11, wherein the home AAA server sends to the local AAA server a service authorization signal that corresponds to the network access service request signal from the mobile terminal, when the home AAA server determines that the network access service is authorized.
  - 26. The network system of claim 25, wherein the home AAA server sends to the local AAA server an AAA-key corresponding to an authorized service list (ASL) for the mobile terminal.
  - 27. The network system of claim 11, wherein the mobile terminal creates a service key which is used to secure a selected service request signal after receiving the network access service authorization signal, and the local AAA server creates a service key which is used to secure a service authorization signal corresponding to the selected service request signal when the selected service request signal is received from the mobile terminal.
  - 28. The network system of claim 27, wherein the home AAA server sends to the local AAA server an AAA-key corresponding to an authorized service list (ASL) for the mobile terminal.
  - 29. The network system of claim 28, wherein the local AAA server sends a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list for a subsequent service authorization, without again submitting the network access service request signal to the home AAA server.
  - 30. The network system of claim 27, wherein the local AAA server sends a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list for a subsequent service authorization, without again submitting the network access service request signal to the home AAA server.

31. An authentication and authorization method in a network system which includes a mobile terminal, a local authentication, authorization and accounting (AAA) server and a home AAA server, the method comprising:
- receiving, by the local AAA server, a network access service request signal from the mobile terminal;
  
  forwarding, by the local AAA server, the received network access service request signal to the home AAA server which corresponds to the network access service request signal;
  
  receiving, by the AAA local server from the home AAA server, a service list corresponding to the network access service request signal; and
  
  sending, by the AAA local server, a network access service authorization signal to the mobile terminal when the service authorization of the mobile terminal is verified based on the received service list.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 32. The authentication and authorization method of claim 31, further comprising:
    - when the service authorization of the mobile terminal is verified based on the received service list, for a subsequent service authorization of the mobile terminal, sending by the AAA local server a network access service authorization signal to the mobile terminal without again forwarding by the local AAA server the network access service request signal to the home AAA server.
  - 33. The authentication and authorization method of claim 31, further comprising:
    - creating, by the mobile terminal, a service key which is used to secure a selected service request signal after receiving the network access service authorization signal.
  - 34. The authentication and authorization method of claim 33, further comprising:
    - creating, by the local AAA server, a service key which is used to secure a service authorization signal corresponding to the selected service request signal when the selected service request signal is received from the mobile terminal.
  - 35. The authentication and authorization method of claim 34, further comprising:
    - when the service authorization of the mobile terminal is verified based on the received service list, for a subsequent service authorization of the mobile terminal, sending by the AAA local server a network access service authorization signal to the mobile terminal without again forwarding by the local AAA server the network access service request signal to the home AAA server.
  - 36. The authentication and authorization method of claim 35, further comprising:
    - creating, by the home AAA server, a service key which is used to secure a service authorization signal corresponding to the selected service request signal when the selected service request signal is received from the mobile terminal.
  - 37. The authentication and authorization method of claim 34, further comprising:
    - creating, by the home AAA server, a service key which is used to secure a service authorization signal corresponding to the selected service request signal when the selected service request signal is received from the mobile terminal.
  - 38. The authentication and authorization method of claim 31, further comprising:
    - forwarding, by the mobile terminal, a selected service request signal to a service access point; and
      
      forwarding, by the service access point, the selected service request signal to the local AAA server.
  - 39. The authentication and authorization method of claim 38, wherein the service access point comprises one of a network access server, a home agent, and a session initiation protocol (SIP) server.
  - 40. The authentication and authorization method of claim 39, further comprising:
    - when the service authorization of the mobile terminal is verified based on the received service list, for a subsequent service authorization of the mobile terminal, sending by the AAA local server a network access service authorization signal to the mobile terminal without again forwarding by the local AAA server the network access service request signal to the home AAA server.
  - 41. The authentication and authorization method of claim 31, further comprising:
    - adding by the local AAA server at least one authorized service to the received service list to comprise an authorized service list (ASL) of the mobile terminal.
  - 42. The authentication and authorization method of claim 41, further comprising:
    - when the service authorization of the mobile terminal is verified based on the authorized service list (ASL) of the mobile terminal, for a subsequent service authorization of the mobile terminal, sending by the AAA local server a network access service authorization signal to the mobile terminal without again forwarding by the local AAA server the network access service request signal to the home AAA server.

43. An authentication and authorization method in a network system, the method comprising:
- sending a network access service request signal from a mobile terminal;
  
  receiving a single network access service authorization comprising a service list in response to the network access service request signal; and
  
  sending, for an initial and for any subsequent service authorization of the mobile terminal, a network access service authorization signal to the mobile terminal based upon the single network access service authorization, when the service authorization of the mobile terminal is verified based on the received service list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Lee, Byoung-Joon, Yegin, Alper

Application Number

US11/358,923
Publication Number

US 20060190601A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04W 12/041   Key generation or derivation

H04W 12/084   using delegated authorisati...

H04W 80/04   Network layer protocols, e....

H04W 80/10   adapted for application ses...

Localized authentication, authorization and accounting (AAA) method and apparatus for optimizing service authentication and authorization in a network system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Localized authentication, authorization and accounting (AAA) method and apparatus for optimizing service authentication and authorization in a network system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links