Method and apparatus for using generic authentication architecture procedures in personal computers

US 20060218396A1
Filed: 01/10/2006
Published: 09/28/2006
Est. Priority Date: 01/12/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating to a third party service provider from a personal computer, comprising:

authenticating, with a mobile terminal, to the service provider with an identity module associated with the mobile terminal to obtain credentials specific to the service provider;

transferring the credentials specific to the service provider from the mobile terminal to the personal computer; and

accessing the service provider with the personal computer using the credentials transferred from the mobile terminal.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating to a third party service provider from a personal computer. The method includes authenticating, with a mobile terminal, to the service provider with a universal subscriber identity module associated with the mobile terminal to obtain credentials specific to the service provider, transferring the credentials specific to the service provider from the mobile terminal to the personal computer, and accessing the service provider with the personal computer using the credentials transferred from the mobile terminal. The apparatus includes a mobile terminal, a computing device, a bootstrapping security module, and a network application function that cooperatively work to allow the computing device to access the network application function using a security credential from the mobile terminal.

90 Citations

View as Search Results

22 Claims

1. A method for authenticating to a third party service provider from a personal computer, comprising:
- authenticating, with a mobile terminal, to the service provider with an identity module associated with the mobile terminal to obtain credentials specific to the service provider;
  
  transferring the credentials specific to the service provider from the mobile terminal to the personal computer; and
  
  accessing the service provider with the personal computer using the credentials transferred from the mobile terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - attempting, by the personal computer, to access the service provider;
      
      receiving an authentication request in the personal computer from the service provider in response to the access attempt; and
      
      querying, with a generic authentication architecture component in the personal computer, a generic authentication architecture component in the mobile terminal for the credentials.
  - 3. The method of claim 2, wherein querying further comprises:
    - sending a message from the generic authentication architecture component in the personal computer to the generic authentication architecture component in the mobile terminal containing an identification for the service provider;
      
      requesting, with the generic authentication architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
      
      establishing the credentials between the bootstrapping server function and the generic authentication architecture component in the mobile terminal; and
      
      sending the credentials from the generic authentication architecture component in the mobile terminal to the generic authentication architecture component in the personal computer.
  - 4. The method of claim 1, wherein the identity module comprises a universal subscriber identity module.
  - 5. The method of claim 1, wherein the service provider comprises a network application function.
  - 6. The method of claim 2, wherein the authentication request comprises a PKCS10 request, and the credentials comprise a subscriber certificate.
  - 7. The method of claim 1, wherein transferring the credentials further comprises prompting a user of the mobile terminal for approval to transfer the credentials to the personal computer and transferring the credentials after receiving the approval from the user.
  - 8. The method of claim 1, wherein the credentials comprise a bootstrapping transaction identifier and a network application function specific shared secret.
  - 9. The method of claim 8, wherein the bootstrapping transaction identifier and a network application function specific shared secret comprise a BTID and Ks_NAF.
  - 10. The method of claim 1, wherein the credentials comprise master credentials that include a username (BTID) and a password (Ks).
  - 11. The method of claim 1, wherein transferring comprises using a wireless communication medium.

12. A method for authenticating a computing device to a network application function in a split terminal configuration, comprising:
- determining network application function specific generic bootstrapping architecture credentials are needed for an application running on the computing device;
  
  requesting, by the application and through a generic bootstrapping architecture application programming interface that incorporates a wireless communication medium, the generic bootstrapping architecture credentials from a mobile terminal;
  
  bootstrapping by the mobile terminal with a bootstrapping server function to establish the master generic bootstrapping architecture credentials;
  
  transmitting the network application function specific generic bootstrapping architecture credentials from the mobile terminal to the a generic bootstrapping architecture application programming interface, which transmits the network application specific generic bootstrapping architecture credentials to the application running on the computing device; and
  
  using, by the application running on the computing device, the network application function specific generic bootstrapping architecture credentials.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein requesting further comprises authorizing, by a user of the mobile terminal, transmitting of the network application function specific generic bootstrapping architecture credentials.
  - 14. The method of claim 12, further comprising determining if a pre-existing bootstrapping session is active, and sending the network application function specific generic bootstrapping architecture credentials from the pre-existing bootstrapping session if a session is determined to be active.
  - 15. The method of claim 12, wherein the network application function specific generic bootstrapping architecture credentials are based upon an identification of the network application function and at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal.
  - 16. The method of claim 15, wherein the universal subscriber identity module vector remains in the mobile terminal and is secure from outside view.

17. An apparatus for authenticating a computing device to a network application function in a split terminal configuration, comprising:
- a mobile terminal having a universal subscriber identity module and an application interface, the universal subscriber identity module being configured to contain a shared secret;
  
  a computing device in communication with the mobile terminal, the computing device being configured to use a network application function that requires credentials; and
  
  a bootstrapping server function module in communication with the mobile terminal, the bootstrapping server function module being configured to establish master generic bootstrapping architecture credentials with the mobile terminal, and to generate and transmit generic bootstrapping architecture credentials specific to the network application function to the network application function upon receiving a request for credentials from the network application function, wherein the mobile terminal is configured to generate and transfer the generic bootstrapping architecture credentials specific to the network application function to the computing device upon receiving a request for credentials from the computing device for use in accessing the network application function.
- View Dependent Claims (18, 19)
- - 18. The apparatus of claim 17, wherein the mobile terminal comprises a cellular telephone and wherein the computing device comprises a personal computer.
  - 19. The apparatus of claim 18, wherein the cellular telephone and the personal computer each have a wireless communication therein, the respective wireless communication devices being configured to communicate with each other to transmit a request for the credentials to the cellular phone from the personal computer and to transmit granted credentials from the cellular phone to the personal computer.

20. An apparatus for authenticating a computing device to a network application function in a split terminal configuration, comprising:
- means for determining generic bootstrapping architecture credentials are needed for an application running on the computing device and requesting, by the application and through a generic bootstrapping architecture application programming interface that incorporates a wireless communication medium, the generic bootstrapping architecture credentials from a mobile terminal;
  
  means for bootstrapping the mobile terminal with a bootstrapping server function to establish the bootstrapping architecture credentials, which are transmitted to the application running on the computing device from the mobile terminal; and
  
  means for processing, by the application running on the computing device, the bootstrapping architecture credentials to run the application.

21. An apparatus for authenticating to a third party service provider from a personal computer, comprising:
- means for authenticating, with a mobile terminal, to the service provider with an identity module associated with the mobile terminal to obtain credentials specific to the service provider;
  
  means for transferring the credentials specific to the service provider from the mobile terminal to the personal computer; and
  
  means for accessing the service provider with the personal computer using the credentials transferred from the mobile terminal.

22. A system for authenticating to a third party service provider from a personal computer, comprising:
- a mobile terminal in communication with the personal computer;
  
  a generic authentication architecture client in communication with the personal computer;
  
  a generic authentication architecture server in communication with the mobile terminal; and
  
  a bootstrapping security function in communication with the generic authentication architecture server, wherein the generic authentication architecture server is configured to conduct bootstrapping with the bootstrapping security function to generate and transmit a generic bootstrapping architecture credential to the generic authentication architecture client in the personal computer for use in accessing a network application function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Nokia Corporation
Inventors
Laitinen, Pekka, Lakshmeshwar, Shreekanth

Granted Patent

US 8,543,814 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/43   using shared identity modul...

Method and apparatus for using generic authentication architecture procedures in personal computers

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for using generic authentication architecture procedures in personal computers

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links