METHOD AND ARRANGEMENT FOR AUTHENTICATION PROCEDURES IN A COMMUNICATION NETWORK

US 20080009265A1
Filed: 12/22/2006
Published: 01/10/2008
Est. Priority Date: 07/10/2006
Status: Active Grant

First Claim

Patent Images

1. An authentication method in a communication system including a Subscriber with a terminal, an Operator Node and a Service Provider Node, which authentication method is based on an SLA agreement between the Operator and the Service Provider, the method is characterized by the following steps:

the Subscriber with terminal performing strong authentication with the Operator Node acting as Registration Authority;

generating by the Operator Node a Mobile Strong Authentication Assertion MSAA;

transmitting the generated MSAA to the Service Provider Node andvalidating in the Service Provider node the MSAA.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is related to an authentication method and arrangements in a communication system including a Subscriber (50) with a terminal (51), an Operator Node (52) and a Service Provider Node (53), which authentication method is based on an SLA agreement between the Operator (OP) and the Service Provider (SP). The method includes that the Subscriber (50) with terminal (51) performs (5) strong authentication with the Operator Node (52) acting as Registration Authority OP(RA). After the strong authentication is performed by the Operator Node (52) a Mobile Strong Authentication Assertion MSAA is generated (6) and transmitted to the Service Provider Node (53) for validation. By this method the authentication is being delegated from the Service Provider to the Mobile Operator.

29 Citations

View as Search Results

15 Claims

1. An authentication method in a communication system including a Subscriber with a terminal, an Operator Node and a Service Provider Node, which authentication method is based on an SLA agreement between the Operator and the Service Provider, the method is characterized by the following steps:
- the Subscriber with terminal performing strong authentication with the Operator Node acting as Registration Authority;
  
  generating by the Operator Node a Mobile Strong Authentication Assertion MSAA;
  
  transmitting the generated MSAA to the Service Provider Node andvalidating in the Service Provider node the MSAA.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authentication method according to claim 1 is further characterized by the following steps prior to the performing step:
    - sending a service request to the Service Provider Node from the terminal, the request includes the Operator Node identity;
      
      checking in the Service Provider Node that the Operator node identity relates to an Operator having an SLA agreement with the Service Provider andif there is an SLA agreement then sending the Service Provider node Identity to the terminal andsending a Request for strong authentication to the Operator Node, the request includes the Service Provider Node Identity.
  - 3. The authentication method according to claim 1 is further characterized by the following steps prior to the performing step:
    - sending a propose to subscribe for a service from the Operator Node to the terminal andsending accept information on the propose from the terminal to the Operator Node.
  - 4. The authentication method according to claim 1 is further characterized in that the transmitting of the generated MSAA to the Service Provider Node is done via the terminal.
  - 5. The authentication method according to claim 1 is further characterized in that the strong authentication is performed in accordance with the authentication context according to the SLA agreement with the Service Provider.
  - 6. The authentication method according to claim 1 characterized by the following steps if the MSAA is valid thenregistering in the Service Provider Node the subscriber anddelivering the service from the Service Provider Node to the terminal of the subscriber.
  - 7. The authentication method according to claim 6 characterized in that the registering is followed bygenerating in the Service Provider Node a user certificate which user certificate is being transmitted to the terminal and stored in the terminal.

8. An authentication method in an Operator Node within a communication system including a subscriber having a trust relation with the operator and a Service Provider Node, which authentication method is based on an SLA agreement between the Operator OP and the Service Provider the method including the following steps:
- receiving a Request for authentication, the request includes the Service Provider Node Identity;
  
  checking what authentication context is used for the received Service Provider Node;
  
  performing authentication in accordance with the authentication context for the received Service Provider Node;
  
  generating a Mobile Strong Authentication Assertion MSAA andtransmitting the generated MSAA to the Service Provider node, whereby the Operator Node is acting as Registration Authority for the Service Provider.

9. An arrangement in an Operator Node OP within a communication system including a subscriber having a trust relation with the operator and a Service Provider Node SP (53), the Service Provider having an SLA agreement with the Operator OP the arrangement is characterized in:
- an SLA database for checking what authentication context to be used for a service request;
  
  an Authentication unit for performing of the authentication in accordance with the authentication context andan MSAA generator for generation of the MSAA and sending it to the Service Provider Node, whereby the Operator Node act as Registration Authority for the Service Provider.
- View Dependent Claims (10)
- - 10. An arrangement in an Operator Node according to claim 9 wherein the SLA database includes information about the authentication context to be used for a specific Service Provider Identity.

11. An authentication method in a Service Provider Node within a communication system including also a subscriber with a terminal and an Operator Node the method is based on an SLA agreement with the Operator characterized by the following steps:
- receiving a service request from the terminal, the request includes the Operator Node identity;
  
  checking in the Service Provider node that the Operator node identity relates to an operator having an agreement with the Service Provider;
  
  if there is an agreement then;
  
  sending information to the terminal about the Service Providerreceiving an MSAA generated by the Operator;
  
  validating of the received MSAA;
  
  registering the user anddelivering the service to the terminal.
- View Dependent Claims (12, 13)
- - 12. An authentication method in a Service Provider Node according to claim 11 characterized in that the service is a certificate and the registering of the user is followed by generation of a user certificate which is delivered to the terminal.
  - 13. An authentication method in a Service Provider Node according to claim 11 characterized in that the service is a subscription.

14. A Service Provider Node within a communication system including a subscriber having a trust relation with an operator, the Service Provider having an SLA agreement with the Operator, the arrangement is characterized in:
- a validation unit for validation of a received Mobile Strong Authentication Assertion;
  
  a registration unit for registering the subscriber upon validation of the MSAA;
  
  whereby the Service Provider utilize the Operator for authentication of the subscriber.
- View Dependent Claims (15)
- - 15. A Service Provider Node according to claim 14 characterized in that the validation unit includes an SLA/Operator database for determining the authentication context for the applicable SLA agreement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Barriga, Luis, Fernandez-Alonso, Susana

Granted Patent

US 7,865,173 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04W 12/069   using certificates or pre-s...

METHOD AND ARRANGEMENT FOR AUTHENTICATION PROCEDURES IN A COMMUNICATION NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND ARRANGEMENT FOR AUTHENTICATION PROCEDURES IN A COMMUNICATION NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others