User Authentication and Authorisation in a Communications System
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server.
44 Citations
57 Claims
-
1-37. -37. (canceled)
-
38. A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret, the method comprising:
-
sending an authentication request from the client to said first sever via a second server; upon receipt of said request at the first server, generating a first authentication challenge using said shared secret, and sending the challenge to the second server; generating a second authentication challenge at the second server, and sending the first and second challenges together from the second server to the client; upon receipt of the challenges at the client, generating a first challenge response to the first challenge, and a session key, using the shared secret, and generating a second challenge response to the second challenge using the session key; sending said challenge responses together to said second server, and forwarding the first challenge response to the first server; authenticating the client at the first server using the first challenge response and said shared secret, and, in the event that the client is authenticated, generating said session key at the first server and sending this to the second server; and authenticating the client at the second server using the second challenge response and said session key. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 57)
-
-
47. A method of operating an authentication server within a communications system, the method comprising:
-
relaying authentication signalling between a client and a further authentication server, the client and said further authentication server sharing a secret, the authentication signalling comprising a first authentication challenge sent from the client to said further authentication server and a first challenge response sent from the client to the further authentication server; generating a second authentication challenge and sending this to the client together with said first authentication challenge, and receiving from the client a second challenge response together with said first challenge response; and receiving a session key from said further authentication server, and using the session key and said second challenge response to authenticate the client. - View Dependent Claims (48)
-
-
49. An authentication server suitable for use in a communications network and comprising:
-
relay means for relaying authentication signalling between a client and a further authentication server, the authentication signalling comprising a first authentication challenge sent from further authentication server to said client and a first challenge response sent from the client to the further authentication server; processing means for generating a second authentication challenge and sending this to the client together with said first authentication challenge, and for receiving from the client a second challenge response together with said first challenge response receiving means for receiving a session key from said further authentication server following authentication of the client by said further authentication server; and processing means for using the session key and said second challenge response to authenticate the client. - View Dependent Claims (50, 51)
-
-
52. A method of operating a client coupled to a communication network, the method comprising:
-
exchanging signalling with a first authentication server via a second authentication server for the purpose of authenticating the client to said first server, the authentication signalling comprising a first authentication challenge sent from said first authentication server to said client and a first challenge response sent from the client to the first authentication server; generating a session key using a secret shared between the client and said first server; and receiving a second authentication challenge from said second server together with said first authentication challenge, and generating a second challenge response using said session key and sending this to the second server together with said first challenge response. - View Dependent Claims (53)
-
-
54. A client terminal comprising:
-
processing and communication means for exchanging signalling with a first authentication server via a second authentication server for the purpose of authenticating the client to said first server, the authentication signalling comprising a first authentication challenge sent from said first authentication server to said client and a first challenge response sent from the client to the first authentication server; further processing means for generating a session key using a secret shared between the client and said first server; and input and processing means for receiving a second authentication challenge from said second authentication server together with said first authentication challenge, and for generating a second challenge response using said session key and for sending this to the second authentication server together with said first challenge response. - View Dependent Claims (56)
-
-
55. A method of authenticating user equipment to a network application function of a communications network, the method comprising:
-
sending an access request from the user equipment to the network application function; determining at the network application function that the request relates to an authentication which must be performed by some other function within the network; forwarding the request to said other function; returning a challenge from said other function to the network application function; sending the said challenge together with a further challenge of the network application function to the user equipment; sending challenge responses together from the user equipment to the network application function, and forwarding the response relating to the challenge of said other function, to that other function; and verifying the validity of the responses at the network application function and at said other function.
-
Specification