SIM BASED AUTHENTICATION

US 20090068988A1
Filed: 02/08/2007
Published: 03/12/2009
Est. Priority Date: 03/16/2006
Status: Active Grant

First Claim

Patent Images

1. A method of authentication in a communications network (100), said communications network (100) comprising a network authentication server (102), a local authentication entity (104) and a user terminal (112), said local authentication entity (112) comprising a subscriber application (108) and an authentication application (110), said method comprising the steps of:

(i) sending (208) a request from the local authentication entity (104) to the network authentication server (102) to authenticate the user terminal (112), said request comprising the identity of the user terminal (112);

(ii) generating (212) by the network authentication entity (102) an authentication key (122) in response to the request and generating (214) by the subscriber application (108) an identical authentication key (124);

(iii) sending the authentication key generated by the network authentication server (102) securely to the user terminal (112) identified by said identity, then storing the authentication key at the user terminal (112);

(iv) sending the authentication key generated by the subscriber application (108) securely to the authentication application (110), then storing the authentication key at the authentication application (110); and

(v) authenticating the user terminal (112) by verifying the authentication key stored at the user terminal (112) with the authentication key stored at the authentication application (110).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authentication in a communications network, said communications network comprising a network authentication server, a local authentication entity and a user terminal, said local authentication entity comprising a subscriber application and an authentication application, said method comprising the steps of: sending a request from the local authentication entity to the network authentication server to authenticate the user terminal, said request comprising the identity of the user terminal; generating by the network authentication entity an authentication key in response to the request and generating by the subscriber application an identical authentication key; sending the authentication key generated by the network authentication server securely to the user terminal identified by said identity, then storing the authentication key at the user terminal; sending the authentication key generated by the subscriber application securely to the authentication application, then storing the authentication key at the authentication application; and authenticating the user terminal by verifying the authentication key stored at the user terminal with the authentication key stored at the authentication application.

39 Citations

View as Search Results

16 Claims

1. A method of authentication in a communications network (100), said communications network (100) comprising a network authentication server (102), a local authentication entity (104) and a user terminal (112), said local authentication entity (112) comprising a subscriber application (108) and an authentication application (110), said method comprising the steps of:
- (i) sending (208) a request from the local authentication entity (104) to the network authentication server (102) to authenticate the user terminal (112), said request comprising the identity of the user terminal (112);
  
  (ii) generating (212) by the network authentication entity (102) an authentication key (122) in response to the request and generating (214) by the subscriber application (108) an identical authentication key (124);
  
  (iii) sending the authentication key generated by the network authentication server (102) securely to the user terminal (112) identified by said identity, then storing the authentication key at the user terminal (112);
  
  (iv) sending the authentication key generated by the subscriber application (108) securely to the authentication application (110), then storing the authentication key at the authentication application (110); and
  
  (v) authenticating the user terminal (112) by verifying the authentication key stored at the user terminal (112) with the authentication key stored at the authentication application (110).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1, wherein the said local authentication entity (104) further comprises a subscriber identity module (106) and the subscriber application (108) and an authentication application (110) are located securely on the subscriber identity module (106).
  - 3. A method according to claim 1, wherein the authentication key generated by the network authentication server (102) is derived from a shared secret key held at both the network authentication server (102) and subscriber application (108).
  - 4. A method according to claim 1, wherein the identity is the international mobile subscriber identity associated with the user terminal (112).
  - 5. A method according to claim 1, wherein the communications network (100) is a mobile cellular network.
  - 6. A method according to claim 1, wherein the authenticating step comprises communications between the local authentication entity (104) and the user terminal (112) over a local network.
  - 7. A method according to claim 6, wherein the local network is a Wi-Fi network.
  - 8. A method according to claim 1, wherein the network authentication entity (112) and the user terminal (112) use a session key to secure the sending of the authentication key in step (iii).
  - 9. A method according to claim 8, wherein the session key is generated by both the network authentication server (102) and the user terminal (112) based on a common secret key held at both the network authentication server (102) and the user terminal (112).
  - 10. A method according to claim 9, wherein the authentication key stored at the user terminal in step (iii) replaces the common secret key held at the user terminal (112.
  - 11. A method according to claim 8, wherein the common secret key and the session key are managed by a first subscriber application (502) at the user terminal (112) and the authentication key is managed by a second subscriber application (504) at the user terminal (112).
  - 12. A method according to claim 11, wherein the first subscriber application (502) is associated with the mobile cellular network and the second subscriber application (504) is associated with the local network.
  - 13. A method according to claim 1, wherein the network authentication server (102) is a home subscriber server.
  - 14. A method according to claim 1, wherein the local authentication entity is a wireless router.
  - 15. A method according to claim 1, wherein the user terminal is a mobile phone.

16. A communications network (100) comprising a comprising a network authentication server (102), a local authentication entity (104) and a user terminal (112), said local authentication entity (112) comprising a subscriber application (108) and an authentication application (110), wherein:
- the local authentication entity (104) is adapted to send a request to the network authentication server (102) to authenticate the user terminal (112), wherein said request comprises the identity of the user terminal (112);
  
  the network authentication server (102) is adapted to generate in response to a request to authenticate from the local authentication entity (104) an authentication key (122), and to send the authentication key securely to the user terminal (112) identified by the identity in the request;
  
  the user terminal (112) is adapted to store an authentication key sent by the network authentication server (102);
  
  the subscriber application (108) is adapted to generate an authentication key (124) and to send the authentication key securely to the authentication application (110); and
  
  the authentication application (110) is adapted to store the authentication key sent by the subscriber application (108) and to authenticate the user terminal (112) by verifying the authentication key stored at the user terminal (112) with the authentication key stored at the authentication application (110).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Cofta, Piotr L.

Granted Patent

US 8,417,218 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 63/0853   using an additional device,...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

SIM BASED AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

SIM BASED AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links