Authentication system
First Claim
1. A method for authenticating users of a service offered by a service provider, said service being accessible through user terminals that have equipment identification data (ID) associated therewith, said method comprising the steps of:
- (a) obtaining said equipment ID for one of said user terminals;
(b) forming separately from said user terminal, an encrypted message including said equipment ID;
(c) storing said encrypted message in said one user terminal; and
(d) sending a log-on message from said one user terminal to said service provider, said log-on message including said encrypted message and said equipment ID.
1 Assignment
0 Petitions
Accused Products
Abstract
An environment which includes a communications network, user terminals, and an authentication center provides communication services only to legitimate subscribers. The center receives an equipment ID for each terminal and uses a secret key to encrypt the equipment ID with a user ID and an error detection code to form an encrypted block. This block is programmed into an authentication module and sent to the subscriber for installation in the subscriber'"'"'s terminal. The center sends a public key to authentication nodes of the network. When the subscriber operates the terminal to gain access to the network, a log-on message, which includes the encrypted block and an unencrypted version of the equipment ID, is sent to an authentication node. The authentication node decrypts the encrypted block and evaluates the IDs to determine whether to grant access to services offered by the network.
218 Citations
31 Claims
-
1. A method for authenticating users of a service offered by a service provider, said service being accessible through user terminals that have equipment identification data (ID) associated therewith, said method comprising the steps of:
-
(a) obtaining said equipment ID for one of said user terminals; (b) forming separately from said user terminal, an encrypted message including said equipment ID; (c) storing said encrypted message in said one user terminal; and (d) sending a log-on message from said one user terminal to said service provider, said log-on message including said encrypted message and said equipment ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating users of a service which is accessible through user terminals that have equipment identification data (ID) associated therewith, said method comprising the steps of:
-
(a) receiving a log-on message from said user terminal, said log-on message including an encrypted message and an identifying message, said encrypted message including a first equipment ID in an encrypted form and said identifying message including a second equipment ID; (b) decrypting said encrypted message to obtain said first equipment ID; (c) evaluating said first and second equipment IDs to detect correspondence therebetween; and (d) denying access to said service if said step (c) fails to detect said correspondence. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for providing communication services only to authenticated users, said services being provided through a communication network having a plurality of nodes through which said communication services are provided to user terminals having equipment identification data (ID) associated therewith, said system comprising:
-
one or more authentication modules, wherein each authentication module is physically configured to be combined with a corresponding one of said user terminals; and means, separate from said user terminals and responsive to said equipment IDs, for producing said authentication modules, each of said authentication modules being programmed to include an encrypted block of data therein, said encrypted block of data including an encrypted equipment ID. - View Dependent Claims (19, 20, 21)
-
-
22. A method for authenticating users of a service provided by a communication network which is accessible through user terminals that have equipment identification data (ID) associated therewith, said method comprising the steps of:
-
(a) obtaining said equipment ID for one of said user terminals; (b) forming separately from said user terminal an encrypted data block, said encrypted data block including said equipment ID; (c) storing said encrypted date block in said one user terminal; (d) sending a log-on message from said one user terminal to said communication network, said log-on message including said encrypted data block and said equipment ID; (e) decrypting, at said communication network, said encrypted data block portion of said log-on message to obtain an authentication equipment ID; (f) evaluating said authentication equipment ID to detect correspondence between said authentication equipment ID and said equipment ID; (g) denying said communication services to said one user terminal if said step (f) fails to detect said correspondence. - View Dependent Claims (23, 24, 25, 26)
-
-
27. An apparatus for providing communication services only to authenticated users, said apparatus comprising:
-
a user terminal having equipment identification data (EID) stored therein, said user terminal being adapted to receive a user authentication module; a user authentication module having said EID stored therein in an encrypted form prior to insertion in said user terminal; means within said user terminal for transmitting a log on message to a communication service provided, said log-on message containing said EID and said encrypted EID.
-
-
28. An apparatus for authenticating a user to a system which provides services through a user terminal having equipment identification data associated therewith, said apparatus comprising:
-
a user terminal comprising a transmitter for transmitting a log-on message to a service authorization center; a memory module removable coupled to said user terminal, wherein said memory module contains encrypted data therein prior to being installed in said user terminal, said encrypted data having a predetermined relationship to said equipment identification data, said predetermined relationship being expressed in accordance with an encryption key; and wherein said log-on message is based in part on said equipment identification data associated with said user terminal and in part on encrypted equipment identification data derived from said memory module. - View Dependent Claims (29, 30, 31)
-
Specification