Authentication in a packet data system

US 6,229,806 B1
Filed: 12/30/1997
Issued: 05/08/2001
Est. Priority Date: 12/30/1997
Status: Expired due to Term

First Claim

Patent Images

1. A communications system comprising a user device and an infrastructure part including a host,the user device being arranged to;

generate authentication information unique to the user device, wherein the authentication information is derived from a key that is uniquely derived from a host identifier that identifies the host, and wherein the key is substantially not reversibly ascertainable from the authentication information;

generate a data packet including the authentication information and the host identifier; and

send the data packet to the infrastructure part; and

the infrastructure part being arranged to;

generate corresponding authentication information, using at least the host identifier from the data packet; and

combine the authentication information from the user device with the corresponding authentication information to identify a correspondence therebetween and to thereby authenticate the data packet.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system in which a user device (10) generates authentication information (32) unique to the user device and provides a data packet (35) including this authentication information to an infrastructure part which is a gateway (14) or a host (16). The packet also contains a host identifier (36) or time dependent information (202). This is used at the gateway (14) or the host (16) to authenticate the packet.

69 Citations

View as Search Results

32 Claims

1. A communications system comprising a user device and an infrastructure part including a host,the user device being arranged to;
- generate authentication information unique to the user device, wherein the authentication information is derived from a key that is uniquely derived from a host identifier that identifies the host, and wherein the key is substantially not reversibly ascertainable from the authentication information;
  
  generate a data packet including the authentication information and the host identifier; and
  
  send the data packet to the infrastructure part; and
  
  the infrastructure part being arranged to;
  
  generate corresponding authentication information, using at least the host identifier from the data packet; and
  
  combine the authentication information from the user device with the corresponding authentication information to identify a correspondence therebetween and to thereby authenticate the data packet.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The communications system of claim 1, further comprising a gateway coupled to a radio network, for radio communication with the user device, wherein the host is coupled to the gateway and wherein the infrastructure part is the gateway.
  - 3. The communications system of claim 2, wherein the gateway comprises billing software arranged to bill the host for each successfully authenticated data packet.
  - 4. The communications system of claim 1, further comprising a gateway coupled to a radio network, for radio communication with the user device wherein the host is coupled to the gateway and wherein the infrastructure part is the host.
  - 5. The communications system of claim 4, wherein the gateway is arranged to forward to the host all packets having a host identifier uniquely identifying the host, without prior authentication.

6. A communications system comprising a user device and an infrastructure part including a host,the user device being arranged to:
- generate authentication information unique to the user device, wherein the authentication information is derived from a key that is substantially not reversibly ascertainable from the authentication information;
  
  generate a first data packet including the authentication information;
  
  send the first data packet to the infrastructure part;
  
  start a timer which sets a time-out; and
  
  send at least a second data packet within the time-out time as part of a session that is common to the first and second data packets; and
  
  the infrastructure part being arranged to;
  
  generate corresponding authentication information; and
  
  combine the authentication information from the user device with the corresponding authentication information to identify a correspondence therebetween and to thereby authenticate the data packet and establish a time-limit session between the user device and the host.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The communications system of claim 6, further comprising a gateway coupled to a radio network, for radio communication with the user device, wherein the host is coupled to the gateway and wherein the infrastructure part is the gateway.
  - 8. The communications system of claim 7, wherein the gateway comprises billing software arranged to bill the host for each successfully authenticated data packet.
  - 9. The communications system of claim 6, further comprising a gateway coupled to a radio network, for radio communication with the user device wherein the host is coupled to the gateway and wherein the infrastructure part is the host.
  - 10. The communications system of claim 9, wherein the gateway is arranged to forward to the host all packets having a host identifier uniquely identifying the host, without prior authentication.

11. A communications system comprising a user device and an infrastructure part including a host,the user device being arranged to:
- generate authentication information unique to the user device, wherein the authentication information is derived from a key and time dependent information, and wherein the key and the time dependent information are substantially not reversibly ascertainable from the authentication information;
  
  generate a data packet including the authentication information; and
  
  send the data packet to the infrastructure part; and
  
  the infrastructure part being arranged to;
  
  generate corresponding authentication information and time dependent information; and
  
  combine the authentication information from the user device with the corresponding authentication information and time dependent information to identify a correspondence therebetween and to thereby authenticate the packet.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The communications system of claim 11, further comprising a gateway coupled to a radio network, for radio communication with the user device, wherein the host is coupled to the gateway and wherein the infrastructure part is the gateway.
  - 13. The communications system of claim 12 wherein the time dependent information comprises a time-varying synchronization message broadcast from the gateway.
  - 14. The communications system of claim 12, wherein the gateway comprises billing software arranged to bill the host for each successfully authenticated data packet.
  - 15. The communications system of claim 11, further comprising a gateway coupled to a radio network, for radio communication with the user device wherein the host is coupled to the gateway and wherein the infrastructure part is the host.
  - 16. The communications system of claim 15, wherein the gateway is arranged to forward to the host all packets having a host identifier uniquely identifying the host, without prior authentication.

17. A method of communicating in a communications system comprising a user device and an infrastructure part including a host, the method comprising:
- generating, at the user device, authentication information unique to the user device, wherein the authentication information is derived from a key that is uniquely derived from a host identifier that identifies the host, and wherein the key is substantially not reversibly ascertainable from the authentication information;
  
  generating a data packet including the authentication information and the host identifier;
  
  sending the data packet to the infrastructure part;
  
  generating, at the infrastructure part, corresponding authentication information, using at least the host identifier from the data packet; and
  
  combining, at the infrastructure part, the authentication information from the user device with the corresponding authentication information to identify a correspondence therebetween and to thereby authenticate the data packet.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein authentication of the data packet causes a session to be established between the user device and the infrastructure part.
  - 19. The method of claim 18, wherein a session identifier is entered into a database in the infrastructure part, identifying the session and correlating it with a device identifier uniquely identifying the user device.
  - 20. The method of claim 19, wherein the session identifier is included in further packets within the session exchanged between the infrastructure part and the user device.
  - 21. The method of claim 18, wherein the session ends after a set time-out.

22. A method of communicating in a communications system comprising a user device and an infrastructure part, the method comprising:
- generating, at the user device, authentication information unique to the user device, wherein the authentication information is derived from a key that is substantially not reversibly ascertainable from the authentication information;
  
  generating a first data packet including the authentication information;
  
  sending the first data packet to the infrastructure part;
  
  starting a timer which sets a time-out time;
  
  sending at least a second data packet within the time-out time as part of a session that is common to the first and second data packets;
  
  generating, at the infrastructure part, corresponding authentication information; and
  
  combining the authentication information from the user device with the corresponding authentication information to identify a correspondence therebetween and to thereby authenticate the packet and establish a time-limited session between the user device and the host device.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, wherein the second data packet does not include authentication information.
  - 24. The method of claim 22 further comprising restarting the timer on receipt of the second data packet within the time-out time.
  - 25. The method of claim 22, wherein a session identifier is entered into a database in the infrastructure part, identifying the session and correlating it with a device identifier uniquely identifying the user device.
  - 26. The method of claim 25, wherein the session identifier is included in further packets within the session exchanged between the infrastructure part and the user device.

27. A method of communicating in a communications system comprising a user device and an infrastructure part including a host, the method comprising:
- generating, at the user device, authentication information unique to the user device, wherein the authentication information is derived from a key and time dependent information, and wherein the key and the time dependent information are substantially not reversibly ascertainable from the authentication information;
  
  generating a data packet including the authentication information;
  
  sending the data packet to the infrastructure part generating, at the infrastructure part, corresponding authentication information and time dependent information; and
  
  combining the authentication information from the user device with the corresponding authentication information and time dependent information to identify a correspondence therebetween and to thereby authenticate the data packet.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The method of claim 27, wherein authentication of the data packet causes a session to be established between the user device and the infrastructure part.
  - 29. The method of claim 28, wherein a session identifier is entered into a database in the infrastructure part, identifying the session and correlating it with a device identifier uniquely identifying the user device.
  - 30. The method of claim 29, wherein the session identifier is included in further packets within the session exchanged between the infrastructure part and the user device.
  - 31. The method of claim 29, wherein the session ends after a set timeout.
  - 32. The method of claim 27, wherein the time dependent information comprises a time-varying synchronization message broadcast from the infrastructure part to the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Scotton, Geoffrey Richard, Lockhart, Thomas Wayne, Reardon, Karl Anthony
Primary Examiner(s)
Olms, Douglas
Assistant Examiner(s)
Pizarro, Ricardo M.

Application Number

US09/000,645
Time in Patent Office

1,225 Days
Field of Search

370/256, 370/351, 370/401, 370/389, 370/355, 370/464, 370/410, 709/9, 709/2, 709/7, 709/8, 713/186, 713/187, 713/188
US Class Current

370/389
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

Authentication in a packet data system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Authentication in a packet data system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others