Method and apparatus for authentication in a wireless telecommunications system
First Claim
1. A method of establishing a communication link with a remote station comprising the steps of:
- generating an authentication challenge message;
sending said authentication challenge message to the remote station;
receiving an authentication challenge response message from the remote station, wherein said authentication challenge response message corresponds to said authentication challenge message;
spoofing an authentication success message based on said challenge response message;
sending said authentication success message to the remote station;
receiving a second message from the remote station; and
sending an authentication request message to an authentication server based on said second message.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for allowing a mobile station in a wireless network to perform network authentication in association with mobile packet data services. The packet data serving node (PDSN) does not authenticate the mobile station with an authentication server prior to sending a CHAP success message. Rather, a mobile station is authenticated via an authentication server after the PDSN receives an IPCP message indicating whether the mobile station desires to use Mobile IP in the current session. If the mobile station desires to use Mobile IP, the PDSN uses authentication techniques in accordance with Mobile IP protocols. In the preferred embodiment, if the mobile station does not desire to use Mobile IP, the PDSN authenticates the mobile station querying an authentication server with the buffered contents of a previously received CHAP challenge response.
-
Citations
33 Claims
-
1. A method of establishing a communication link with a remote station comprising the steps of:
-
generating an authentication challenge message;
sending said authentication challenge message to the remote station;
receiving an authentication challenge response message from the remote station, wherein said authentication challenge response message corresponds to said authentication challenge message;
spoofing an authentication success message based on said challenge response message;
sending said authentication success message to the remote station;
receiving a second message from the remote station; and
sending an authentication request message to an authentication server based on said second message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
receiving from said authentication server an authentication response message corresponding to said authentication request message, and indicating authentication failure of the remote station; and
terminating transmissions to the remote station based on said authentication response message.
-
-
8. The method of claim 1 further comprising the steps of:
-
receiving from said authentication server an authentication response message corresponding to said authentication request message, and indicating authentication failure of the remote station; and
sending a second authentication challenge message to the remote station based on said authentication response message.
-
-
9. The method of claim 1 further comprising the steps of:
-
receiving from said authentication server an authentication response message corresponding to said authentication request message; and
sending a message containing a network address to the remote station.
-
-
10. The method of claim 9 wherein said authentication server is a Remote Authentication Dial In User Service (RADIUS) server.
-
11. The method of claim 9 further comprising the step of generating said network address.
-
12. The method of claim 9 wherein said authentication response message is a Mobile IP Registration Reply.
-
13. The method of claim 9 wherein said authentication response message is an Internet Protocol Control Protocol (IPCP) Registration Reply message.
-
14. The method of claim 9 wherein said authentication response message is a message from the subset of RADIUS protocol messages comprising the Access-Accept message and the Access-Reject message.
-
15. The method of claim 1 wherein said authentication challenge message is a Challenge Handshake Authentication Protocol (CHAP) Challenge message, said authentication challenge response message is a CHAP Response Message, and said authentication success message is a CHAP Success Message.
-
16. The method of claim 15 wherein said authentication challenge response message comprises a Challenge Handshake Authentication Protocol (CHAP) usemame, and wherein said authentication request message comprises said CHAP username.
-
17. The method of claim 15 wherein said authentication challenge response message comprises a Challenge Handshake Authentication Protocol (CHAP) identifier (ID), and wherein said authentication request message comprises said CHAP ID.
-
18. The method of claim 15 wherein said authentication challenge response message comprises a Challenge Handshake Authentication Protocol (CHAP) response value, and wherein said authentication request message comprises said CHAP response value.
-
19. A packet data serving node (PDSN) for communicating with a wireless telecommunications serving network, the PDSN comprising:
-
a control processor for;
generating an authentication challenge message;
sending said authentication challenge message to a remote station;
receiving an authentication challenge response message from the remote station, wherein said authentication challenge response message corresponds to said authentication challenge message;
spoofing an authentication success message based on said challenge response message;
sending said authentication success message to the remote station;
receiving a second message from the remote station; and
sending an authentication request message to an authentication server based on said second message. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
receiving from said authentication server an authentication response message corresponding to said authentication request message, and indicating authentication failure of the remote station; - and
sending one or more messages to the wireless telecommunications serving network to indicate that the wireless telecommunications system should terminate the packet data connection with the remote station.
-
-
22. The PDSN of claim 21 wherein said control processor is further for:
-
receiving from said authentication server an authentication response message corresponding to said authentication request message, and indicating authentication failure of the remote station, and sending a second authentication challenge message to the remote station based on said authentication response message.
-
-
23. The PDSN of claim 22 wherein said control processor is further for
receiving from said authentication server an authentication response message corresponding to said authentication request message, and sending a message containing a network address to the remote station. -
24. The PDSN of claim 23 further comprising:
-
an interface for generating signals for communicating with a radio network; and
an interface for generating signals for communicating with an Internet Protocol (IP) network.
-
-
25. The PDSN of claim 24 further comprising a network packet switch for routing packets between a variety of interfaces.
-
26. The PDSN of claim 24 wherein said control processor is further for routing packets between a variety of interfaces.
-
27. The PDSN of claim 23 further comprising a single interface for generating signals to communicate with a radio network and for generating signals for communicating with an Internet Protocol (IP) network.
-
28. The PDSN of claim 27 further comprising a network packet switch for routing packets between a variety of interfaces.
-
29. The PDSN of claim 27 wherein said control processor is further for routing packets between a variety of interfaces.
-
30. A wireless packet data communication system comprising:
-
a wireless telecommunications serving network for communicating wirelessly with a remote station; and
a serving node (PDSN) for communicating with said wireless telecommunications serving network, the PDSN further comprising a control processor for;
generating an authentication challenge message;
sending said authentication challenge message to a remote station;
receiving an authentication challenge response message from the remote station, wherein said authentication challenge response message corresponds to said authentication challenge message;
spoofing an authentication success message based on said challenge response message;
sending said authentication success message to the remote station;
receiving a second message from the remote station; and
sending an authentication request message to an authentication server based on said second message. - View Dependent Claims (31, 32)
-
-
33. A method of establishing a communication link with a remote station comprising the steps of:
-
sending an authentication challenge message to the remote station;
receiving an authentication challenge response message from the remote station, wherein said authentication challenge response message corresponds to said authentication challenge message;
sending, to the remote station, an authentication success message after receiving the authentication challenge response message without waiting for authentication verification;
receiving a second message from the remote station; and
sending an authentication request message to an authentication server based on said second message.
-
Specification