Mobile IP communications scheme incorporating individual user authentication

US 6,891,819 B1
Filed: 09/04/1998
Issued: 05/10/2005
Est. Priority Date: 09/05/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A mobile computer device capable of carrying out communications while moving over inter-connected networks, the mobile computer device comprising:

a registration message transmission unit for transmitting a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device;

a user input unit for accepting a user input for user authentication;

a user-input-based information transmission unit for transmitting to the mobile computer management device a response message containing information based on the user input as a user authentication information, when a challenge message that requests returning of the user authentication information is received from the mobile computer management device in response to the registration message; and

an authentication unit for judging a properness of the mobile computer management device according to the challenge message received from the mobile computer management device;

wherein the user-input-based information transmission unit transmits the response message containing the information based on the user input when the mobile computer management device is judged as proper.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.

Citations

17 Claims

1. A mobile computer device capable of carrying out communications while moving over inter-connected networks, the mobile computer device comprising:
- a registration message transmission unit for transmitting a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device;
  
  a user input unit for accepting a user input for user authentication;
  
  a user-input-based information transmission unit for transmitting to the mobile computer management device a response message containing information based on the user input as a user authentication information, when a challenge message that requests returning of the user authentication information is received from the mobile computer management device in response to the registration message; and
  
  an authentication unit for judging a properness of the mobile computer management device according to the challenge message received from the mobile computer management device;
  
  wherein the user-input-based information transmission unit transmits the response message containing the information based on the user input when the mobile computer management device is judged as proper.
- View Dependent Claims (2, 3, 4)
- - 2. The mobile computer device of claim 1, wherein the user input based information transmission unit transmits the response message containing a one-time password based on a challenge code contained in the challenge message received from the mobile computer management device as the user input based information.
  - 3. The mobile computer device of claim 1, further comprising:
    - a message transmission stopping unit for stopping subsequent transmissions of the registration message from the mobile computer device when a message indicating a failure of the user authentication is received from the mobile computer management device for a prescribed number of times consecutively.
  - 4. The mobile computer device of claim 1, wherein the user input based information transmission unit transmits a password entered by a user at the mobile computer device as the user input based information.

5. A mobile computer device capable of carrying out communications while moving over inter-connected networks, the mobile computer device comprising:
- an external interface unit for reading out desired information from an external memory device connected to the mobile computer device, wherein the external memory device stores at least a user information and a network information to be used for communications at a visited site;
  
  a user authentication unit for carrying out first user authentication locally at the mobile computer device according to the user information stored in the external memory device and a user input;
  
  a registration message transmission unit for transmitting a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, by using the network information read out from the external memory device under a control by the user authentication unit, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device; and
  
  a user-input-based information transmission unit for transmitting to the mobile computer management device a user-input-based information to be used for second user authentication at the mobile computer management device;
  
  wherein the user authentication unit permits transmission of the registration message by the registration message transmission unit when the first user authentication succeeds.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The mobile computer device of claim 5, wherein the user authentication unit permits reading from the external memory device through the external interface unit when the first user authentication succeeds.
  - 7. The mobile computer device of claim 5, wherein the user information stored in the external memory device contains a personal information of a user who uses the mobile computer device, and the user authentication unit judges that the first user authentication succeeds when a user authentication information stored in the mobile computer device in correspondence to the personal information stored in the external memory device coincides with the user input as entered by the user at a time of connecting the external memory device to the mobile computer device.
  - 8. The mobile computer device of claim 5, further comprising:
    - a reading prohibiting unit for prohibiting subsequent reading from the external memory device through the external interface unit when the first user authentication fails for a prescribed number of times consecutively.
  - 9. The mobile computer device of claim 5, further comprising:
    - a message transmission stopping unit for stopping subsequent transmissions of the registration message from the mobile computer device when the first user authentication fails for a prescribed number of times consecutively.
  - 10. The mobile computer device of claim 5, further comprising:
    - a reading prohibiting unit for prohibiting subsequent reading from the external memory device through the external interface unit when the second user authentication at the mobile computer management device fails for a prescribed number of times consecutively.
  - 11. The mobile computer device of claim 5, further comprising:
    - a message transmission stopping unit for stopping subsequent transmissions of the registration message from the mobile computer device when the second user authentication at the mobile computer management device fails for a prescribed number of times consecutively.
  - 12. The mobile computer device of claim 5, wherein the network information to be read out from the external memory device contains at least one of a home address information of the mobile computer device, an address information of the mobile computer management device, and an information for host authentication to be carried out between the mobile computer device and the mobile computer management device.
  - 13. The mobile computer device of claim 5, wherein the external memory device also stores a security information with respect to a packet relay device which is capable of processing encrypted packets transmitted from the mobile computer device, and the mobile computer device carries out cipher communications using an encryption processing from the visited site, by using the security information read out from the external memory device through the external interface unit.
  - 14. The mobile computer device of claim 5, further comprising:
    - an internal memory for temporarily storing the desired information read out from the external memory device, wherein the desired information temporarily stored in the internal memory is deleted when communications using the desired information is finished.
  - 15. The mobile computer device of claim 14, wherein the internal memory stores both the user information and the network information read from the external memory, and wherein the user information is used for the first user authentication performed solely by the mobile computer device.

16. An article of manufacture, comprising:
- a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer capable of carrying out communications while moving over inter-connected networks, the computer readable program code means includes;
  
  first computer readable program code means for causing said computer to transmit a registration message containing an information on a current location of the mobile computer, from outside a home network of the mobile computer to a mobile computer management device located at the home network, the mobile computer management device having a function for managing the information on the current location of the mobile computer and transferring packets destined to the mobile computer to the current location of the mobile computer; and
  
  second computer readable program code means for causing said computer to accept a user input for user authentication;
  
  third computer readable program code means for causing said computer to transmit to the mobile computer management device a response message containing information based on the user input as a user authentication information, when a challenge message that requests returning of the user authentication information is received from the mobile computer management device in response to the registration message; and
  
  fourth computer readable program code means for causing said computer to judge a properness of the mobile computer management device according to the challenge message received from the mobile computer management device;
  
  wherein the user-input-based information transmission unit transmits the response message containing the information based on the user input when the mobile computer management device is judged as proper.

17. An article of manufacture, comprising:
- a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer device capable of carrying out communications while moving over inter-connected networks, the computer readable program code means includes;
  
  first computer readable program code means for causing said computer to read out desired information from an external memory device connected to the mobile computer device, wherein the external memory device stores at least a user information and a network information to be used for communications at a visited site;
  
  second computer readable program code means for causing said computer to carry out first user authentication locally at the mobile computer device according to the user information stored in the external memory device and a user input;
  
  third computer readable program code means for causing said computer to transmit a registration message containing an information on a current location of the mobile computer device, from outside a home network of the mobile computer device to a mobile computer management device located at the home network, by using the network information read out from the external memory device under a control by the second computer readable program code means, the mobile computer management device having a function for managing the information on the current location of the mobile computer device and transferring packets destined to the mobile computer device to the current location of the mobile computer device; and
  
  fourth computer readable program code means for causing said computer to transmit to the mobile computer management device a user-input-based information to be used for second user authentication at the mobile computer management device;
  
  wherein the second computer readable program code means permits transmission of the registration message by the third computer readable program code means when the first user authentication succeeds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Ishiyama, Masahiro, Okamoto, Toshio, Inoue, Atsushi, Fukumoto, Atsushi, Tsuda, Yoshiyuki
Primary Examiner(s)
Nguyen, Chau
Assistant Examiner(s)
DUONG, DUC T

Application Number

US09/146,952
Time in Patent Office

2,440 Days
Field of Search

370/328, 370/338, 370/389, 370/392, 370/401, 370/331, 370/400, 370/402, 370/403, 370/404, 370/332, 370/333, 713/168, 713/170, 713/183, 455/432.1, 455/435.1, 455/410, 455/411, 455/433
US Class Current

370/338
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/3224   Transactions dependent on l...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 67/00   Network arrangements or pro...

H04L 67/04   specially adapted for termi...

H04L 69/40   for recovering from a failu...

H04W 12/068   using credential vaults, e....

H04W 8/04   Registration at HLR or HSS ...

H04W 80/04   Network layer protocols, e....

Mobile IP communications scheme incorporating individual user authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile IP communications scheme incorporating individual user authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links