System and method for authentication in a mobile communications system
First Claim
1. Authentication method for telecommunication networks, especially for IP networks, in accordance with which method the identity of a subscriber attached to the network is authenticated,characterized by:
- in a network terminal, using a subscriber identity module essentially of the same kind as in a known mobile communications system, which identity module is such that a response is obtained as a result of a challenge given to it as input,using a special security server in the network so that when a terminal attaches to the network, a message of a new user is transmitted to the security server,fetching subscriber authentication information corresponding to the new user from the mobile communications system to the network, which authentication information contains at least a challenge and a response, wherein after the response to the challenge is generated by the network terminal, the challenge is stored on the network terminal to ensure that the challenge is used once, andperforming authentication based on the authentication information obtained from the mobile communications system by transmitting the challenge to the terminal through the network, by checking that the challenge is unique from challenges used in previous authentication exchanges, by generating, if the challenge is unique and is not stored on the network terminal, the response from the challenge in the identity module of the terminal and by comparing the response with the response received from the mobile communications system.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention concerns authentication to be performed in a telecommunications network, especially in an IP network. To allow a simple and smooth authentication of users of IP networks in a geographically large area, the IP network'"'"'s terminal (TE1) uses a subscriber identity module (SIM) as used in a separate mobile communications system (MN), whereby a response may be determined from the challenge given to the identity module as input. The IP network also includes a special security server (SS), to which a message about a new user is transmitted when a subscriber attaches to the IP network. The subscriber'"'"'s authentication information containing at least a challenge and a response is fetched from the said mobile communications system to the IP network and authentication is carried out based on the authentication information obtained from the mobile communications system by transmitting the said challenge through the IP network to the terminal, by generating a response from the challenge in the terminal'"'"'s identity module and by comparing the response with the response received from the mobile communications system. Such a database (DB) may also be used in the system, wherein subscriber-specific authentication information is stored in advance, whereby the information in question need not be fetched from the mobile communications system when a subscriber attaches to the network.
102 Citations
22 Claims
-
1. Authentication method for telecommunication networks, especially for IP networks, in accordance with which method the identity of a subscriber attached to the network is authenticated,
characterized by: -
in a network terminal, using a subscriber identity module essentially of the same kind as in a known mobile communications system, which identity module is such that a response is obtained as a result of a challenge given to it as input, using a special security server in the network so that when a terminal attaches to the network, a message of a new user is transmitted to the security server, fetching subscriber authentication information corresponding to the new user from the mobile communications system to the network, which authentication information contains at least a challenge and a response, wherein after the response to the challenge is generated by the network terminal, the challenge is stored on the network terminal to ensure that the challenge is used once, and performing authentication based on the authentication information obtained from the mobile communications system by transmitting the challenge to the terminal through the network, by checking that the challenge is unique from challenges used in previous authentication exchanges, by generating, if the challenge is unique and is not stored on the network terminal, the response from the challenge in the identity module of the terminal and by comparing the response with the response received from the mobile communications system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Authentication system for telecommunications networks, especially for IP networks, which system includes authentication means for authenticating the identity of a subscriber who has attached to the network,
characterized in that the authentication means includes: -
a subscriber identity module connected to the network'"'"'s terminal, the module being essentially similar to the subscriber identity module used in a separate mobile communications system, whereby a response can be determined from a challenge given to the identity module as input, messaging means for sending a message when a terminal attaches to the network, a special security server for receiving the message, means for requesting authentication information corresponding to a subscriber from the mobile communications system, which information contains at least a challenge and a response, wherein after the response to the challenge is generated by the network terminal, the challenge is stored on the network terminal to ensure that the challenge is used once, and on the side of the network, data transmission and checking means for transmitting the challenge through the network to the identity module and for checking that the challenge is unique from challenges used in previous authentication exchanges, for returning the response from the terminal to the network, if the challenge is unique and is not stored on the network terminal, and for comparing the received response with the response received from the mobile communications system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Authentication method for telecommunications networks, especially for IP networks, in accordance with which method the identity of a subscriber attached to the network is authenticated,
characterized by: -
in a network terminal, using a subscriber identity module essentially similar to the one used in a known mobile communications system, which identity module is such that a response is obtained as a result of a challenge given to it as input, storing subscriber-specific authentication information in a database, the information being in that way essentially similar to the information used for authentication in the mobile communications system that it contains at least a challenge and a response, wherein after the response to the challenge is generated by the network terminal, the challenge is stored on the network terminal to ensure that the challenge is used once, using a special security server in the network so that when a terminal attaches to the network, a message about the new user is transmitted to the security server, in response to the message, retrieving authentication information of the subscriber corresponding to the new user from the database, and performing authentication based on the authentication information obtained from the database by transmitting the challenge through the network to the terminal, by checking that the challenging is unique from challenges used in previously authentication exchanges and is not stored in the network terminal, by generating, if the challenge is unique, a response from the challenge in the identity module of the terminal, and by comparing the response with the response obtained from the database. - View Dependent Claims (16, 17, 18)
-
-
19. Authentication system for telecommunications networks, especially for IP networks, which system includes authentication means for authentication of the identity of a subscriber attached to the network,
characterized in that the authentication means includes: -
a subscriber identity module, which is connected to a network terminal and which is essentially similar to the subscriber identity module used in a separate mobile communications system, whereby a response can be determined from the challenge given as input to the identity module, messaging means for sending a message when a terminal attaches to the network, a special security server for receiving the message, database means which include a database, wherein subscriber-specific authentication information is stored, which is in such a way essentially similar to the information used for authentication in the mobile communications system that it includes at least a challenge and a response, and retrieval means for retrieving subscriber-specific authentication information from the database in response to the message, wherein after the response to the challenge is generated by the network terminal, the challenge is stored on the network terminal to ensure that the challenge is used once, and on the side of the network, data transmission and checking means for transmitting the challenge through the network to the identity module and for checking that the challenge is unique from challenges used in previous authentication exchanges, if the challenge is unique and is not stored on the network terminal, for returning the response from the terminal to the network, and for comparing the received response with the response received from the database. - View Dependent Claims (20, 21, 22)
-
Specification