System and method for authentication in a mobile communications system
First Claim
1. A method, comprising:
- in a network terminal, using a subscriber identity module wherein a response is obtained as a result of a challenge given to the identity module as input, the method being used for authenticating an identity of a subscriber attached to a network;
using a special security server in the network so that when a terminal attaches to the network, a message of a new user is transmitted to the security server;
fetching subscriber authentication information corresponding to the new user from the mobile communications system to the network, the authentication information comprising at least a challenge and a response; and
performing authentication based on the authentication information obtained from the mobile communications system by transmitting the challenge to the terminal through the network for storage on the terminal to ensure by the terminal that the challenge is used once, by checking at the terminal that the challenging is unique from challenges used in previous authentication exchanges wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal, by generating, if the challenge is unique, a response from the challenge in the identity module of the terminal and by comparing the generated response with the response received from the mobile communications system.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides an authentication method and apparatus for authenticating an identity of a subscriber attached to a network. According to the invention, in a network terminal, a subscriber identity module is used so that a response is obtained as a result of a challenge given to the identity module as input. A special security server in the network is also used so that when a terminal attaches to the network, a message of a new user is transmitted to the security server. Subscriber authentication information corresponding to the new user is fetched from the mobile communications system to the network, wherein the authentication information includes at least a challenge and a response. Authentication is performed based on the authentication information obtained from the mobile communications system by transmitting the challenge to the terminal through the network, by checking at the terminal that the challenging is unique from challenges used in previous authentication exchanges, by generating, if the challenge is unique, a response from the challenge in the identity module of the terminal and by comparing the generated response with the response received from the mobile communications system.
-
Citations
30 Claims
-
1. A method, comprising:
-
in a network terminal, using a subscriber identity module wherein a response is obtained as a result of a challenge given to the identity module as input, the method being used for authenticating an identity of a subscriber attached to a network; using a special security server in the network so that when a terminal attaches to the network, a message of a new user is transmitted to the security server; fetching subscriber authentication information corresponding to the new user from the mobile communications system to the network, the authentication information comprising at least a challenge and a response; and performing authentication based on the authentication information obtained from the mobile communications system by transmitting the challenge to the terminal through the network for storage on the terminal to ensure by the terminal that the challenge is used once, by checking at the terminal that the challenging is unique from challenges used in previous authentication exchanges wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal, by generating, if the challenge is unique, a response from the challenge in the identity module of the terminal and by comparing the generated response with the response received from the mobile communications system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An authentication system comprising an authentication unit, comprising:
-
a subscriber identity module connected to a network terminal, wherein, a response can be determined from a challenge given to the identity module as input; a messaging unit configured to send a message when a terminal attaches to the network; a special security server for receiving the message; a requesting unit configured to request authentication information corresponding to a subscriber from the mobile communications system, which information comprises at least a challenge and a response; on the side of the network, a data transmission unit configured to transmit the challenge through the network to the identity module;
for storage on the terminal to ensure by the terminal that the challenge is used once,a checking unit configured to check, at the terminal, that the challenge is unique from challenges used in previous authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal and for returning a response generated from the unique challenge from the terminal to the network; and a comparing unit configured to compare the generated response with the response received from the mobile communications system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An authentication method, comprising:
-
in a network terminal, using a subscriber identity module, wherein a response is obtained as a result of a challenge given to the identity module as input, the authentication method being used for authenticating an identity of a subscriber attached to a network; storing subscriber-specific authentication information in a database, the information comprising at least a challenge and a response; using a special security server in the network so that when a terminal attaches to the network, a message about the new user is transmitted to the security server; in response to the message, retrieving authentication information of the subscriber corresponding to the new user from the database; and performing authentication based on the authentication information obtained from the database by transmitting the challenge through the network to the terminal for storage on the terminal to ensure by the terminal that the challenge is used once, by checking, in the network terminal, that the challenging is unique from challenges used in previously authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal, by generating, if the challenge is unique, a response from the challenge in the identity module of the terminal, and by comparing the response with the response obtained from the database. - View Dependent Claims (16, 17, 18)
-
-
19. An authentication system comprising an authentication unit which comprises:
-
a subscriber identity module connected to a network terminal, a response can be determined from the challenge given as input to the identity module, the authentication unit being used for authentication of the identity of a subscriber attached to a network; a messaging unit configured to send a message when a terminal attaches to the network; a special security server for receiving the message; a database unit which include a database configured to store subscriber-specific authentication information, the information comprises at least a challenge and a response, and a retrieval unit configure to retrieve subscriber-specific authentication information from the database in response to the message; on the side of the network, a data transmission unit configured to transmit the challenge through the network to the identity module;
for storage on the terminal to ensure by the terminal that the challenge is used once,at the terminal, a checking unit configured to check that the challenge is unique from challenges used in previous authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal if the challenge is unique, for returning the response generated from the unique challenge from the terminal to the network; and a comparing unit configured to compare the received response with the response received from the database. - View Dependent Claims (20, 21, 22)
-
-
23. A method, comprising:
-
receiving a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; storing the challenge on the terminal; checking that the challenge is unique from challenges used in previous authentication exchanges and that the challenge was not previously stored on the terminal; generating a response from the challenge, if the challenge is unique and was not previously stored on the terminals wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; and transmitting the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
24. A method, comprising:
-
receiving a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; checking, at the terminal, that the challenge is unique from challenges used in previous authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; generating a response from the challenge, if the challenge is unique; and transmitting the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
25. An authenticating device being configured to:
-
receive a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; access challenges stored on the terminal, wherein challenges used in previous authentication exchanges are stored on the terminal; check that the challenge is unique from the challenges used in previous authentication exchanges and that the challenge was not previously stored on the terminal, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; generate a response from the challenge, if the challenge is unique and was not previously stored on the terminal; and transmit the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
26. An authenticating device being configured to:
-
receive a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; check that the challenge is unique from the challenges used in previous authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; generate a response from the challenge, if the challenge is unique; and transmit the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
27. An authenticating apparatus, comprising:
-
receiving means for receiving a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; accessing means for accessing challenges stored on the terminal, wherein challenges used in previous authentication exchanges are stored on the terminal;
checking means for checking that the challenge is unique from the challenges used in previous authentication exchanges and that the challenge was not previously stored on the terminals, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal;generating means for generating a response from the challenge, if the challenge is unique and was not previously stored on the terminal; and transmitting means for transmitting the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
28. An authenticating apparatus, comprising:
-
receiving means for receiving a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; checking means for checking that the challenge is unique from the challenges used in previous authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; generating means for generating a response from the challenge, if the challenge is unique; and transmitting means for transmitting the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
29. A terminal configured to:
-
receive a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; access stored challenges, wherein challenges used in previous authentication exchanges are stored on the terminal; check that the challenge is unique from the challenges used in previous authentication exchanges and that the challenge was not previously stored on the terminal, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; generate a response from the challenge, if the challenge is unique and was not previously stored on the terminal; and transmit the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
-
30. A terminal configured to:
-
receive a challenge through a communication network to which a terminal is attached, the challenge being provided in a subscriber authentication information corresponding to the subscriber and obtained from a mobile communications system, the subscriber authentication information comprises at least the challenge and a response; check that the challenge is unique from the challenges used in previous authentication exchanges, wherein the terminal only responds to the challenge if the challenge had not been previously transmitted to the terminal; generate a response from the challenge, if the challenge is unique; and transmit the response generated from the challenge to the communication network for comparing the generated response with the response in the subscriber authentication information received from the mobile communications system.
-
Specification