System and method for strong authentication achieved in a single round trip

US 7,472,269 B2
Filed: 02/25/2002
Issued: 12/30/2008
Est. Priority Date: 02/23/2001
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

sending a random number to a mobile node, wherein the random number is generated local to the mobile node, wherein the random number is generated by a base station;

generating a mobile node signature using the mobile node, wherein the mobile node signature is generated using the random number;

authenticating the mobile node to a network, wherein the network is a general packet radio service network; and

authenticating the network to the mobile node,wherein the authenticating the mobile node to the network and the authenticating the network to the mobile node is performed in a single round trip while the mobile node is roaming.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for strong authentication achieved in a single round trip is disclosed, which reduces the amount of time needed for a mobile node to be authenticated by the network. In an embodiment of the present invention, the, authentication time is approximately three times faster than for 3GPP.

18 Citations

View as Search Results

20 Claims

1. A method, comprising:
- sending a random number to a mobile node, wherein the random number is generated local to the mobile node, wherein the random number is generated by a base station;
  
  generating a mobile node signature using the mobile node, wherein the mobile node signature is generated using the random number;
  
  authenticating the mobile node to a network, wherein the network is a general packet radio service network; and
  
  authenticating the network to the mobile node,wherein the authenticating the mobile node to the network and the authenticating the network to the mobile node is performed in a single round trip while the mobile node is roaming.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein authenticating the mobile node to the network, further comprisessending the mobile node signature to an authentication server, andverifying, by the authentication server, the mobile node signature.
  - 3. The method of claim 1, wherein authenticating the network to the mobile node, further comprisesgenerating an authentication signature by the authentication server;
    - andsending the authentication signature to the mobile node.
  - 4. The method of claim 3, further comprising:
    - verifying, by the mobile node, the authentication signature.
  - 5. The method of claim 1, wherein the authentication server is a home authentication server.
  - 6. The method of claim 5, wherein sending the mobile node signature to the home authentication server, further comprisessending the mobile node signature to a local authentication server, wherein local authentication server is located in a foreign domain and forwards the signature to the home authentication server.
  - 7. The method of claim 6, further comprising:
    - determining when the mobile node signature is not verified, and when the mobile node signature is not verified ending the strong authentication.
  - 8. The method of claim 7, further comprisingdetermining when the authentication signature is not verified, and when the authentication signature is not verified ending the strong authentication.

9. A system, comprising:
- a mobile node that is configured to generate a mobile node signature in response to a random number received from a source within a domain local to a current position relating to the mobile node and send the mobile node signature to be verified, wherein the random number is generated by a base station;
  
  the authentication server located within a home domain associated with the mobile node that is configured to receive the mobile node signature, verify the mobile node signature, and in response to the verification of the mobile node signature that indicates that the mobile node is verified to a network, wherein the network is a general packet radio service network, return an authentication signature to the mobile node,wherein the verification of the mobile node by the authentication server and verification of the authentication signature by the mobile node is performed in a single round trip while the mobile node is roaming.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, wherein the source comprises the base station, wherein the base station is within the domain local to the mobile node and is configured to generate the random number and send the random number to the mobile node.
  - 11. The system of claim 10, wherein the mobile node is configured to verify the authentication signature, and, when the authentication signature is verified, to authenticate the network to the mobile node.
  - 12. The system of claim 9, wherein the mobile node is configured to verify the authentication signature, and, when the authentication signature is verified, to authenticate the network to the mobile node.
  - 13. The system of claim 9, wherein the authentication server is a home authentication server.
  - 14. The system of claim 13, wherein the mobile node is configured to send the mobile node signature to a local authentication server, and the local authentication server is configured to forward the signature to the home authentication server.
  - 15. The system of claim 14, wherein the home authentication server is further configured to send the authentication signature to the local authentication server, wherein the local authentication server is configured to send the authentication signature to the mobile node.
  - 16. The system of claim 15, wherein the home authentication server is further configured to determine when the mobile node signature is not verified, and, when the mobile node signature is not verified, to end the strong authentication.
  - 17. The system of claim 16, wherein the mobile node is further configured to determine when the authentication signature is not verified, and, when the authentication signature is not verified, to end the strong authentication.

18. A system, comprising:
- a base station for generating a random number local to the mobile node;
  
  a means for sending the random number to the mobile nodea means for generating a mobile node signature using the mobile node, wherein the mobile node signature is generated using the random number;
  
  a means for sending the mobile node signature to an authentication server within a general packet radio service network, andverifying by the authentication the mobile node signature; and
  
  in response to the verifying, generating an authentication signature and sending the authentication signature to the mobile node for verification,wherein the verification of the mobile node by the authentication server and verification of the authentication signature by the mobile node is performed in a single round trip while the mobile node is roaming.

19. A base station, comprising:
- a random number generation unit configured to generate a random number;
  
  a transmission unit configured to send the random number to a mobile node that is roaming and is connected to the base station;
  
  a reception unit configured to receive a mobile node signature generated by the mobile node using the random number;
  
  an authentication unit configured to authenticate the mobile node to a network by communicating with an authentication server, wherein the network is a general packet radio service network; and
  
  a provision unit configured to provide an authentication signature to the mobile node,wherein the authenticating the mobile node to the network and the providing the authentication signature to the mobile node is performed in a single round trip.

20. A base station, comprising:
- random number generation means for generating a random number;
  
  transmission means for sending the random number to a mobile node that is roaming and is connected to the base station;
  
  reception means for receiving a mobile node signature generated by the mobile node using the random number;
  
  authentication means for authenticating the mobile node to a network by communicating with an authentication server, wherein the network is a general packet radio service network; and
  
  provision means for providing an authentication signature to the mobile node,wherein the authenticating the mobile node to the network and the providing the authentication signature to the mobile node is performed in a single round trip.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Perkins, Charles E., Afifi, Hossam
Primary Examiner(s)
Nalven; Andrew L

Application Number

US10/083,448
Publication Number

US 20020178358A1
Time in Patent Office

2,500 Days
Field of Search

713/159, 713/168, 713172-176, 713/201, 713/155, 726/4, 380/259
US Class Current

713/155
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/0892   by using authentication-aut...

H04L 63/126   the source of the received ...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04W 12/069   using certificates or pre-s...

H04W 80/04   Network layer protocols, e....

System and method for strong authentication achieved in a single round trip

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for strong authentication achieved in a single round trip

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links