Authentication between a cellular phone and an access point of a short-range network

US 7,590,246 B2
Filed: 11/26/2004
Issued: 09/15/2009
Est. Priority Date: 11/26/2003
Status: Expired due to Fees

First Claim

Patent Images

1. An authentication method between a short-range wireless network having access points and a mobile terminal within a cellular radio communication network comprising:

transmitting, from the mobile terminal to a controller through the cellular network, a secret code request including a mobile terminal address and an address of an access point in a zone covered by the mobile terminal,generating a secret code in said controller in response to said secret code request,transmitting from the controller to the mobile terminal a confirming message including the secret code and the access point address which is retrieved from the secret code request,transmitting from the controller to the access point a connection request message including the secret code and the mobile terminal address which is retrieved from the secret code request,requesting a connection from the mobile terminal to the access point designated by the address which is retrieved from the confirming message,generating a session key as a function of the access point address, the mobile terminal address and the secret code retrieved from the confirming message and from the connection request message, andthe access point authenticating the mobile terminal as a function of the session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To render secure a connection between an access point of a short-range network and a mobile terminal within a cellular network while precluding acquisition of a PIN code, a platform transmits a confirming message, including a secret code and the access point address retrieved from a terminal request, to the terminal through the cellular network and a connection request message including the secret code and the mobile terminal address to the access point. The access point authenticates the terminal, or the terminals authenticate each other as a function of a session key determined as a function of the secret code retrieved from the connection request message and from the confirming message.

Citations

21 Claims

1. An authentication method between a short-range wireless network having access points and a mobile terminal within a cellular radio communication network comprising:
- transmitting, from the mobile terminal to a controller through the cellular network, a secret code request including a mobile terminal address and an address of an access point in a zone covered by the mobile terminal,generating a secret code in said controller in response to said secret code request,transmitting from the controller to the mobile terminal a confirming message including the secret code and the access point address which is retrieved from the secret code request,transmitting from the controller to the access point a connection request message including the secret code and the mobile terminal address which is retrieved from the secret code request,requesting a connection from the mobile terminal to the access point designated by the address which is retrieved from the confirming message,generating a session key as a function of the access point address, the mobile terminal address and the secret code retrieved from the confirming message and from the connection request message, andthe access point authenticating the mobile terminal as a function of the session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 21)
- - 2. The method of claim 1 wherein the mobile terminal generates the session key as a function of the access point address, the mobile terminal address and the secret code retrieved from the confirming message, and the access point generates the session key as a function of the access point address, the mobile terminal address and the secret code retrieved from the connection request message.
  - 3. The method of claim 1, wherein authentication of the mobile terminal by the access point comprises requesting a first reply as a function of the session key from the access point to the mobile terminal, and transmitting the first reply from the mobile terminal to the access point through the short-range network, and in said access point generating another first reply as a function of the session key, and authorizing opening a session between the access point and the mobile terminal when said first replies are equal.
  - 4. The method of claim 1, wherein authentication of the access point by the mobile terminal as a function of the session key is in response to the access point authenticating the mobile terminal.
  - 5. The method of claim 4, wherein access point authentication by the mobile terminal comprises transmitting a request from the access point to the mobile terminal, in the transmitted request requesting the mobile terminal to authenticate the access point by asking the access point to generate a second reply as a function of the session key and transmit the second reply to the mobile terminal through the short-range network, generating a second reply as a function of the session key in said mobile terminal, and authorizing opening the session between the access point and the mobile terminal in response to said second replies are equal.
  - 6. The method of claim 1 further comprising repeating the connection requesting steps at most a predetermined number of times until the authentication is successful.
  - 7. The method of claim 1 further comprising repeating the transmitting, secret code generating, confirming message transmitting, connection request message transmitting, connection requesting, session key generating and authenticating steps for another access point in the zone covered by the mobile terminal.
  - 8. The method of claim 7 further comprising repeating the connection request steps at most a predetermined number of times until the authentication is successful.
  - 9. The method of claim 1 further comprising, in the mobile terminal, searching for the access point having the highest power level received by the mobile terminal among the access points of the zone covered by the mobile terminal, designating as the optimal access point the access point having the highest power level, and causing said mobile terminal to insert the address of the optimal access point into the secret code request.
  - 10. The method of claim 1 further comprisingin the mobile terminal, searching access points in the zone covered by the mobile terminal, and inserting addresses of the found access points into the secret code request, andin the controller selecting the address of an optimal access point from among the found access point addresses retrieved from the secret code request according to a predetermined criterion, and inserting the optimal access point address into the confirming message transmitted to the mobile terminal and into the connection request message transmitted to the optimal access point.
  - 11. The method of claim 10 wherein the predetermined criterion relates to comparing power levels of the found access points received by the mobile terminal and transmitted jointly with the addresses of the found access points in the secret code request, and causing the controller to designate the access point having the highest received power level as the optimal access point.
  - 12. The method of claim 10 wherein the predetermined criterion relates to comparing the traffic loads of the access points found by the mobile terminal, and causing the controller to select as the optimal access point the access point exhibiting the least traffic load.
  - 13. The method of claim 10 wherein the predetermined criterion also relates to eliminating one of the addresses of the found access points that are situated outside a zone including the mobile terminal and defined within the cellular network before the address of the optimal access point is selected.
  - 14. The method of claim 1 wherein the secret code generated by the controller is generated in a pseudo-random manner, the code having a length larger than 16 octets.
  - 15. The method of claim 1 further comprising causing the controller to generate the session key instead of the session key being generated in the mobile terminal and at the access point, and inserting the generated session key instead of the secret code in the confirming message and in the connection request message.
  - 21. The method of claim 1 wherein the step of transmitting from the controller to the mobile terminal is via a direct communication between them.

16. A controller linked to a cellular radio communication network adapted to participate in authenticating a link between a short-range wireless network and a mobile terminal in the cellular network, the controller being arranged to reply to a secret code request transmitted from the mobile terminal and including the address of the mobile terminal and the address of an access point in the zone covered by the mobile terminal, by generating a secret code in response to said secret code request and transmitting (a) a confirming message including the secret code and the access point address retrieved from the secret code request to the mobile terminal through the cellular network and (b) a connection request message including the secret code and the mobile terminal address retrieved from the secret code request to the access point so the mobile terminal can ask for an authentication to the access point designated by the address retrieved from the confirming message as a function of a session key which is determined as a function of the secret code retrieved from the connection request message and from the confirming message.
- View Dependent Claims (17, 18, 20)
- - 17. The controller of claim 16 in combination with the mobile terminal and the access point, the mobile terminal and the access point being arranged to generate the session key respectively (a) as a function of the access point address, the mobile terminals address, and the secret code retrieved from the confirming message, and (b) as a function of the access point address, the mobile terminal address and the secret code retrieved from the connection request message, the access point being arranged to authenticate the mobile terminal as a function of the session key.
  - 18. The combination of claim 17 wherein the controller is arranged to generate the session key and insert it, instead of the secret code, into the confirming message and into the connection request message.
  - 20. A system including the access point, short range network, mobile terminal and cellular network of claim 18 for performing the method of claim 19.

19. A method of securing a connection between an access point of a short-range network and a mobile terminal within a cellular network while precluding acquisition of a PIN code, comprising transmitting (a) a confirming message including a secret code and the access point address retrieved from a terminal request to the terminal through the cellular network and (b) a connection request message including the secret code and the mobile terminal address to the access point causing the access point to authenticate the terminal as a function of a session key determined as a function of the secret code retrieved from the connection request message and from the confirming message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Trillaud, Sebastien, Maguy, Christophe, Calmels, Beno t
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Hailu; Teshome

Application Number

US10/996,614
Publication Number

US 20050130627A1
Time in Patent Office

1,754 Days
Field of Search

380248-250, 380/270, 455/411, 455/41
US Class Current

380/270
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/71   Hardware identity

H04W 12/73   Access point logical identity

H04W 84/18   Self-organising networks, e...

H04W 88/06   adapted for operation in mu...

Authentication between a cellular phone and an access point of a short-range network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication between a cellular phone and an access point of a short-range network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links