Linked authentication protocols
First Claim
1. A method, comprising:
- executing a first authentication protocol, wherein a terminal authentication protocol comprisesauthenticating an identity of a network entity by the terminal in a communication system;
sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and
executing another authentication protocol comprisingsharing challenge data between the network entity and the terminal;
forming at the terminal test data by applying an authentication function to the challenge data;
sending a message comprising terminal authentication data, from the terminal to the network entity; and
determining, based on the terminal authentication data, whether to provide the terminal with access to a service,wherein the determining comprises providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and
forming at the terminal secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authenticating a terminal in a communication system is described. The method includes executing a terminal authentication protocol, whereby the executing the terminal authentication protocol includes authenticating an identity of a network entity by a terminal in a communication system. The method further includes executing a challenge authentication protocol, wherein the executing the challenge authentication protocol includes sharing challenge data between the terminal and the network entity, and forming at the terminal, test data by at least applying one authentication function to the challenge data using the identifier. The executing the challenge authentication protocol further includes transmitting a message including terminal authentication data from the terminal to the network entity, and determining, based on the terminal authentication data, whether to provide the terminal with access to a service.
34 Citations
65 Claims
-
1. A method, comprising:
-
executing a first authentication protocol, wherein a terminal authentication protocol comprises authenticating an identity of a network entity by the terminal in a communication system; sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising sharing challenge data between the network entity and the terminal; forming at the terminal test data by applying an authentication function to the challenge data; sending a message comprising terminal authentication data, from the terminal to the network entity; and determining, based on the terminal authentication data, whether to provide the terminal with access to a service, wherein the determining comprises providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and forming at the terminal secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system, comprising:
-
a terminal configured to apply authentication functions to input data to form response data; and a network entity configured to provide access to a service, wherein the system is configured to perform an authentication method of executing an authentication protocol, wherein the authentication protocol comprises authenticating an identity of the network entity by the terminal in the system; sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising sharing challenge data between the network entity and the terminal; forming at the terminal test data by applying an authentication function to the challenge data; sending a message comprising terminal authentication data from the terminal to the network entity; and determining, based on the terminal authentication data, whether to provide the terminal with access to a service; wherein the determining comprises providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and forming at the terminal secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element. - View Dependent Claims (21)
-
-
22. A method, comprising:
-
executing an authentication protocol, wherein the authentication protocol comprises authenticating an identity of a network entity by a terminal in a communication system, and sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising receiving challenge data from the network entity at the terminal; forming at the terminal test data by applying an authentication function to the challenge data; sending a message comprising terminal authentication data from the terminal to the network entity; and receiving access to a service at the terminal following a determination of whether the terminal authentication data equals a predetermined function of at least the test data and the key; and forming at the terminal secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method, comprising:
-
executing an authentication protocol, wherein the authentication protocol comprises sending an identity of a network entity for authentication by a terminal in a communication system; sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising sending challenge data from the network entity to the terminal for forming test data at the terminal by applying an authentication function to the challenge data; receiving a message comprising terminal authentication data from the terminal at the network entity; determining, based on the terminal authentication data, whether to provide the terminal with access to a service; providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and forming secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. An apparatus, comprising:
-
a processor configured to apply an authentication function to input data to form response data, and to execute an authentication protocol, wherein the authentication protocol comprises authenticating an identity of a network entity by a terminal in a communication system, and sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; wherein the processor is further configured to execute another authentication protocol comprising receiving challenge data from the network entity at the terminal; forming at the terminal test data by applying an authentication function to the challenge data; sending a message comprising terminal authentication data from the terminal to the network entity; receiving access to a service at the terminal following a determination of whether the terminal authentication data equals a predetermined function of at least the test data and the key; and forming at the terminal secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. An apparatus, comprising:
-
a processor configured to execute an authentication protocol, wherein the authentication protocol comprises sending an identity of a network entity for authentication by a terminal in a communication system; and sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; wherein the processor is further configured to execute another authentication protocol comprising sending challenge data from the network entity to the terminal for forming test data at the terminal by applying an authentication function to the challenge data; receiving a message comprising terminal authentication data, from the terminal at the network entity; determining, based on the terminal authentication data, whether to provide the terminal with access to a service; providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and forming secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
63. A computer program product embodied on a computer readable storage medium, the computer program product being configured to control a processor to perform a method comprising:
executing an authentication protocol, wherein the terminal authentication protocol comprises authenticating an identity of a network entity by a terminal in a communication system; sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising sharing challenge data between the network entity and the terminal, forming at the terminal test data by applying an authentication function to the challenge data; sending a message comprising terminal authentication data, from the terminal to the network entity; and determining, based on the terminal authentication data, whether to provide the terminal with access to a service, wherein the determining comprises providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and forming at the terminal secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element.
-
64. A computer program product embodied on a computer readable storage medium, the computer program product being configured to control a processor to perform a process comprising:
-
executing an authentication protocol, wherein the authentication protocol comprises authenticating an identity of a network entity by a terminal in a communication system, and sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising receiving challenge data from the network entity at the terminal; forming at the terminal test data by applying an authentication function to the challenge data; sending a message comprising terminal authentication data from the terminal to the network entity; receiving access to a service at the terminal following a determination of whether the terminal authentication data equals a predetermined function of at least the test data and the session key; and forming a secret key by at least applying a predetermined function to the test data using the session key, the session key binding the authentication protocol and the another authentication protocol.
-
-
65. A computer program product embodied on a computer readable storage medium, the computer program product being configured to control a processor to perform a method comprising:
-
executing an authentication protocol, wherein the authentication protocol comprises sending an identity of a network entity for authentication by a terminal in a communication system; sharing a key between the terminal and the network entity for use in securing subsequent communications between the terminal and the network entity; and executing another authentication protocol comprising sending challenge data from the network entity to the terminal for forming test data at the terminal by applying an authentication function to the challenge data; receiving a message comprising terminal authentication data from the terminal at the network entity; determining, based on the terminal authentication data, whether to provide the terminal with access to a service; providing the terminal with access to the service only when the terminal authentication data equals a predetermined function of at least the test data and the key; and forming secret session keys by at least applying a predetermined function to the test data using the shared key established in the first authentication protocol, wherein the secret session keys are configured to secure the subsequent communications between the terminal and a network element.
-
Specification