System and method for extending secure authentication using unique session keys derived from entropy generated by authentication method

US 7,930,553 B2
Filed: 04/09/2004
Issued: 04/19/2011
Est. Priority Date: 04/11/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for utilizing a public wireless local area network (WPAN) for a client with a smart card, comprising:

creating a one-time entropy generated password for a client including;

combining an identification information of the client, an encryption key provided by the WPAN, and a predetermined text character string to create client identifying information;

calculating a hash value of the created client identifying information, wherein the calculated hash value includes a plurality of octet values; and

converting any non-alphanumeric octet values of the plurality of octet values of the calculated hash value into an alphanumeric octet value;

storing the one-time entropy generated password and identification information of the client on a public wireless local area network; and

utilizing the one-time entropy generated password and identity information of the client to authenticate the client in the public wireless local area network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates generally to the field of communications systems, and more particularly, to a system and method for extending secure authentication using unique session keys derived from entropy generated by authentication method. In one example, a method for utilizing a public wireless local area network for a client with a smart card includes: creating an one-time password for a client upon a successful authentication; storing the password and identification information of the client; and utilizing the password and the client identity information to authenticate the client in the public wireless local area network.

106 Citations

View as Search Results

19 Claims

1. A method for utilizing a public wireless local area network (WPAN) for a client with a smart card, comprising:
- creating a one-time entropy generated password for a client including;
  
  combining an identification information of the client, an encryption key provided by the WPAN, and a predetermined text character string to create client identifying information;
  
  calculating a hash value of the created client identifying information, wherein the calculated hash value includes a plurality of octet values; and
  
  converting any non-alphanumeric octet values of the plurality of octet values of the calculated hash value into an alphanumeric octet value;
  
  storing the one-time entropy generated password and identification information of the client on a public wireless local area network; and
  
  utilizing the one-time entropy generated password and identity information of the client to authenticate the client in the public wireless local area network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the authentication is provided by a Remote Authentication Dial-In User Service (RADIUS) server.
  - 3. The method of claim 1 further comprising authenticating the client by a server associated with said WPAN based on a smart card.
  - 4. The method of claim 1 further comprising authenticating the client by a server associated with said WPAN based on a universal subscriber identity module card.
  - 5. The method of claim 1 further comprising authenticating the client by a server associated with said WPAN based on a subscriber identity module card.
  - 6. The method of claim 1 further comprising modifying accounting data from the public wireless local area network to include charging data record fields for the client.
  - 7. The method of claim 1 wherein the creating is independently performed by each of two entities.
  - 8. The method of claim 1 wherein the creating comprises utilizing international mobile subscriber identity (IMSI) of the client.
  - 9. The method of claim 1 wherein the creating comprises utilizing a pseudonym of the client.
  - 10. The method of claim 1 wherein the creating comprises utilizing Point-to-Point Encryption Send-Key.
  - 11. The method of claim 1 wherein the creating comprises utilizing Point-to-Point Encryption Recv-Key.
  - 12. The method of claim 1 wherein the creating comprises;
    - calculating a hash value using a SHA-1 hashing process, the hash value comprising a plurality of octet values; and
      
      converting any non-alphanumeric octet values of the plurality of octet values into an alphanumeric octet value.

13. A system for utilizing a public wireless local area network for a client with a smart card, comprising:
- a smart card for a client; and
  
  a first adapter arranged to generate a one-time use password for the client, wherein the one-time use password is generated by;
  
  combining an identification information of the client, an encryption key provided by the WPAN to create client identifying information;
  
  calculating a hash value of the created client identifying information, wherein the calculated hash value includes a plurality of octet values; and
  
  converting any non-alphanumeric octet values of the plurality of octet values of the calculated hash value into an alphanumeric octet value,wherein the password is used for authenticating the client by a Remote Authentication Dial-In User Service (RADIUS) server.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13 further comprising a second adapter for authenticating the client by a second server based on the smart card.
  - 15. The system of claim 14 wherein the first and second adapters reside on separate devices.
  - 16. The system of claim 14 further comprising a third adapter for modifying RADIUS based accounting data to generate General Packed Radio Server (GPRS) based accounting data.
  - 17. The system of claim 16 further comprising a fourth adapter for generating the password for the client.

18. A method for adapting a public wireless local area network for a client with a smart card, comprising:
- creating a one-time use password for a client including;
  
  combining information of the client, an encryption key provided by the WPAN, and a text character string to create client identifying information;
  
  calculating a hash value of the created client identifying information, wherein the calculated hash value includes a plurality of octet values; and
  
  converting any non-alphanumeric octet values of the plurality of octet values of the calculated hash value into an alphanumeric octet value;
  
  storing the password and the identification information on a Remote Authentication Dial-In User Service (RADIUS) server;
  
  utilizing the created password and the identification information to authenticate the client on the RADIUS server; and
  
  modifying RADIUS based accounting data to generate General Packed Radio Server (GPRS) based accounting data for the client.
- View Dependent Claims (19)
- - 19. The method of claim 18 wherein the encryption key provided by the WPAN is selected from the group consisting of:
    - Kc, which is a 64 bit ciphering key known in the art;
      
      Point-to-Point Encryption Send-Key; and
      
      Point-to-Point Encryption Recv-Key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Alperovich, Vlad, Kim, Yoon Hee, Greenwood, Martin, Hui, David Ka-Wai, Satarasinghe, Prasanna J.
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US10/821,435
Publication Number

US 20040268122A1
Time in Patent Office

2,566 Days
Field of Search

726 3- 5
US Class Current

713/184
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04W 12/068   using credential vaults, e....

H04W 88/06   adapted for operation in mu...

System and method for extending secure authentication using unique session keys derived from entropy generated by authentication method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for extending secure authentication using unique session keys derived from entropy generated by authentication method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links