User authentication in a communications system

US 7,970,380 B2
Filed: 06/07/2005
Issued: 06/28/2011
Est. Priority Date: 03/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a network originated identity from a user in a communication network;

associating the network originated identity with at least one non-network originated identity stored in a data storage, wherein the at least one non-network originated identity comprises a first identity of an application outside a domain of an operator of the communication network, and wherein the network originated identity comprises at least a second identity originated by the operator, an internet protocol multimedia private identity, and an international mobile subscriber identity;

receiving a non-network originated identity from the user;

storing data for associating an intermediate identity with the non-network originated identity and the associated network originated identity;

accessing the intermediate identity for verification of the non-network originated identity;

comparing the non-network originated identity from the user with the at least one non-network originated identity from the data storage; and

authenticating the user if the comparison is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method in a communication network wherein users are authenticated based on network originated user identities is disclosed. The authentication method comprising the steps of receiving a network originated identity from a user and associating the network originated identity with at least one non-network originated identity stored in a data storage. When a non-network originated identity is received from the user, the non-network originated identity from the user is compared with the at least one non-network originated identity from the data storage. The user is authenticated if the comparison is valid.

Citations

22 Claims

1. A method comprising:
- receiving a network originated identity from a user in a communication network;
  
  associating the network originated identity with at least one non-network originated identity stored in a data storage, wherein the at least one non-network originated identity comprises a first identity of an application outside a domain of an operator of the communication network, and wherein the network originated identity comprises at least a second identity originated by the operator, an internet protocol multimedia private identity, and an international mobile subscriber identity;
  
  receiving a non-network originated identity from the user;
  
  storing data for associating an intermediate identity with the non-network originated identity and the associated network originated identity;
  
  accessing the intermediate identity for verification of the non-network originated identity;
  
  comparing the non-network originated identity from the user with the at least one non-network originated identity from the data storage; and
  
  authenticating the user if the comparison is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, wherein the associating comprises associating the network originated user identity with at least one non-network originated identity in an application server, and wherein the comparing is implemented at least at one of a bootstrapping function, a home subscriber server, and an application specific server.
  - 3. A method according to claim 1, wherein the authenticating comprises authenticating the user in the data storage.
  - 4. A method according to claim 1, wherein the authenticating comprises authenticating the user in a bootstrapping function.
  - 5. A method according to claim 1, wherein the authenticating comprises authenticating the user in an application server.
  - 6. A method according to claim 1, wherein the associating comprises dispatching the network originated identity to a central data storage which stores associations between mobile identities and application specific identities.
  - 7. A method according to claim 1, wherein the associating comprises retrieving an application specific identity based on a mobile identity and using the application specific identity to access the at least one non-network originated identity.
  - 8. A method according to claim 1, wherein the comparing comprises comparing the non-network originated identity with the at least one non-network originated identity in an element providing a home subscriber database of the user.
  - 9. A method according to claim 1, wherein the comparing comprises comparing the non-network originated identity from the user with at least one non-network originated identity in an application server.
  - 10. A method according to claim 1, wherein the data for association between the intermediate identity and the non-network originated identity is held at an application server.
  - 11. A method according to claim 1, wherein the comparing comprises comparing the at least one non-network originated identity having an association with the intermediate identity and the non-network originated identity received from the user at a network application function of a general authentication architecture.
  - 12. A method according to claim 1, wherein the comparing comprises comparing the at least one non-network originated identity having an association with the intermediate identity and the non-network originated identity received from the user at an application specific server.
  - 13. A method according to claim 1, further comprising:
    - creating a temporary identifier in a bootstrapping function;
      
      sending the temporary identifier to a user equipment; and
      
      sending the temporary identifier from the user equipment to an application function when requesting for a service.
  - 14. A method according to claim 1, comprising authentication by a generic authentication architecture in accordance with specifications of the third generation partnership project.

15. A computer program, embodied on a non-transitory computer readable medium, said computer program controlling a computing system to perform operations comprising:
- receiving a network originated identity from a user in a communication network;
  
  associating the network originated identity with at least one non-network originated identity stored in a data storage, wherein the at least one non-network originated identity comprises a first identity of an application outside a domain of an operator of the communication network, and wherein the network originated identity comprises at least a second identity originated by the operator, an interne protocol multimedia private identity, and an international mobile subscriber identity;
  
  receiving a non-network originated identity from the user;
  
  storing data for associating an intermediate identity with the non-network originated identity and the associated network originated identity;
  
  accessing the intermediate identity for verification of the non-network originated identity;
  
  comparing the non-network originated identity from the user with the at least one non-network originated identity from the data storage; and
  
  authenticating the user if the comparison is valid.

16. An apparatus comprising:
- a receiver configured to receive a network originated identity from a user in a communication network;
  
  an associating unit configured to associate the network originated identity with at least one non-network originated identity, wherein the at least one non-network originated identity comprises a first identity of an application outside a domain of an operator of the communication network, and wherein the network originated identity comprises at least a second identity originated by the operator, an internet protocol multimedia private identity, and an international mobile subscriber identity;
  
  a receiver configured to receive a non-network originated identity from the user;
  
  storage including data for associating an intermediate identity with the non-network originated identity and the associated network originated identity, the intermediate identity accessed for verification of the non-network originated identity;
  
  a comparator configured to compare the non-network originated identity from the user with the at least one non-network originated identity from the associating unit; and
  
  an authenticator configured to authenticate the user if the comparison is valid.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. An apparatus according to claim 16, wherein the receiver configured to receive the network originated identity from the user comprises a bootstrapping function.
  - 18. An apparatus according to claim 16, wherein the receiver configured to receive the non-network originated identity from the user comprises a network application function.
  - 19. An apparatus according to claim 16, wherein said comparator is implemented in a bootstrapping function.
  - 20. An apparatus according to claim 16, wherein said comparator is implemented in a home subscriber server.
  - 21. An apparatus according to claim 16, wherein said comparator is implemented in an application specific server.
  - 22. An apparatus according to claim 16, comprising a generic authentication architecture in accordance with the Third Generation Partnership Project (3GPP) standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Laitinen, Lauri
Primary Examiner(s)
CAI, WAYNE HUU

Application Number

US11/146,154
Publication Number

US 20060205387A1
Time in Patent Office

2,212 Days
Field of Search

455/411, 455/433, 713/155, 380/229, 380/232, 380247-250, 380/258
US Class Current

455/411
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/45   Network directories; Name-t...

H04L 63/08   for authentication of entit...

H04L 67/04   specially adapted for termi...

User authentication in a communications system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication in a communications system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links