Broker-based interworking using hierarchical certificates
First Claim
1. In a wireless local area network having an interworking function, a method for interworking between the wireless local area network and a second network, the wireless local area network and the second network capable of communicating with a broker, the method comprising the steps of:
- receiving from the broker, a first key;
receiving from a user device, a second network to user certificate that includes a broker to second network certificate and a second key;
authenticating the broker to second network certificate using the first key to derive a third key;
authenticating the second network to user certificate using the third key to derive the second key;
generating a session key, encrypting the session key using the second key, and transmitting the encrypted session key to the user device; and
communicating with the user device using the session key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authentication authorization and accounting (AAA) in an interworking between at least two networks. The at least two networks are capable of communicating with a broker and include a first network and a second network to user certificate from a user device corresponding to a user of the first network. The first network to user certificate is signed by at a first network private key and includes a broker to first network certificate and a user public key. The broker to first network certificate is signed by a broker private key and includes a first network public key. A session key is sent from the second network to the user device when the broker to first network certificate and the first network to user certificate are determined to be authentic by the second network based upon the broker public key and the first network public key, respectively. The session key is encrypted with the user public key. The session key is permitting the user device to access the second network.
49 Citations
18 Claims
-
1. In a wireless local area network having an interworking function, a method for interworking between the wireless local area network and a second network, the wireless local area network and the second network capable of communicating with a broker, the method comprising the steps of:
-
receiving from the broker, a first key; receiving from a user device, a second network to user certificate that includes a broker to second network certificate and a second key; authenticating the broker to second network certificate using the first key to derive a third key; authenticating the second network to user certificate using the third key to derive the second key; generating a session key, encrypting the session key using the second key, and transmitting the encrypted session key to the user device; and communicating with the user device using the session key. - View Dependent Claims (2, 3, 4)
-
-
5. In a wireless local area network having an interworking function, a method for interworking between the wireless local area network and a second network, the wireless local area network and the second network capable of communicating with a broker, the method comprising the steps of:
-
receiving, from the broker, a broker public key; receiving, from a user device, a second network to user certificate, which is signed with a second network private key and includes a broker to second network certificate and a user public key, the broker to second network certificate being signed with a broker private key and including a second network public key; authenticating the broker to second network certificate using the broker public key and deriving the second network public key; authenticating the second network to user certificate using the second network public key and deriving the user public key; generating a session key, encrypting the session key using the user public key, and transmitting the encrypted session key to the user device; and communicating with the user device using the session key. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for communicating with a wireless local area network using a user device that has a subscription to a second network, the second network having an interworking contract with the wireless local area network, the wireless local area network and the second network capable of communicating with a broker, the method comprising the steps of:
-
receiving, from the second network, a second network to user device certificate, which is signed with a second network private key, and includes a broker to network certificate and a user public key; transmitting to the wireless local area network the second network to user device certificate, wherein the wireless local area network is able to derive the user public key using a broker public key received from the broker entity; receiving, from the wireless local area network, a session key encrypted using the user public key; decrypting the session key with a user private key; and communicating with the wireless local area network using the session key. - View Dependent Claims (11, 12, 13)
-
-
14. A broker based system for authenticating users in networks having interworking relationships, comprising:
-
a wireless local area network having an interworking function; a second network; and a broker capable of communicating with the wireless local area network and the second network, the broker having means for transmitting a broker public key to the wireless local area network, and means for transmitting a broker to second network certificate, which is signed with a broker private key and includes a second network public key, to the second network, the second network including means for transmitting, to a user device, a second network to user certificate signed with a second network private key and includes the broker to second network certificate and the user public key, the wireless local area network including means for authenticating the broker to second network certificate and deriving the second network public key, means for authenticating the second network to user certificate and deriving the user public key, and means for generating a session key and encrypting the session key with the user public key. - View Dependent Claims (15)
-
-
16. A mobile device comprising:
-
means for receiving from a second network a second network to user certificate that includes a broker to second network certificate and a key; means for transmitting said second network to user certificate to a first network; means for receiving a session key generated by said first network; and means for communicating with said first network using said session key. - View Dependent Claims (17, 18)
-
Specification