Method and apparatus for using generic authentication architecture procedures in personal computers

US 8,543,814 B2
Filed: 01/10/2006
Issued: 09/24/2013
Est. Priority Date: 01/12/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

authenticating, with a mobile terminal including an identity module, to a service provider to obtain generic bootstrapping architecture credentials specific to the service provider using only authentication information provided from the identity module in the mobile terminal;

transferring the generic bootstrapping architecture credentials specific to the service provider from the mobile terminal via a local link to a personal computer, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the generic bootstrapping architecture credentials specific to the service provider are based upon at least one parameter representative of a universal subscriber identity module vector contained in the identity module of the mobile terminal;

attempting, by the personal computer, to access the service provider;

receiving an authentication request in the personal computer from the service provider in response to the access attempt; and

querying, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein querying further comprises;

sending a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;

requesting, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;

establishing the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and

sending the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating to a third party service provider from a personal computer. The method includes authenticating, with a mobile terminal, to the service provider with a universal subscriber identity module associated with the mobile terminal to obtain credentials specific to the service provider, transferring the credentials specific to the service provider from the mobile terminal to the personal computer, and accessing the service provider with the personal computer using the credentials transferred from the mobile terminal. The apparatus includes a mobile terminal, a computing device, a bootstrapping security module, and a network application function that cooperatively work to allow the computing device to access the network application function using a security credential from the mobile terminal.

Citations

28 Claims

1. A method, comprising:
- authenticating, with a mobile terminal including an identity module, to a service provider to obtain generic bootstrapping architecture credentials specific to the service provider using only authentication information provided from the identity module in the mobile terminal;
  
  transferring the generic bootstrapping architecture credentials specific to the service provider from the mobile terminal via a local link to a personal computer, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the generic bootstrapping architecture credentials specific to the service provider are based upon at least one parameter representative of a universal subscriber identity module vector contained in the identity module of the mobile terminal;
  
  attempting, by the personal computer, to access the service provider;
  
  receiving an authentication request in the personal computer from the service provider in response to the access attempt; and
  
  querying, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein querying further comprises;
  
  sending a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  requesting, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establishing the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  sending the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the identity module comprises a universal subscriber identity module.
  - 3. The method of claim 1, wherein the service provider comprises a network application function.
  - 4. The method of claim 1, wherein the authentication request comprises a public key cryptography standard number ten request, and the credentials comprise a subscriber certificate.
  - 5. The method of claim 1, wherein transferring the credentials further comprises prompting a user of the mobile terminal for approval to transfer the credentials to the personal computer and transferring the credentials after receiving the approval from the user.
  - 6. The method of claim 1, wherein the credentials comprise a bootstrapping transaction identifier and a network application function specific shared secret.
  - 7. The method of claim 6, wherein the bootstrapping transaction identifier and a network application function specific shared secret comprise a username and a network application function specific key material.
  - 8. The method of claim 1, wherein the credentials comprise master credentials that include a username and a password.
  - 9. The method of claim 1, wherein transferring comprises using a wireless communication medium.

10. A method, comprising:
- determining network application function specific generic bootstrapping architecture credentials are needed for an application running on a computing device comprising a personal computer;
  
  requesting, by the application and through a generic bootstrapping architecture application programming interface that incorporates a wireless communication medium, the generic bootstrapping architecture credentials from a mobile terminal, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the network application function specific generic bootstrapping architecture credentials are based upon at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal;
  
  bootstrapping by the mobile terminal with a bootstrapping server function to establish a master generic bootstrapping architecture credentials using only authentication information provided from the identity module in the mobile terminal;
  
  transmitting the network application function specific generic bootstrapping architecture credentials from the mobile terminal to the a generic bootstrapping architecture application programming interface, which transmits the network application specific generic bootstrapping architecture credentials to the application running on the personal computer;
  
  attempting, by the application running on the personal computer, to access a service provider;
  
  receiving an authentication request in the personal computer from the service provider in response to the access attempt; and
  
  querying, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein querying further comprises;
  
  sending a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  requesting, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establishing the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  sending the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein requesting further comprises authorizing, by a user of the mobile terminal, transmitting of the network application function specific generic bootstrapping architecture credentials.
  - 12. The method of claim 10, further comprising determining if a preexisting bootstrapping session is active, and sending the network application function specific generic bootstrapping architecture credentials from the pre-existing bootstrapping session if a session is determined to be active.
  - 13. The method of claim 10, wherein the network application function specific generic bootstrapping architecture credentials are based upon an identification of the network application function.
  - 14. The method of claim 13, wherein the universal subscriber identity module vector remains in the mobile terminal and is secure from outside view.

15. An apparatus, comprising:
- an authenticator configured to authenticate a computing device, wherein a universal subscriber identity module of a mobile terminal is configured to contain a shared secret, and the computing device comprising a personal computer is in communication with the mobile terminal and is configured to use a network application function that requires credentials; and
  
  a bootstrapping server function module in communication with the mobile terminal, the bootstrapping server function module being configured to establish master generic bootstrapping architecture credentials with the mobile terminal using only authentication information provided from the identity module in the mobile terminal, and to generate and transmit generic bootstrapping architecture credentials specific to the network application function to the network application function upon receiving a request for credentials from the network application function, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer;
  
  wherein the mobile terminal is configured to cause a generation and transfer of the generic bootstrapping architecture credentials specific to the network application function to the personal computer upon receiving a request for credentials from the personal computer for use in accessing the network application function;
  
  wherein the personal computer is configured to;
  
  attempt to access the service provider;
  
  receive an authentication request from the service provider in response to the access attempt; and
  
  query, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein query further causes the personal computer to;
  
  send a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  request, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establish the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  send the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.
- View Dependent Claims (16, 17)
- - 16. The apparatus of claim 15, wherein the mobile terminal comprises a cellular telephone and wherein the computing device comprises a personal computer.
  - 17. The apparatus of claim 16, wherein the cellular telephone and the personal computer each have a wireless communication therein, the respective wireless communication devices being configured to communicate with each other to transmit a request for the credentials to the cellular phone from the personal computer and to transmit granted credentials from the cellular phone to the personal computer.

18. An apparatus, comprising:
- determining means for determining generic bootstrapping architecture credentials needed for an application running on a computing device comprising a personal computer and requesting, by the application and through a generic bootstrapping architecture application programming interface that incorporates a wireless communication medium, the generic bootstrapping architecture credentials from a mobile terminal, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the generic bootstrapping architecture credentials are based upon at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal;
  
  bootstrapping means for bootstrapping the mobile terminal with a bootstrapping, server function to establish the bootstrapping architecture credentials using only authentication information provided from the identity module in the mobile terminal, which are transmitted to the application running on the personal computer from the mobile terminal; and
  
  processing means for processing, by the application running on the personal computer, the bootstrapping architecture credentials to run the application, wherein the processing means further configures the personal computer to;
  
  attempt to access the service provider;
  
  receive an authentication request from the service provider in response to the access attempt; and
  
  query, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein query further causes the personal computer to;
  
  send a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  request, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establish the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  send the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.

19. An apparatus, comprising:
- authenticating means for authenticating, with a mobile terminal, using only authentication information provided from an identity module in the mobile terminal to a service provider with the identity module associated with the mobile terminal to obtain generic bootstrapping architecture credentials specific to the service provider;
  
  transferring means for transferring the generic bootstrapping architecture credentials specific to the service provider from the mobile terminal to a personal computer, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the generic bootstrapping architecture credentials specific to the service provider are based upon at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal; and
  
  accessing means for accessing the service provider with the personal computer using the generic bootstrapping architecture credentials transferred from the mobile terminal, wherein the accessing means causes the personal computer to;
  
  attempt to access the service provider;
  
  receive an authentication request from the service provider in response to the access attempt; and
  
  query, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein query further causes the personal computer to;
  
  send a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  request, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establish the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  send the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.

20. A system, comprising:
- a mobile terminal in communication with a personal computer, wherein the communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer; and
  
  a bootstrapping security function operating on the mobile terminal in communication with the generic authentication architecture server component;
  
  wherein the generic authentication architecture server component is configured to conduct bootstrapping with the bootstrapping security function to generate using only authentication information provided from the identity module in the mobile terminal and transmit a generic bootstrapping architecture credential to the generic authentication architecture client in the personal computer for use in accessing a network application function, wherein the generic bootstrapping architecture credentials are based upon at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal;
  
  wherein the personal computer further;
  
  attempts to access the service provider;
  
  receives an authentication request from the service provider in response to the access attempt; and
  
  query, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein query further causes the personal computer to;
  
  send a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  request, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establish the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  send the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.

21. An apparatus, comprising:
- a determiner configured to determine generic bootstrapping architecture credentials needed for an application running on a computing device, and to request, by the application and through a generic bootstrapping architecture application programming interface that incorporates a wireless communication medium, the generic bootstrapping architecture credentials using only authentication information provided from the identity module in the mobile terminal from a mobile terminal, wherein a communication between the mobile terminal and a personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the generic bootstrapping architecture credentials are based upon at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal;
  
  a processor configured to bootstrap the mobile terminal with a bootstrapping server function to establish the bootstrapping architecture credentials, which are transmitted to the application running on the computing device from the mobile terminal, and to process, by the application running on the computing device, the bootstrapping architecture credentials to run the application;
  
  wherein the application running on the computing device causes the computing device to;
  
  attempt to access the service provider;
  
  receive an authentication request from the service provider in response to the access attempt;
  
  query, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein query further causes the personal computer to;
  
  send a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  request, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establish the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  send the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.

22. An apparatus, comprising:
- an authenticator configured to authenticate, with a mobile terminal, to a service provider with an identity module associated with the mobile terminal to obtain credentials specific to the service provider using only authentication information provided from the identity module in the mobile terminal;
  
  a transmitter configured to transmit the credentials specific to the service provider from the mobile terminal to a personal computer, wherein a communication between the mobile terminal and the personal computer is established via a generic authentication server architecture component on the mobile terminal and a generic authentication client architecture component on the personal computer, wherein the credentials specific to the service provider are based upon at least one parameter representative of a universal subscriber identity module vector contained in the mobile terminal; and
  
  an accessor configured to access the service provider with the personal computer using the credentials transferred from the mobile terminal, wherein the accessor causes the personal computer to;
  
  attempt to access the service provider;
  
  receive an authentication request from the service provider in response to the access attempt;
  
  query, with the generic authentication client architecture component in the personal computer, the generic authentication server architecture component in the mobile terminal for the generic bootstrapping architecture credentials, wherein the local link comprises one or more of a cable, an infrared connection, and a wireless connection, wherein query further causes the personal computer to;
  
  send a message from the generic authentication client architecture component in the personal computer to the generic authentication server architecture component in the mobile terminal containing an identification for the service provider;
  
  request, with the generic authentication server architecture component in the mobile terminal, from a bootstrapping server function, to establish the credentials;
  
  establish the generic bootstrapping architecture credentials between the bootstrapping server function and the generic authentication server architecture component in the mobile terminal; and
  
  send the credentials from the generic authentication server architecture component in the mobile terminal to the generic authentication client architecture component in the personal computer.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The apparatus of claim 22, wherein the identity module comprises a universal subscriber identity module.
  - 24. The apparatus of claim 22, wherein the service provider comprises a network application function.
  - 25. The apparatus of claim 22, wherein the transmitter is configured to transmit the credentials and to prompt a user of the mobile terminal for approval to transfer the credentials to the personal computer and transmit the credentials after receiving the approval from the user.
  - 26. The apparatus of claim 22, wherein the credentials comprise a bootstrapping transaction identifier and a network application function specific shared secret.
  - 27. The apparatus of claim 22, wherein the credentials comprise master credentials that include a username and a password.
  - 28. The apparatus of claim 22, wherein the transmitter is configured to transmit the credentials using a wireless communication medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
RPX Corporation
Inventors
Laitinen, Pekka, Lakshmeshwar, Shreekanth
Primary Examiner(s)
Edouard, Patrick
Assistant Examiner(s)
HEIBER, SHANTELL LAKETA

Application Number

US11/328,155
Publication Number

US 20060218396A1
Time in Patent Office

2,814 Days
Field of Search

713/176, 713/162, 713/166, 713/168, 713/169, 713/171, 713/155, 726/4, 726/5
US Class Current

713/167
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/43   using shared identity modul...

Method and apparatus for using generic authentication architecture procedures in personal computers

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for using generic authentication architecture procedures in personal computers

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links