Method and system for managing network identity
First Claim
1. A method for managing network identity (ID), comprising:
- a mobile device applying for a first short-term certificate from an ID management server, wherein the first short-term certificate includes a temporary ID of a user of the mobile device;
the mobile device using the temporary ID to log into a visited network to which an authentication device belongs and using the first short-term certificate to establish a secure channel with the authentication device; and
the mobile device using the visited network through the secure channel, wherein all network packets sent from the mobile device are relayed by the authentication device, and wherein the first short-term certificate is discarded after use and is re-applied every time before the mobile device uses the visited network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system for managing network identity are provided. The method and the system realize a management mechanism of temporary identification (ID) and real ID, which simultaneously achieves functionalities such as anonymity, accounting, and authorization. A short-term certificate and a corresponding public/private key pair are used to protect a temporary ID usable for accounting. This protection prevents the temporary ID from theft. The user generates a digital signature in the reply to a charge schedule statement from the visited network. This procedure is incorporated into an existing authentication framework based on Transport Layer Security (TLS) in order to provide an undeniable payment mechanism. The payment mechanism is applicable in an environment of multiple network operators and reduces the difficulty of integrating network operators. The method and the system do not have to consult a certificate revocation list (CRL) for authentication and thus are able to shorten authentication time.
165 Citations
24 Claims
-
1. A method for managing network identity (ID), comprising:
-
a mobile device applying for a first short-term certificate from an ID management server, wherein the first short-term certificate includes a temporary ID of a user of the mobile device; the mobile device using the temporary ID to log into a visited network to which an authentication device belongs and using the first short-term certificate to establish a secure channel with the authentication device; and the mobile device using the visited network through the secure channel, wherein all network packets sent from the mobile device are relayed by the authentication device, and wherein the first short-term certificate is discarded after use and is re-applied every time before the mobile device uses the visited network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for managing network identity (ID), comprising:
-
a mobile device; an authentication device; and an ID management server, wherein the mobile device applies for a first short-term certificate from the ID management server, the first short-term certificate includes a temporary ID of a user of the mobile device, the mobile device uses the temporary ID to log into a visited network to which the authentication device belongs and uses the first short-term certificate to establish a secure channel with the authentication device, the mobile device uses the visited network through the secure channel, and all network packets sent from the mobile device are relayed by the authentication device, wherein the first short-term certificate is discarded after use and is re-applied every time before the mobile device uses the visited network. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification