One-pass authentication mechanism and system for heterogeneous networks

US 9,332,000 B2
Filed: 02/21/2008
Issued: 05/03/2016
Est. Priority Date: 02/21/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of one-pass authentication mechanism for heterogeneous networks, comprising the steps of:

authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and

when the authentication is successful, thencomparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, andsetting up security associations between the user and the second network when the retrieved first user identity matches the first user identity provided by the user;

wherein the first network is a WiMAX network and the second network is an IP Multimedia Subsystem (IMS) network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A one-pass authentication mechanism and system for heterogeneous networks are provided. The mechanism comprises authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and if the authentication is successful, then comparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, and setting up security associations between the user and the second network if the retrieved first user identity matches the first user identity provided by the user.

Citations

15 Claims

1. A method of one-pass authentication mechanism for heterogeneous networks, comprising the steps of:
- authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and
  
  when the authentication is successful, thencomparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, andsetting up security associations between the user and the second network when the retrieved first user identity matches the first user identity provided by the user;
  
  wherein the first network is a WiMAX network and the second network is an IP Multimedia Subsystem (IMS) network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising the steps of:
    - intercepting the request of the user to register the second network, wherein the request contains the second user identity provided by the user; and
      
      before forwarding the request, modifying the request by adding the first user identity provided by the user in the authentication.
  - 3. The method of claim 1, wherein the step of authenticating the user based on the authentication key and the authentication algorithm further comprises the steps of:
    - selecting first authentication parameters for the user;
      
      performing verifications based on the first authentication parameters according to a first authentication agreement between the user and the first network; and
      
      performing a registration procedure of the first network for the user after performing the verifications successfully.
  - 4. The method of claim 3, wherein the first authentication agreement shares the authentication key and the authentication algorithm with a second authentication agreement between the user and the second network.
  - 5. The method of claim 4, wherein the step of setting up the security associations between the user and the second network is based on second authentication parameters for the user according to the second authentication agreement.
  - 6. The method of claim 5, further comprising the step of generating the second authentication parameters based on records of the user retrieved from the authentication database through the second user identity provided by the user, wherein the records of the user include at least the authentication key and the authentication algorithm.
  - 7. The method of claim 3, further comprising the step of generating the first authentication parameters based on records of the user retrieved from the authentication database through the first user identity provided by the user, wherein the records of the user include at least the authentication key and the authentication algorithm.
  - 8. The method of claim 1, wherein the first network and the second network use the same authentication functions and the same authentication key.

9. A one-pass authentication system for heterogeneous networks, comprising:
- an authentication database adapted to store a first user identity for a first network, a second user identity for a second network, and an authentication key and an authentication algorithm associated with the first and second user identities;
  
  a first authentication server adapted to authenticate a user based on the authentication key and the authentication algorithm in response to a request of the user to register the first network; and
  
  a second authentication server adapted to compare the first user identity retrieved from the authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, and set up security associations between the user and the second network when the retrieved first user identity matches the first user identity provided by the user;
  
  wherein the first network is a WiMAX network and the second network is an IP Multimedia Subsystem (IMS) network.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system according to claim 9, further comprising an access gateway connected to the first and second authentication servers, wherein the access gateway is adapted to:
    - intercept the request of the user to register the second network, wherein the request contains the second user identity provided by the user; and
      
      before forwarding the request, modify the request by adding the first user identity provided by the user in the authentication.
  - 11. The system according to claim 9, wherein the first authentication server is further adapted to:
    - select first authentication parameters for the user;
      
      perform verifications based on the first authentication parameters according to a first authentication agreement between the user and the first network; and
      
      perform a registration procedure of the first network for the user after performing the verifications successfully.
  - 12. The system according to claim 11, wherein the first authentication agreement shares the authentication key and the authentication algorithm with a second authentication agreement between the user and the second network.
  - 13. The system according to claim 12, wherein the second authentication server is further adapted to set up the security associations between the user and the second network based on second authentication parameters for the user according to the second authentication agreement.
  - 14. The system according to claim 13, wherein the second authentication server is further adapted to access the second authentication parameters from the authentication database, and the authentication database is further adapted to:
    - retrieve records of the user through the second user identity provided by the user, wherein the records of the user include at least the authentication key and the authentication algorithm; and
      
      generate the second authentication parameters based on the records of the user.
  - 15. The system according to claim 11, wherein the first authentication server is further adapted to access the first authentication parameters from the authentication database, and the authentication database is further adapted to:
    - retrieve records of the user through the first user identity provided by the user, wherein the records of the user include at least the authentication key and the authentication algorithm; and
      
      generate the first authentication parameters based on the records of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Lei, Zhengxiong, Yan, Xueqiang
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US12/735,588
Publication Number

US 20110010764A1
Time in Patent Office

2,994 Days
Field of Search

713/168
US Class Current

1/1
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless

H04L 63/0815   providing single-sign-on or...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1073   Registration or de-registra...

H04L 9/3273   for mutual authentication n...

H04W 12/069   using certificates or pre-s...

H04W 84/02   Hierarchically pre-organise...

H04W 92/02   Inter-networking arrangements

One-pass authentication mechanism and system for heterogeneous networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

One-pass authentication mechanism and system for heterogeneous networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links