Characteristics of security associations
First Claim
1. A method of authenticating a user of a wireless transmit/receive unit (WTRU), the method comprising, at the WTRU:
- obtaining, from an access control entity, an assurance level associated with a user authentication strength that is required to access a resource controlled by the access control entity;
generating an assertion based on the assurance level that is obtained, the assertion comprising an indication of a freshness of an authentication of the user, and an indication of a strength of the authentication of the user, the indication of the freshness based on a time that the authentication of the user occurred; and
based on the assertion as compared to the user authentication assurance level that is required, receiving access to the resource via the WTRU.
1 Assignment
0 Petitions
Accused Products
Abstract
Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource.
36 Citations
31 Claims
-
1. A method of authenticating a user of a wireless transmit/receive unit (WTRU), the method comprising, at the WTRU:
-
obtaining, from an access control entity, an assurance level associated with a user authentication strength that is required to access a resource controlled by the access control entity; generating an assertion based on the assurance level that is obtained, the assertion comprising an indication of a freshness of an authentication of the user, and an indication of a strength of the authentication of the user, the indication of the freshness based on a time that the authentication of the user occurred; and based on the assertion as compared to the user authentication assurance level that is required, receiving access to the resource via the WTRU. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a system comprising a wireless transmit/receive unit (WTRU) and an access control entity (ACE) which communicate via a network, a method of authenticating a user of the WTRU and the WTRU, the method comprising:
-
requesting access to a service controlled by the ACE; providing a user assertion, to the ACE, associated with the user, wherein the user assertion indicates a result of an authentication between the user and a user authenticator and assertion function (UAAF), and wherein the user assertion comprises a user authentication assurance level; providing a device assertion, to the ACE, associated with a device identity of the WTRU, wherein the device assertion indicates a result of an authentication between the WTRU and a device authenticator and assertion function (DAAF), and wherein the device assertion comprises a device authentication assurance level; binding the user assertion with the device assertion to create a bounded assertion; and sending the bounded assertion to the ACE to receive access to the service. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A wireless transmit/receive unit (WTRU) having a user, the WTRU comprising:
-
a memory comprising executable instructions; and a processor in communications with the memory, the instructions, when executed by the processor, cause the processor to effectuate operations comprising; obtaining, from an access control entity, an assurance level associated with a user authentication strength that is required to access a resource controlled by the access control entity; generating an assertion based on the assurance level that is obtained, the assertion comprising an indication of a freshness of an authentication of the user, and an indication of a strength of the authentication of the user, the indication of the freshness based on a time that the authentication of the user occurred; and based on the assertion as compared to the user authentication assurance level that is required, receiving access to the resource via the WTRU. - View Dependent Claims (27, 28, 29, 30, 31)
-
Specification