Providing credentials

US 20050081066A1
Filed: 08/20/2004
Published: 04/14/2005
Est. Priority Date: 08/27/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing credentials for using a service in a first data network from a second data network, where there is a data transmission connection to the first data network via a gateway, the method comprising:

performing a login by the user to the gateway with a user identifier, transmitting said user identifier from the second data network via a gateway to an authentication server, verifying the user identifier in said authentication server, sending information on a successful login to the gateway, storing information connected to the credentials in connection with the authentication server, wherein the method comprises transmitting the information connected to the credentials from the authentication server to the gateway in connection with said login, and transmitting the credentials from the gateway to said service in the first data network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method and a system for providing credentials for using a service in a first data network. The user logs in to a second data network with a user identifier, which is transmitted from the second network via a gateway to an authentication server, where the user identifier is verified and information on a successful login is sent to the gateway. Information connected to the credentials is stored in connection with the authentication server, in which case the information connected to the credentials is transmitted from the authentication server to the gateway in the login phase. From the gateway the credentials are transmitted to the service in the first data network. The invention also relates to a authentication server to be used in the system, and a gateway.

63 Citations

View as Search Results

15 Claims

1. A method for providing credentials for using a service in a first data network from a second data network, where there is a data transmission connection to the first data network via a gateway, the method comprising:
- performing a login by the user to the gateway with a user identifier, transmitting said user identifier from the second data network via a gateway to an authentication server, verifying the user identifier in said authentication server, sending information on a successful login to the gateway, storing information connected to the credentials in connection with the authentication server, wherein the method comprises transmitting the information connected to the credentials from the authentication server to the gateway in connection with said login, and transmitting the credentials from the gateway to said service in the first data network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, comprising storing the service-specific credentials of the user in connection with the authentication server, transmitting in connection with said login said credentials from the authentication server to the gateway, and transmitting the credentials connected to said service from the gateway to said service in the first data network.
  - 3. The method according to claim 1, comprising encrypting the service-specific credentials of the user with an encryption key, storing in the gateway the service-specific credentials stored with said encryption key, storing in connection with the authentication server at least one encryption key of service-specific information, transmitting the encryption key from the authentication server to the gateway in connection with the login, encrypting the credentials connected to said service with said decryption key in the gateway, and transmitting the credentials connected to said service from the gateway to said service in the first data network.
  - 4. The method according to claim 3, comprising using the same encryption key in encrypting the credentials of all the services of the same user.
  - 5. The method according to claim 1, comprising performing the login in the gateway, and examining said user identifier in the gateway before getting the information connected to the credentials from the authentication server.
  - 6. The method according to claim 1, comprising storing the information connected to the credentials in connection with the authentication server, protected with a user identifier, wherein the user identifier is used in establishing credentials.
  - 7. The method according to claim 1, wherein in the data transmission between the gateway and the authentication server at least one of the following protocols is used:
    - RADIUS, LDAP.

8. A system, which comprises at least a first data network and a second data network, which are connected to each other with a gateway, means for providing credentials for using a service in a first data network, means for the user to login to the gateway with a terminal by using a user identifier, means for transmitting said user identifier from the second data network via the gateway to an authentication server comprising means for verifying the user identifier, and means for sending information on a successful login to the gateway, wherein information connected to the credentials is stored in connection with the authentication server, the system further comprising means for transmitting information connected to the credentials in connection with login from the authentication server to the gateway, and means for transmitting the credentials from the gateway to said service in the first data network.
- View Dependent Claims (9, 10)
- - 9. The system according to claim 8, wherein the service-specific credentials of the user are stored in connection with the authentication server, the system further comprising means for transmitting said credentials in connection with login from the authentication server to the gateway, and means for transmitting the credentials connected to said service from the gateway to said service in the first data network.
  - 10. The system according to claim 8, wherein the service-specific credentials of the user have been encrypted with an encryption key, that the service-specific credentials stored with said encryption key have been stored in the gateway, that at least one decryption key of service-specific information is stored in connection with the authentication server, the system further comprising means for transmitting the decryption key in connection with login from the authentication server to the gateway, means for decrypting the credentials connected to said service with said decryption key in the gateway, and means for transmitting the credentials connected to said service from the gateway to said service in the first data network.

11. An authentication server to be used in a system, which comprises at least a first data network and a second data network, which are connected to each other with a gateway, means for providing credentials for using a service in the first data network, means for the user to login to the gateway with a terminal by using a user identifier, means for transmitting said user identifier from the second data network via the gateway to an authentication server, where there are means for verifying the user identifier, and means for sending information on a successful login to the gateway, wherein information connected to the credentials is stored in connection with the authentication server, the authentication server further comprising means for sending information connected to the credentials in connection with login to a gateway.
- View Dependent Claims (12, 13)
- - 12. The authentication server according to claim 11, wherein service-specific credentials of the user are stored in connection with the authentication server, wherein in connection with login, the authentication server is adapted to transmit said credentials from the authentication server to the gateway.
  - 13. The authentication server according to claim 11, wherein service-specific credentials of the user are encrypted with an encryption key and stored in connection with the gateway, wherein the authentication server is adapted to store a decryption key used in decrypting the service-specific credentials of the user in connection with the authentication server, and the authentication server is adapted to transmit said decryption key from the authentication server to the gateway in connection with login.

14. A gateway to be used in a system, which comprises at least a first data network and a second data network, which are connected to each other with said gateway;
- means for providing credentials for using a service in the first data network;
  
  means for the user to login to the gateway with a terminal by using a user identifier;
  
  means for transmitting said user identifier from the second data network via the gateway to an authentication server comprising means for verifying the user identifier; and
  
  means for sending information on a successful login to the gateway, wherein information connected to the credentials is stored in connection with the authentication server, the gateway comprising means for receiving information connected to the credentials from the authentication server in connection with login, and means for sending information connected to the credentials to said service in the first data network in connection with login.
- View Dependent Claims (15)
- - 15. The gateway according to claim 14, wherein the service-specific credentials of the user are encrypted with an encryption key and stored in connection with the gateway, the gateway comprising means for receiving the decryption key used in decrypting the service-specific credentials of the user stored in connection with the authentication server, and means for decrypting the service-specific credentials of the user with said decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Eklund, Kimmo, Lahdensivu, Kimmo

Application Number

US10/923,608
Publication Number

US 20050081066A1
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

Providing credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Providing credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others