METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK

US 20110258447A1
Filed: 06/14/2011
Published: 10/20/2011
Est. Priority Date: 01/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method of authentication inquiring, wherein the method is applied to a system comprising a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates an Interim Service Request Identifier (ISR-ID) to the first service entity and an Interim Authentication Check Identifier (IAC-ID) to the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity;

the method comprising;

issuing, by the first service entity, a service request to the second service entity, the service request includes the ISR-ID acquired by the first service entity in the authentication with the EAC;

searching, by the second service entity upon receiving the service request, whether there is the ISR-ID of the first service entity stored locally to identify the first service entity, if not, the second service entity sends an authentication inquiring request to the EAC and carries the ISR-ID of the first service entity and the IAC-ID of the second service entity;

generating, by the EAC upon receiving the authentication inquiring request, a derived key for the first service entity and the second service entity when it is decided that the IAC-ID is valid and the second service entity is entitled to provide the service besides the ISR-ID is valid and the first service entity is entitled to request the service;

returning, by the EAC, to the second service entity an authentication inquiring response which carries the derived key which is acquired by enciphering the shared key material of the second entity and the EAC;

acquiring, by the second service entity, the derived key from the authentication inquiring response by decrypting;

returning, by the second service entity, a service request response to the first service entity;

calculating, by the first service entity, the same derived key by using the same parameters and algorithm used by the EAC.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

74 Citations

View as Search Results

6 Claims

1. A method of authentication inquiring, wherein the method is applied to a system comprising a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates an Interim Service Request Identifier (ISR-ID) to the first service entity and an Interim Authentication Check Identifier (IAC-ID) to the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity;
- the method comprising;
  
  issuing, by the first service entity, a service request to the second service entity, the service request includes the ISR-ID acquired by the first service entity in the authentication with the EAC;
  
  searching, by the second service entity upon receiving the service request, whether there is the ISR-ID of the first service entity stored locally to identify the first service entity, if not, the second service entity sends an authentication inquiring request to the EAC and carries the ISR-ID of the first service entity and the IAC-ID of the second service entity;
  
  generating, by the EAC upon receiving the authentication inquiring request, a derived key for the first service entity and the second service entity when it is decided that the IAC-ID is valid and the second service entity is entitled to provide the service besides the ISR-ID is valid and the first service entity is entitled to request the service;
  
  returning, by the EAC, to the second service entity an authentication inquiring response which carries the derived key which is acquired by enciphering the shared key material of the second entity and the EAC;
  
  acquiring, by the second service entity, the derived key from the authentication inquiring response by decrypting;
  
  returning, by the second service entity, a service request response to the first service entity;
  
  calculating, by the first service entity, the same derived key by using the same parameters and algorithm used by the EAC.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, wherein the service request which is issued from the first service entity to the second service entity further includes a public identity (UID) of the second service entity for contacting with other service entities;
    - the authentication inquiring request which is sent from the second service entity to the EAC further carries the UID besides the ISR-ID of the first service entity and the IAC-ID of the second service entity.
  - 3. The method according to claim 2, wherein the authentication inquiring response further carries a lifetime of the key;
    - the method further comprising;
      
      associating, by the second service entity, the derived key, the lifetime, the ISR-ID of the first service entity and the UID of the second service entity and stores them in local besides acquiring the derived key from the authentication inquiring response by decrypting.

4. A system for authenticating inquiring, wherein the system comprises:
- a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates an Interim Service Request Identifier (ISR-ID) to the first service entity and an Interim Authentication Check Identifier (IAC-ID) to the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity;
  
  the first service entity is configured to issue a service request to the second service entity, the service request includes the ISR-ID acquired by the first service entity in the authentication with the EAC;
  
  the second service entity is configured to search whether there is the ISR-ID of the first service entity stored locally to identify the first service entity upon receiving the service request, if not, the second service entity sends an authentication inquiring request to the EAC and carries the ISR-ID of the first service entity and the IAC-ID of the second service entity;
  
  the EAC is configured to generate a derived key for the first service entity and the second service entity when it is decided that the IAC-ID is valid and the second service entity is entitled to provide the service besides the ISR-ID is valid and the first service entity is entitled to request the service upon receiving the authentication inquiring request;
  
  the EAC is further configured to return to the second service entity an authentication inquiring response which carries the derived key which is acquired by enciphering the shared key material of the second entity and the EAC;
  
  the second service entity is further configured to acquire the derived key from the authentication inquiring response by decrypting;
  
  the second service entity is further configured to return a service request response to the first service entity;
  
  the first service entity is further configured to calculate the same derived key by using the same parameters and algorithm used by the EAC.
- View Dependent Claims (5, 6)
- - 5. The system according to claim 4, wherein service request which is issued from the first service entity to the second service entity further includes a public identity (UID) of the second service entity for contacting with other service entities;
    - the authentication inquiring request which is sent from the second service entity to the EAC further carries the UID besides the ISR-ID of the first service entity and the IAC-ID of the second service entity.
  - 6. The system according to claim 5, wherein the authentication inquiring response further carries a lifetime of the key;
    - the second service entity is further configured to associate the derived key, the lifetime, the ISR-ID of the first service entity and the UID of the second service entity and stores them in local besides acquiring the derived key from the authentication inquiring response by decrypting.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
WEI, Jiwei, LI, Chao, FAN, Xuyan

Granted Patent

US 8,468,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0869   for achieving mutual authen...

H04L 63/205   involving negotiation or de...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links