System, apparatus, and method for providing generic internet protocol authentication

US 7,421,732 B2
Filed: 05/05/2003
Issued: 09/02/2008
Est. Priority Date: 05/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

coupling a plurality of network protocol stacks to a generic Application Programming Interface (API) that provides access to a plurality of authentication modules, wherein each of the network protocol stacks supports a different network protocol;

receiving, via an Internet Protocol (IP) network, an authentication request at one of the network protocol stacks;

detecting an authentication mechanism associated with the received authentication request, wherein detecting the authentication mechanism is supported by the API of the authentication module;

selecting, via the API, one of the plurality of authentication modules in response to the detected authentication mechanism;

accessing, via the API, data that is required to support the authentication module; and

authenticating the request via the one network protocol stack based on the data accessed via the API.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generic Internet Protocol (IP) authentication is provided by authentication server (134). Application Programming Interface (API) (310) detects the protocol type of an incoming authentication request and invokes one of a number of authentication mechanisms (318-326) depending on the protocol type detected. A localized repository (520) is provided to store Subscriber Identity Module (SIM) information and other algorithm data as required to facilitate the authentication session.

Citations

19 Claims

1. A method comprising:
- coupling a plurality of network protocol stacks to a generic Application Programming Interface (API) that provides access to a plurality of authentication modules, wherein each of the network protocol stacks supports a different network protocol;
  
  receiving, via an Internet Protocol (IP) network, an authentication request at one of the network protocol stacks;
  
  detecting an authentication mechanism associated with the received authentication request, wherein detecting the authentication mechanism is supported by the API of the authentication module;
  
  selecting, via the API, one of the plurality of authentication modules in response to the detected authentication mechanism;
  
  accessing, via the API, data that is required to support the authentication module; and
  
  authenticating the request via the one network protocol stack based on the data accessed via the API.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the API is arranged to detect all authentication mechanisms supported by the IP network.
  - 3. The method according to claim 2, wherein the API is further arranged to invoke the authentication module to be used in support of the authentication mechanism.
  - 4. The method according to claim 1, wherein the network protocol stacks comprise at least one of a Hyper Text Transfer Protocol (HTTP) stack, a Session Initiation Protocol (SIP) stack, and a Real-Time Transport Protocol (RTP) stack.
  - 5. The method according to claim 1, further comprising:
    - configuring the authentication modules;
      
      registering the authentication modules with the API; and
      
      loading the data required to support the authentication modules.
  - 6. The method according to claim 5, wherein loading the data comprises transferring Subscriber Identification Module (SIM) information to a location that is co-located with the authentication modules.
  - 7. The method according to claim 1, further comprising:
    - adding a new authentication module to the plurality of authentication modules; and
      
      registering the new authentication module with the API via a plug-in interface.

8. An authentication system, comprising:
- a plurality of network elements each employing a different authentication protocol, each of the authentication protocols associated with one or more network protocols;
  
  an authentication server arranged to provide authentication service in response to received authentication requests from the network elements, the authentication server comprising;
  
  a plurality of network protocol stacks, wherein each of the network protocol stacks supports a different one of the network protocols;
  
  a generic Application Programming Interface (API) coupled to receive the authentication requests from the network protocol stacks; and
  
  an authentication module comprising a number of authentication mechanisms coupled to service the authentication requests via the API; and
  
  a data server comprising;
  
  a data storage device comprising secure user data; and
  
  a data interface coupled to the authentication server, wherein the data interface provides the secure user data to the authentication server to support the authentication service; and
  
  wherein the authentication service performed is selected via the API depending upon the authentication protocol employed by the requesting network element.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The authentication system according to claim 8, wherein the network elements are coupled via a common Internet Protocol stack.
  - 10. The authentication system according to claim 8, wherein the plurality of network protocol stacks include at least one of a Hyper Text Transfer Protocol (HTTP) stack, a Session Initiation Protocol (SIP) stack, and a Real-Time Transport Protocol (RTP) stack.
  - 11. The authentication system according to claim 8, wherein the data server is co-located with the authentication server.
  - 12. The authentication system according to claim 8, wherein the data server comprises an interface coupled to receive Subscriber Identity Module (SIM) data.
  - 13. The authentication system according to claim 8, wherein the data server provides a centralized repository for the SIM data.

14. A server, comprising:
- a plurality of network protocol stacks;
  
  a generic Application Programming Interface (API) coupled to the network protocol stacks;
  
  a processor; and
  
  memory coupled to the processor, the memory having instructions that cause the processor to;
  
  receive, via an Internet Protocol (IP) network, authentication requests having various authentication protocol types from the network protocol stacks;
  
  detect the various authentication protocol types, via the generic Application Programming Interface (API) coupled to the network protocol stacks;
  
  invoke an authentication mechanism depending upon the authentication protocol type of the authentication request; and
  
  access data in support of the authentication requests.
- View Dependent Claims (15, 16, 17)
- - 15. The server according to claim 14, wherein the plurality of network protocol stacks include at least one of a Hyper Text Transfer Protocol (HTTP) stack, a Session Initiation Protocol (SIP) stack, and a Real-Time Transport Protocol (RTP) stack.
  - 16. The server according to claim 14, wherein the instructions further cause the processor to transfer the data in support of the authentication into a central repository.
  - 17. The server according to claim 16, wherein the central repository is co-located with the server.

18. A computer-readable medium having instructions stored thereon which are executable by an apparatus by performing steps comprising:
- coupling a plurality of network protocol stacks of the apparatus to a generic Application Programming Interface (API) that provides access to a plurality of authentication modules, wherein each of the network protocol stacks supports a different network protocol;
  
  receiving, via an Internet Protocol (IP) network, authentication requests having various authentication protocol types from the network elements at one of the network protocol stacks;
  
  detecting the various protocol types via the API;
  
  invoking an authentication mechanism depending upon the authentication protocol type of the authentication request;
  
  accessing, via the API, data in support of the authentication of the network elements; and
  
  authenticating the request via the network protocol stack based on the data accessed via the API.

19. A terminal comprising:
- a plurality of network protocol stacks capable of receiving, via an Internet Protocol (IP) network, authentication requests having various authentication protocol types, wherein each of the network protocol stacks supports a different network protocol;
  
  a generic Application Programming Interface (API) coupled to the network protocol stacks and configured to;
  
  detect the various authentication protocol types of the authentication requests;
  
  invoke an authentication mechanism depending upon the authentication protocol type of the authentication request; and
  
  access data in support of the authentication requests; and
  
  wherein the data that is accessed in support of the authentication requests is provided to the network protocol stacks to facilitate servicing the authentication requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Costa-Requena, Jose, Hietasarka, Juha, Aholainen, Markus, Immonen, Jukka, Korhonen, Ossi, Ruutu, Jussi
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US10/429,918
Publication Number

US 20040225878A1
Time in Patent Office

1,947 Days
Field of Search

726 2- 3, 380/247, 713/168
US Class Current

726/3
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/162   at the data link layer

H04L 63/205   involving negotiation or de...

System, apparatus, and method for providing generic internet protocol authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System, apparatus, and method for providing generic internet protocol authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links