Methods, nodes, system, computer programs and computer program products for secure user subscription or registration
First Claim
Patent Images
1. A method for secure user subscription or registration to a service at least partly enabled in a network, the network comprising a user equipment configured to perform generic bootstrapping, a network application function for providing the service, and a bootstrapping server function for storing a service profile, the service profile comprising information relating to particular details for enabling the execution of the service provided by the network application function for the user equipment, the method comprising:
- responsive to receiving a bootstrapping service request from the user equipment that comprises a user identity, sending an authentication request from the bootstrapping server function to a home subscriber system based on the user identity;
responsive to receiving the authentication request from the bootstrapping server function, retrieving the service profile at the home subscriber system based on the user identity and transmitting an authentication answer from the home subscriber system to the bootstrapping server function, the authentication answer comprising the service profile;
responsive to receiving the authentication answer from the home subscriber system, generating at the bootstrapping server function a bootstrapping transaction identifier and a privacy protected identifier that identifies the user equipment in communications between the bootstrapping server function and the network application function, and communicating the bootstrapping transaction identifier to the user equipment;
storing the service profile and the bootstrapping transaction identifier at the bootstrapping server function, wherein the stored service profile further comprises a privacy indicator;
responsive to receiving a secure application request from the user equipment that comprises the bootstrapping transaction identifier, transmitting a bootstrapping information request from the network application function to the bootstrapping server function, the bootstrapping information request comprising the bootstrapping transaction identifier;
responsive to receiving the bootstrapping information request from the network application function, generating at the bootstrapping server function a network application key for the network application function, and providing the network application key and service-related information from the stored service profile to the network application function, the service-related information required by the network application function to actually execute the service after the user equipment is at least one of authenticated and authorized for the service;
storing the network application key and the service-related information at the network application function;
completing the secure user subscription or registration to the service at the network application function based on the received network application key;
executing the service for the user equipment based on the received service-related information; and
including the privacy protected identifier in place of the user identity at the network authentication function when communicating with the bootstrapping server function.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus facilitate secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function.
14 Citations
10 Claims
-
1. A method for secure user subscription or registration to a service at least partly enabled in a network, the network comprising a user equipment configured to perform generic bootstrapping, a network application function for providing the service, and a bootstrapping server function for storing a service profile, the service profile comprising information relating to particular details for enabling the execution of the service provided by the network application function for the user equipment, the method comprising:
-
responsive to receiving a bootstrapping service request from the user equipment that comprises a user identity, sending an authentication request from the bootstrapping server function to a home subscriber system based on the user identity; responsive to receiving the authentication request from the bootstrapping server function, retrieving the service profile at the home subscriber system based on the user identity and transmitting an authentication answer from the home subscriber system to the bootstrapping server function, the authentication answer comprising the service profile; responsive to receiving the authentication answer from the home subscriber system, generating at the bootstrapping server function a bootstrapping transaction identifier and a privacy protected identifier that identifies the user equipment in communications between the bootstrapping server function and the network application function, and communicating the bootstrapping transaction identifier to the user equipment; storing the service profile and the bootstrapping transaction identifier at the bootstrapping server function, wherein the stored service profile further comprises a privacy indicator; responsive to receiving a secure application request from the user equipment that comprises the bootstrapping transaction identifier, transmitting a bootstrapping information request from the network application function to the bootstrapping server function, the bootstrapping information request comprising the bootstrapping transaction identifier; responsive to receiving the bootstrapping information request from the network application function, generating at the bootstrapping server function a network application key for the network application function, and providing the network application key and service-related information from the stored service profile to the network application function, the service-related information required by the network application function to actually execute the service after the user equipment is at least one of authenticated and authorized for the service; storing the network application key and the service-related information at the network application function; completing the secure user subscription or registration to the service at the network application function based on the received network application key; executing the service for the user equipment based on the received service-related information; and including the privacy protected identifier in place of the user identity at the network authentication function when communicating with the bootstrapping server function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTelefonaktiebolaget LM Ericsson
-
Original AssigneeTelefonaktiebolaget LM Ericsson
-
InventorsBlom, Rolf, Castellanos Zamora, David
-
Primary Examiner(s)Poltorak, Peter
-
Application NumberUS13/056,393Publication NumberTime in Patent Office1,996 DaysField of Search455/410US Class Current380/247CPC Class CodesH04L 63/06 for supporting key manageme...H04L 63/0892 by using authentication-aut...H04L 63/168 above the transport layerH04L 63/18 using different networks or...H04W 12/0431 Key distribution or pre-dis...H04W 12/06 Authentication
