Automated negotiation and selection of authentication protocols
First Claim
1. In a system comprising a user equipment (UE), a service provider (SP) that comprises a Network Access Function (NAF), and an authentication end point (AEP) that comprises a Bootstrapping Server Function (BSF) which communicate via a network that implements a Generic Bootstrapping Architecture, a method of authenticating the UE by the AEP, comprising, at the AEP:
- receiving a request from the UE for access to a service provided by the SP;
determining one or more authentication protocols that are supported by the UE;
negotiating with the UE to select one of the authentication protocols that are acceptable to the SP and that are supported by the UE;
and authenticating the UE using the selected authentication protocol, wherein based on the received request, an association of a shared secret key may be established.
1 Assignment
0 Petitions
Accused Products
Abstract
Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA).
-
Citations
18 Claims
-
1. In a system comprising a user equipment (UE), a service provider (SP) that comprises a Network Access Function (NAF), and an authentication end point (AEP) that comprises a Bootstrapping Server Function (BSF) which communicate via a network that implements a Generic Bootstrapping Architecture, a method of authenticating the UE by the AEP, comprising, at the AEP:
- receiving a request from the UE for access to a service provided by the SP;
determining one or more authentication protocols that are supported by the UE;
negotiating with the UE to select one of the authentication protocols that are acceptable to the SP and that are supported by the UE;and authenticating the UE using the selected authentication protocol, wherein based on the received request, an association of a shared secret key may be established. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- receiving a request from the UE for access to a service provided by the SP;
-
9. In a system comprising a user equipment (UE), a service provider (SP) that comprises a Network Access Function (NAF), and an authentication end point (AEP) that comprises a Bootstrapping Server Function (BSF) which communicate via a network that implements a Generic Bootstrapping Architecture (GBA), a method of authenticating the UE by the AEP, comprising, at the SP:
- receiving a request from the UE to access a service provided by the SP;
determining one or more authentication protocols supported by the UE such that the one or more authentication protocols can be used to authenticate the UE; providing, to the AEP, information concerning authentication protocols acceptable to the SP; and receiving from the UE a signed assertion message indicating authentication of the UE in accordance with a selected authentication protocol, wherein based on the received request, an association of a shared secret key may be established.
- receiving a request from the UE to access a service provided by the SP;
-
10. In a system comprising a user equipment (UE), a service provider (SP) that comprises a Network Access Function (NAF), and an authentication end point (AEP) that comprises a Bootstrapping Server Function (BSF) which communicate via a network that implements a Generic Bootstrapping Architecture (GBA), a method of authenticating the UE, comprising, at the UE:
-
sending a request to the SP for access to a service provided by the SP; negotiating with the AEP to select one of a plurality of authentication protocols that are acceptable to the SP and that are supported by the UE, and receiving from the AEP an indication of the result of authentication of the UE in accordance with the selected authentication protocol, wherein based on the received request, an association of a shared secret key may be established. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification