[특허]Authentication in a telecommunications network

Authentication in a telecommunications network 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-017/60
출원번호	UP-0751138 (2000-12-29)
등록번호	US-7660772 (2010-04-02)
우선권정보	FI-981564(1998-07-07)
발명자 / 주소	Verkama, Markku
출원인 / 주소	Nokia Corporation
대리인 / 주소	Harrington & Smith, PC
인용정보	피인용 횟수 : 35 인용 특허 : 16

초록 ▼

The invention relates to an authentication method intended for a telecommunications network, especially for an IP network. From a terminal (TE1) in the network a first message (RR) containing an authenticator and a data unit is transmitted to the network, the data unit containing information relating to the manner in which the authenticator is formed. For carrying out authentication in the network, the data unit contained in the first message is used for determining a check value, which is compared with the said authenticator. To make it unnecessary for the terminal to perform any complicated and heavy exchange of messages when attaching to the network and for still obtaining the desired security characteristics for use, such an identification unit is used in the terminal which receives as input a challenge from which a response and a key can be determined essentially in the same manner as in the subscriber identity module of a known mobile communications system, a set of authentication blocks is generated into the network, of which each contains a challenge, a response, and a key, whereby the generation is performed in the same manner as in the said mobile communication system, at least some of the challenges contained by the authentication blocks are transmitted to the terminal, one of the challenges is chosen for use at the terminal, and, based on it, a response and key for use are determined with the aid of the terminal's identification unit, in the said first message (RR) the network is notified with the aid of the said data unit of which key corresponding to which challenge was chosen, and the authenticator of the first message and the said check value are determined with the aid of the chosen key.

대표청구항 ▼

What is claimed is: 1. A method, comprising: generating with a computer a set of subscriber-specific authentication data blocks into a network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications system; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification device of the terminal essentially in the same way as in a subscriber identification module of the mobile communication system; determining an authenticator with an aid of the chosen key in the terminal; transmitting, from the terminal to the network, the authenticator and data, the data containing information relating to the manner in which the authentication is formed and notifying the network with the aid of the data of which key corresponding to which challenge was chosen, and a check value with the aid of the chosen key in the network; and comparing the check value with the authenticator. 2. The method as defined in claim 1, where the data is a security parameter index in the registration message of a mobile internet protocol. 3. The method as defined in claim 1, where the value of the response determined at the terminal is inserted into the data. 4. The method as defined in claim 1, where the challenges are sorted in an order at the terminal with the aid of predetermined sorting criteria and a consecutive number corresponding to the chosen challenge is inserted into the data. 5. The method as defined in claim 1, where the identification device used in the terminal is a subscriber identity module used by a global system for mobile communication system and the authentication data blocks are authentication triplets used by the global system for mobile communication system. 6. The method as defined in claim 5, where the authentication triplets are fetched from an authentication center of the global system for mobile communication system. 7. The method as defined in claim 6, where the challenges to be transmitted to the terminal are transmitted by using a short message switching service. 8. the method as defined in claim 1, where the challenges to be transmitted to the terminal are transmitted in an internet protocol datagram to be sent through an internet protocol network. 9. The method as defined in claim 1 for an internet protocol network, where the authentication data blocks are transmitted to a home agent of the terminal and with the aid of a data message the home agent is informed about which key corresponding to which challenge was chosen, where the check value is determined in the home agent. 10. A system, comprising: in a terminal of a network, a first message transmission unit that is programmed to transmit an authenticator and data to the network, the data including information relating to the manner in which the authenticator is formed; and a checking device that is programmed to determine a check value with aid of the data, where the terminal of the network comprises an identification device, which receives as input a challenge from which a response and a key are defined substantially in a same manner as in a subscriber identity module of a known mobile communications system, the system includes a generating device that is programmed to generate authentication data blocks in the same manner as in the mobile communications system, the authentication data blocks include a challenge, a response and a key, the system includes a transmission device that is programmed to transmit challenges contained by the authentication data blocks to the terminal, the terminal includes a selection device that is programmed to select one challenge for use, the first message transmission device inserts a value into the data which indicates which key corresponding to which challenge was selected for use in the terminal, and the first message transmission device determines the authenticator and the checking device determines the check value based on the selected key. 11. The system as defined in claim 10, where the identification device located in connection with the terminal is a subscriber identity module used in the mobile communications system. 12. The system as defined in claim 10, where the generating device includes an authentication center of the mobile communications system. 13. The system as defined in claim 10, where the transmission device comprises a device for carrying out a short message switching service. 14. A method, comprising: generating with a computer a set of subscriber-specific authentication data blocks, each authentication data block containing a challenge, a response and a key; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification device of the terminal; receiving an authenticator and data containing information relating to a manner in which the authenticator is formed from the terminal; determining based on said data which challenge was chosen by the terminal; and determining a check value with the key corresponding to the chosen challenge, said check value to be compared with the authenticator. 15. The method as defined in claim 14, where said data is a security parameter index in a registration message of a mobile internet protocol. 16. The method as defined in claim 14, where said data comprises the response corresponding to the chosen challenge. 17. A method, comprising: receiving with a receiver a set of challenges from a telecommunications network, where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and a key; choosing one challenge from the set of challenges; determining a response and a key based on the chosen challenge; determining an authenticator based on the key corresponding to the chosen challenge; transmitting with a transmitter said authentication and data to the telecommunications network, said data relating to the manner in which the authenticator if formed; and notifying the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator. 18. The method as defined in claim 17, where said data is a security parameter index in a registration message of a mobile internet protocol. 19. The method as defined in claim 17, where said data comprises the response corresponding to the chosen challenge. 20. An apparatus comprising: a generator that is programmed to generate a set of subscriber-specific authentication data blocks, each authentication data block containing a challenge, a response and a key; a transmitter that is programmed to transmit at least some of the challenges contained in the authentication data blocks to a terminal; a processor that is programmed to choose one of the challenges for use in the terminal, and based on the challenge, to determine a response and a key to be used with an aid of an identification device of the terminal; a receiver that is programmed to receive an authenticator and data containing information relating to a manner in which the authenticator is formed; a first determiner that is programmed to determine based on said data which challenge was chosen by the terminal; and a second determiner that is programmed to determine a check value with the key corresponding to the chosen challenge, said check value to be compared with the authenticator. 21. The apparatus as defined in claim 20, where the data is a security parameter index in a registration message of a mobile internet protocol. 22. The apparatus as defined in claim 20, where the value of the response determined at the terminal is inserted into the data. 23. The apparatus as defined in claim 20, where the challenges are sorted in an order at the terminal with the aid of predetermined sorting criteria, and a consecutive number corresponding to the chosen challenge is inserted into the data. 24. The apparatus as defined in claim 20, where the challenges to be transmitted to the terminal are transmitted in an internet protocol datagram to be sent through an internet protocol network. 25. An apparatus, comprising: a receiver that is programmed to receive a set of challenges from a telecommunications network, where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and key; a selector that is programmed to choose one challenge from the set of challenges; a first determiner that is configured to determine a response and a key based on the chosen challenge; a second determiner that is programmed to determine an authenticator based on the key corresponding to the chosen challenge; and a transmitter that is programmed to transmit said authenticator and data to the telecommunications network, said data relating to the manner in which the authenticator is formed and to notify the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator. 26. The apparatus as defined in claim 25, where the data is a security parameter index in a registration message of a mobile internet protocol. 27. The apparatus as defined in claim 25, where the value of the response determined at the terminal is inserted into the data. 28. The apparatus as defined in claim 25, where the challenges are sorted in an order at the terminal with the aid of predetermined sorting criteria, and a consecutive number corresponding to the chosen challenge is inserted into the data. 29. The apparatus as defined in claim 25, where the challenges transmitted to the terminal are transmitted by using a short message switching service. 30. The apparatus as defined in claim 25, where the challenges transmitted to the terminal are transmitted in an internet protocol datagram through an internet protocol network. 31. An apparatus, comprising: generating means for generating a set of subscriber-specific authentication data blocks into the network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications system; transmitting means for transmitting at least some of the challenges contained in the authentication data blocks to the terminal; choosing means for choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification unit device of the terminal essentially in the same way as in a subscriber identification module of the mobile communication system; determining means for determining an authenticator with an aid of the chosen key in the terminal; transmitting means for transmitting from the terminal to the network authenticator and data, the data containing information relating to the manner in which the authentication if formed and notifying the network with the aid of the data of which key corresponding to which challenge was chosen, and a check value with the aid of the chosen key in the network; and comparing means for comparing the check value with the authenticator. 32. An apparatus, comprising: receiving means for receiving a set of challenges from a telecommunications network, wherein where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and a key; choosing means for choosing one challenge from the set of challenges; determining means for determining a response and a key based on the chosen challenge; determining means for determining an authenticator based on the key corresponding to the chosen challenge; transmitting means for transmitting said authenticator and data to the telecommunications network, said data relating to the manner in which the authenticator is formed; and notifying means for notifying the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator. 33. A computer program embodied on a computer-readable medium, where execution of the computer program controls at lease one processor to perform: generating with said at lease one processor a set of subscriber-specific authentication data blocks into a network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications system; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification device of the terminal substantially in the same way as in a subscriber identification module of the mobile communication system; determining an authenticator with an aid of the chosen key in the terminal; transmitting with a terminal transmitter, from the terminal to the network, the authenticator and data, the data containing information relating to the manner in which the authentication is formed and notifying the network with the aid of the data of which key corresponding to which challenge was chosen, and a check value with the aid of the chosen key in the network; and comparing the check value with the authenticator. 34. A computer program embodied on a computer-readable medium, where execution of the computer program controls at least one processor to perform: generating with said at least one processor a set of subscriber-specific authentication data blocks, each authentication data block containing a challenge, a response and a key; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal and based on the challenge, determining a response and a key to be used with an aid of an identification of the terminal; receiving with a receiver an authenticator and data containing information relating to a manner in which the authenticator is formed from the terminal; determining based on said data which challenge was chosen by the terminal; and determining a check value with the key corresponding to the chosen challenge, said check value to be compared with the authenticator. 35. A computer program embodied on a computer-readable medium, where execution of the computer program controls at least one processor to perform: receiving with a receiver a set of challenges from a telecommunications network, where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and key; choosing with said at least one processor one challenge from the set of challenges; determining a response and a key based on the chosen challenge; determining an authenticator based on the key corresponding to the chosen challenge; transmitting with a transmitter said authenticator and data to the telecommunications network, said data relating to the manner in which the authenticator is formed; and notifying the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator.

이 특허에 인용된 특허 (16)

Park, Ju-hyun, Carriage aligning apparatus for ink-jet printer and method thereof.
상세보기
Michael M. Swift ; Bharat Shah, Challenge-response authentication and key exchange for a connectionless security protocol.
상세보기
Dixon, Jr., Alfred R., Computer access authentication method.
상세보기
Scott Robert E. (Clearwater FL) Smith Richard K. (Seminole FL), Continuous authentication using an in-band or out-of-band side channel.
상세보기
Kung Kenneth C. (Cerritos CA), Distributed user authentication protocol.
상세보기
Brown Daniel Peter (Elmhurst IL) Finkelstein Louis David (Wheeling IL), Method and apparatus for authentication in a communication system.
상세보기
Brown Daniel Peter (Elmhurst IL) Finkelstein Louis David (Wheeling IL) Smolinske Jeffrey Charles (Hoffman Estates IL), Method and apparatus for efficient real-time authentication and encryption in a communication system.
상세보기
Billstrom Lars Axel,SEX, Method and apparatus for providing anonymous data transfer in a communication system.
상세보기
Chang Li-Fung ; Lipper Edward ; Lukander Pertti S. ; Noerpel Anthony Robert ; Varma Vijay Kerala, Method and system for supporting PACS using a GSM mobile switching center.
상세보기
Li Yang ; Rao D. Ramesh K. ; Subbiah Subramanian, Method of using fingerprints to authenticate wireless communications.
상세보기
Parker John Patrick,GBX, Methods and apparatus for locking communications devices.
상세보기
Jyrki Kortesalmi FI; Tapio Pelto FI, Preventing misuse of a copied subscriber identity in a mobile communication system.
상세보기
Hoffstein Jeffrey ; Kaliski ; Jr. Burton S. ; Lieman Daniel Bennett ; Robshaw Matthew John Barton ; Yin Yiqun Lisa, Secure user identification based on constrained polynomials.
상세보기
Murto Juhani, Subscriber authentication in a mobile communications system.
상세보기
Krishnaswamy, Sridhar; Elliott, Isaac K.; Reynolds, Tim E.; Forgy, Glen A.; Solbrig, Erin M., System, method and article of manufacture for a communication system architecture including video conferencing.
상세보기
Elliott,Isaac K., System, method and article of manufacture for selecting a gateway of a hybrid communication system architecture.
상세보기

이 특허를 인용한 특허 (35)

Smith, Glyn Barry, Customer to supplier funds transfer.
상세보기
Khalil, Mohamed; Muhanna, Ahmad; Akhtar, Haseeb, Diameter signaling for mobile IPv4.
상세보기
Khalil, Mohamed; Muhanna, Ahmad; Akhtar, Haseeb, Diameter signaling for mobile IPv4.
상세보기
Smith, Glyn Barry, Effecting an electronic payment.
상세보기
Bücker, Wolfgang; Gröting, Wolfgang; Kroβ, Joachim, Method for verifying the authenticity of messages exchanged according to a mobile internet protocol.
상세보기
Wang, Lei; Bao, Zhiquan, System and method for detecting and alerting risks of inputting incorrect account information in refill transactions.
상세보기
Wang, Lei; Bao, Zhiquan, System and method for detecting and alerting risks of inputting incorrect account information in refill transactions.
상세보기
Kelly, Nicholas; Sugathan, Man; Tune, James; Yong, Daniel, Systems and methods for encoded alias based transactions.
상세보기
Zsigmond, Fabio; Douer, Sion Elie; Yoshizawa, Geraldo; Wagner, Frederico, Systems and methods for scanning information from storage area contents.
상세보기
Zsigmond, Fabio; Douer, Sion Elie; Yoshizawa, Geraldo; Wagner, Frederico, Systems and methods for scanning information from storage area contents.
상세보기
Zsigmond, Fabio; Douer, Sion Elie; Yoshizawa, Geraldo; Wagner, Frederico, Systems and methods for scanning information from storage area contents.
상세보기
Zsigmond, Fabio; Douer, Sion Elie; Yoshizawa, Geraldo; Wagner, Frederico, Systems and methods for scanning information from storage area contents.
상세보기
Zsigmond, Fabio; Douer, Sion Elie; Yoshizawa, Geraldo; Wagner, Frederico, Systems and methods for scanning information from storage area contents.
상세보기
Martell, Javier; Britto, Mark, Systems and methods to accelerate transactions.
상세보기
Davis, Kurt; Baskerville, Daniel; Kingston, Jonathan Michael; Gillam, Rachel Jane; Martell, Javier, Systems and methods to add funds to an account via a mobile communication device.
상세보기
Smith, Glyn Barry, Systems and methods to facilitate electronic payments.
상세보기
Davis, Kurt; Kim, Jang; Yoo, David; Goodsall, James, Systems and methods to facilitate repeated purchases.
상세보기
Davis, Kurt; Kim, Jang; Yoo, David; Goodsall, James, Systems and methods to facilitate repeated purchases.
상세보기
Davis, Kurt; Kim, Jang; Yoo, David; Goodsall, James, Systems and methods to facilitate repeated purchases.
상세보기
Smith, Glyn Barry; Gillam, Rachel Jane; Cahill, Michael, Systems and methods to facilitate retail transactions.
상세보기
Baskerville, Daniel, Systems and methods to identify carrier information for transmission of billing messages.
상세보기
Martell, Javier Francisco, Systems and methods to process donations.
상세보기
Martell, Javier Francisco, Systems and methods to process donations.
상세보기
Yoo, David; Ringewald, Erich L.; Britto, Mark, Systems and methods to process payments via account identifiers and phone numbers.
상세보기
Smith, Glyn Barry, Systems and methods to process user initiated transactions.
상세보기
Smith, Glyn Barry, Systems and methods to provide information.
상세보기
Hirson, Ron; Yoo, David, Systems and methods to provide offers on mobile devices.
상세보기
Williams, Michael; Kingston, Jonathan Michael; Mullins, Kelly Jane, Systems and methods to restrict payment transactions.
상세보기
Smith, Glyn Barry; Hirson, Ron, Systems and methods to route messages to facilitate online transactions.
상세보기
Hirson, Ron; Niejadlik, Martine, Systems and methods to secure transactions via mobile devices.
상세보기
Kim, Jang; Hirson, Ron, Systems and methods to selectively authenticate via mobile communications.
상세보기
Kim, Jang; Hirson, Ron, Systems and methods to selectively authenticate via mobile communications.
상세보기
Ortiz, Luis M.; Lopez, Kermit D., Third-party provider method and system.
상세보기
Ortiz, Luis M.; Lopez, Kermit D., Third-party provider method and system.
상세보기
Ortiz, Luis M.; Lopez, Kermit D., Third-party provider method and system.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Authentication in a telecommunications network 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (16)

이 특허를 인용한 특허 (35)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Authentication in a telecommunications network 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (16)

이 특허를 인용한 특허 (35)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트