IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0751138
(2000-12-29)
|
등록번호 |
US-7660772
(2010-04-02)
|
우선권정보 |
FI-981564(1998-07-07) |
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
35 인용 특허 :
16 |
초록
▼
The invention relates to an authentication method intended for a telecommunications network, especially for an IP network. From a terminal (TE1) in the network a first message (RR) containing an authenticator and a data unit is transmitted to the network, the data unit containing information relatin
The invention relates to an authentication method intended for a telecommunications network, especially for an IP network. From a terminal (TE1) in the network a first message (RR) containing an authenticator and a data unit is transmitted to the network, the data unit containing information relating to the manner in which the authenticator is formed. For carrying out authentication in the network, the data unit contained in the first message is used for determining a check value, which is compared with the said authenticator. To make it unnecessary for the terminal to perform any complicated and heavy exchange of messages when attaching to the network and for still obtaining the desired security characteristics for use, such an identification unit is used in the terminal which receives as input a challenge from which a response and a key can be determined essentially in the same manner as in the subscriber identity module of a known mobile communications system, a set of authentication blocks is generated into the network, of which each contains a challenge, a response, and a key, whereby the generation is performed in the same manner as in the said mobile communication system, at least some of the challenges contained by the authentication blocks are transmitted to the terminal, one of the challenges is chosen for use at the terminal, and, based on it, a response and key for use are determined with the aid of the terminal's identification unit, in the said first message (RR) the network is notified with the aid of the said data unit of which key corresponding to which challenge was chosen, and the authenticator of the first message and the said check value are determined with the aid of the chosen key.
대표청구항
▼
What is claimed is: 1. A method, comprising: generating with a computer a set of subscriber-specific authentication data blocks into a network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications syst
What is claimed is: 1. A method, comprising: generating with a computer a set of subscriber-specific authentication data blocks into a network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications system; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification device of the terminal essentially in the same way as in a subscriber identification module of the mobile communication system; determining an authenticator with an aid of the chosen key in the terminal; transmitting, from the terminal to the network, the authenticator and data, the data containing information relating to the manner in which the authentication is formed and notifying the network with the aid of the data of which key corresponding to which challenge was chosen, and a check value with the aid of the chosen key in the network; and comparing the check value with the authenticator. 2. The method as defined in claim 1, where the data is a security parameter index in the registration message of a mobile internet protocol. 3. The method as defined in claim 1, where the value of the response determined at the terminal is inserted into the data. 4. The method as defined in claim 1, where the challenges are sorted in an order at the terminal with the aid of predetermined sorting criteria and a consecutive number corresponding to the chosen challenge is inserted into the data. 5. The method as defined in claim 1, where the identification device used in the terminal is a subscriber identity module used by a global system for mobile communication system and the authentication data blocks are authentication triplets used by the global system for mobile communication system. 6. The method as defined in claim 5, where the authentication triplets are fetched from an authentication center of the global system for mobile communication system. 7. The method as defined in claim 6, where the challenges to be transmitted to the terminal are transmitted by using a short message switching service. 8. the method as defined in claim 1, where the challenges to be transmitted to the terminal are transmitted in an internet protocol datagram to be sent through an internet protocol network. 9. The method as defined in claim 1 for an internet protocol network, where the authentication data blocks are transmitted to a home agent of the terminal and with the aid of a data message the home agent is informed about which key corresponding to which challenge was chosen, where the check value is determined in the home agent. 10. A system, comprising: in a terminal of a network, a first message transmission unit that is programmed to transmit an authenticator and data to the network, the data including information relating to the manner in which the authenticator is formed; and a checking device that is programmed to determine a check value with aid of the data, where the terminal of the network comprises an identification device, which receives as input a challenge from which a response and a key are defined substantially in a same manner as in a subscriber identity module of a known mobile communications system, the system includes a generating device that is programmed to generate authentication data blocks in the same manner as in the mobile communications system, the authentication data blocks include a challenge, a response and a key, the system includes a transmission device that is programmed to transmit challenges contained by the authentication data blocks to the terminal, the terminal includes a selection device that is programmed to select one challenge for use, the first message transmission device inserts a value into the data which indicates which key corresponding to which challenge was selected for use in the terminal, and the first message transmission device determines the authenticator and the checking device determines the check value based on the selected key. 11. The system as defined in claim 10, where the identification device located in connection with the terminal is a subscriber identity module used in the mobile communications system. 12. The system as defined in claim 10, where the generating device includes an authentication center of the mobile communications system. 13. The system as defined in claim 10, where the transmission device comprises a device for carrying out a short message switching service. 14. A method, comprising: generating with a computer a set of subscriber-specific authentication data blocks, each authentication data block containing a challenge, a response and a key; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification device of the terminal; receiving an authenticator and data containing information relating to a manner in which the authenticator is formed from the terminal; determining based on said data which challenge was chosen by the terminal; and determining a check value with the key corresponding to the chosen challenge, said check value to be compared with the authenticator. 15. The method as defined in claim 14, where said data is a security parameter index in a registration message of a mobile internet protocol. 16. The method as defined in claim 14, where said data comprises the response corresponding to the chosen challenge. 17. A method, comprising: receiving with a receiver a set of challenges from a telecommunications network, where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and a key; choosing one challenge from the set of challenges; determining a response and a key based on the chosen challenge; determining an authenticator based on the key corresponding to the chosen challenge; transmitting with a transmitter said authentication and data to the telecommunications network, said data relating to the manner in which the authenticator if formed; and notifying the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator. 18. The method as defined in claim 17, where said data is a security parameter index in a registration message of a mobile internet protocol. 19. The method as defined in claim 17, where said data comprises the response corresponding to the chosen challenge. 20. An apparatus comprising: a generator that is programmed to generate a set of subscriber-specific authentication data blocks, each authentication data block containing a challenge, a response and a key; a transmitter that is programmed to transmit at least some of the challenges contained in the authentication data blocks to a terminal; a processor that is programmed to choose one of the challenges for use in the terminal, and based on the challenge, to determine a response and a key to be used with an aid of an identification device of the terminal; a receiver that is programmed to receive an authenticator and data containing information relating to a manner in which the authenticator is formed; a first determiner that is programmed to determine based on said data which challenge was chosen by the terminal; and a second determiner that is programmed to determine a check value with the key corresponding to the chosen challenge, said check value to be compared with the authenticator. 21. The apparatus as defined in claim 20, where the data is a security parameter index in a registration message of a mobile internet protocol. 22. The apparatus as defined in claim 20, where the value of the response determined at the terminal is inserted into the data. 23. The apparatus as defined in claim 20, where the challenges are sorted in an order at the terminal with the aid of predetermined sorting criteria, and a consecutive number corresponding to the chosen challenge is inserted into the data. 24. The apparatus as defined in claim 20, where the challenges to be transmitted to the terminal are transmitted in an internet protocol datagram to be sent through an internet protocol network. 25. An apparatus, comprising: a receiver that is programmed to receive a set of challenges from a telecommunications network, where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and key; a selector that is programmed to choose one challenge from the set of challenges; a first determiner that is configured to determine a response and a key based on the chosen challenge; a second determiner that is programmed to determine an authenticator based on the key corresponding to the chosen challenge; and a transmitter that is programmed to transmit said authenticator and data to the telecommunications network, said data relating to the manner in which the authenticator is formed and to notify the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator. 26. The apparatus as defined in claim 25, where the data is a security parameter index in a registration message of a mobile internet protocol. 27. The apparatus as defined in claim 25, where the value of the response determined at the terminal is inserted into the data. 28. The apparatus as defined in claim 25, where the challenges are sorted in an order at the terminal with the aid of predetermined sorting criteria, and a consecutive number corresponding to the chosen challenge is inserted into the data. 29. The apparatus as defined in claim 25, where the challenges transmitted to the terminal are transmitted by using a short message switching service. 30. The apparatus as defined in claim 25, where the challenges transmitted to the terminal are transmitted in an internet protocol datagram through an internet protocol network. 31. An apparatus, comprising: generating means for generating a set of subscriber-specific authentication data blocks into the network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications system; transmitting means for transmitting at least some of the challenges contained in the authentication data blocks to the terminal; choosing means for choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification unit device of the terminal essentially in the same way as in a subscriber identification module of the mobile communication system; determining means for determining an authenticator with an aid of the chosen key in the terminal; transmitting means for transmitting from the terminal to the network authenticator and data, the data containing information relating to the manner in which the authentication if formed and notifying the network with the aid of the data of which key corresponding to which challenge was chosen, and a check value with the aid of the chosen key in the network; and comparing means for comparing the check value with the authenticator. 32. An apparatus, comprising: receiving means for receiving a set of challenges from a telecommunications network, wherein where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and a key; choosing means for choosing one challenge from the set of challenges; determining means for determining a response and a key based on the chosen challenge; determining means for determining an authenticator based on the key corresponding to the chosen challenge; transmitting means for transmitting said authenticator and data to the telecommunications network, said data relating to the manner in which the authenticator is formed; and notifying means for notifying the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator. 33. A computer program embodied on a computer-readable medium, where execution of the computer program controls at lease one processor to perform: generating with said at lease one processor a set of subscriber-specific authentication data blocks into a network, each data block containing a challenge, a response and a key, where the generation is performed in the same manner as in a known mobile communications system; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal, and based on the challenge, determining a response and a key to be used with an aid of an identification device of the terminal substantially in the same way as in a subscriber identification module of the mobile communication system; determining an authenticator with an aid of the chosen key in the terminal; transmitting with a terminal transmitter, from the terminal to the network, the authenticator and data, the data containing information relating to the manner in which the authentication is formed and notifying the network with the aid of the data of which key corresponding to which challenge was chosen, and a check value with the aid of the chosen key in the network; and comparing the check value with the authenticator. 34. A computer program embodied on a computer-readable medium, where execution of the computer program controls at least one processor to perform: generating with said at least one processor a set of subscriber-specific authentication data blocks, each authentication data block containing a challenge, a response and a key; transmitting with a transmitter at least some of the challenges contained in the authentication data blocks to a terminal; choosing one of the challenges for use in the terminal and based on the challenge, determining a response and a key to be used with an aid of an identification of the terminal; receiving with a receiver an authenticator and data containing information relating to a manner in which the authenticator is formed from the terminal; determining based on said data which challenge was chosen by the terminal; and determining a check value with the key corresponding to the chosen challenge, said check value to be compared with the authenticator. 35. A computer program embodied on a computer-readable medium, where execution of the computer program controls at least one processor to perform: receiving with a receiver a set of challenges from a telecommunications network, where each one of the challenges is contained in an authentication data block comprising said one of said challenges, a response and key; choosing with said at least one processor one challenge from the set of challenges; determining a response and a key based on the chosen challenge; determining an authenticator based on the key corresponding to the chosen challenge; transmitting with a transmitter said authenticator and data to the telecommunications network, said data relating to the manner in which the authenticator is formed; and notifying the telecommunications network of the chosen challenge, where a check value is determined with the key corresponding to the chosen challenge and said check value is compared with the authenticator.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.