+

WO2003034681A1 - Authentication of a subscriber on a public network through redirection - Google Patents

Authentication of a subscriber on a public network through redirection Download PDF

Info

Publication number
WO2003034681A1
WO2003034681A1 PCT/CA2002/001531 CA0201531W WO03034681A1 WO 2003034681 A1 WO2003034681 A1 WO 2003034681A1 CA 0201531 W CA0201531 W CA 0201531W WO 03034681 A1 WO03034681 A1 WO 03034681A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital wireless
wireless device
authenticator
network
application provider
Prior art date
Application number
PCT/CA2002/001531
Other languages
French (fr)
Inventor
Thomas J. Mullen
Michael L. Mah Poy
David M. L. Cooper
Original Assignee
Wmode Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wmode Inc. filed Critical Wmode Inc.
Publication of WO2003034681A1 publication Critical patent/WO2003034681A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to authenticating a subscriber on a public network.
  • the present invention relates to a system for authenticating the identity of a user using a mobile device, such as a cellular phone, to log in to an application provider.
  • Digital cellular services are by nature designed to handle digital communications. Voice calls on a digital cellular network are packetised prior to transmission, and are transmitted as a series of binary representative packets. This allows digital cellular devices to interact with computers without the need for a modem. It also allows digital cellular devices to serve as digital wireless data stations.
  • So called wireless web functionality wherein cellular devices allow a user to browse a subset of internet web sites through a proxy server or directly if the web site offers wireless markup language (WML) services, are already commonly implemented.
  • WML wireless markup language
  • Numerous services, from stock pricing to sports scores are commonly offered by application providers (AP), such as wireless application service providers (WASP).
  • WASP wireless application service providers
  • interactive services such as banking transactions and stock trading can also be offered to users.
  • These services are typically accessed through a data network that relies upon the transmission of data as packets.
  • the data is transmitted in packets conforming to the standards of the transmission control protocol/internet protocol (TCP/IP) suite.
  • TCP/IP transmission control protocol/internet protocol
  • TCP/IP transmission control protocol/internet protocol
  • a gateway such as a wireless application protocol (WAP) gateway, may be employed.
  • WAP wireless application protocol
  • wireless application service providers typically require a combination of user identifier and password to identify the user and select the corresponding account information. Though transmitted over a semi-secure connection, many people's user identification and password information are easy to discern. Due to the limited interface of the majority of digital cellular devices many user identification and password combinations are very short, and thus more readily fall prey to conventional social engineering techniques, thus making illicit access to wireless ASP services easier to access than typical non- wireless systems.
  • the first of these three types of impersonation is the impersonation of one digital cellular phone by another in a data transmission.
  • the second type of impersonation is the impersonation of a digital cellular phone by a simulator on the same network as the WASP.
  • the third type of impersonation is the impersonation of a digital cellular device by an unscrupulous WASP. The first of these three impersonations is typically performed by cloning the first cellular phone with another.
  • This technique is typically foiled by the digital cellular networks using the same techniques that are applied to stop a digital cellular phone from being impersonated in the voice-based telephony environment.
  • the other two types of impersonation make it difficult for a WASP to authenticate the identity of a user in a manner that allows the proper generation of an audit trail for billing purposes.
  • impersonation from a digital cellular device introduces the problem of authentication of the identity of the user in the wireless data environment.
  • the client id of a digital cellular phone can also be falsified by a computer with access to the WASP over a network.
  • the data sent in reply, by the WASP is directed to the address of the computer that transmitted the packet, and not to a specific digital cellular phone.
  • an individual could falsify a client id field and attempt to interact with the WASP, using discerned user identification and password information, without the WASP knowing that an unauthorised access had been performed. Because it is not possible for a WASP to ensure that the user using the service is the authorised user, it is difficult to authenticate a user request in a manner that prevents the user from repudiating the transaction at a later time.
  • banking institutions are content to carry out their own authentication and billing, other financial services, or services associated with personal information, lack the infrastructure to either bill a client on a fee-per-transaction basis or obtain a non-repudiable transaction authorisation.
  • a gaming service that allows wireless online gaming and requires the ability to bill small amounts of money to a carrier billing system per session.
  • a stock monitoring service where a user does not carry out a transaction, but does require authentication of the user to protect the privacy of a user's portfolio, that would benefit from the ability to offer the same levels of security as the basic network requires.
  • each WASP creates a unique database of user identification and password information. Additionally it is impractical to get a number of digital cellular network providers to establish a trusted relationship with each WASP.
  • Authentication and non-repudiation systems should be compatible with the existing base of digital cellular devices that have data capabilities if they are to be successful, as converting the existing base of digital cellular phones to a new standard is impractical.
  • Authentication and non- repudiation systems should also be designed to minimise user interaction due to the limited input capabilities resulting from current form factors. Such systems should also be designed to require minimal processing abilities from the digital cellular phone, making complex encryption systems impractical.
  • a method of authenticating a digital wireless device having a client identifier said digital wireless device connected to a digital wireless network having a data gateway, at an authenticator, having a secure link to the digital wireless network, said authenticator connected to an application provider through a data packet protocol based connection, the method comprising the steps of receiving a request for authentication of the digital wireless device from the application provider, requesting that the digital wireless device redirect its connection through the secure link to the digital wireless network and providing the application provider with authentication of the digital wireless device when the digital wireless device forms a connection with the authenticator through the secure link to the digital wireless network.
  • the request for authentication includes the client identifier associated with the digital wireless device to be authenticated.
  • the secure link to the digital wireless network is through the data gateway of the digital wireless network and authentication is provided to the application provider when the digital wireless device identifies itself by its client id over the secure link to the digital wireless network.
  • the steps of receiving a client identification request from the application provider, requesting that the digital wireless device redirect its connection to the authenticator, determining the client identifier of the digital wireless device upon receiving the redirected connection, requesting that the digital wireless device redirect its connection to the application provider, and providing the client identifier of the digital wireless device to the authenticator occur prior to the step of receiving an authentication request.
  • a method of obtaining non-repudiable authorisation for a transaction from a' digital wireless device having a client identifier said digital wireless device connected to a digital wireless network having a data gateway, by an application provider, at an authenticator having a secure link to the digital wireless network, said authenticator connected to the application provider by a data packet protocol based connection, the method comprising the steps of receiving a request for a non-repudiable transaction from the application provider, requesting that the digital wireless device redirect its connection through the secure link to the digital wireless network, providing, upon receiving a connection from the digital wireless device through the secure link to the digital wireless network, a prompt to a user of the digital wireless device to agree to the transaction and providing a non-repudiable transaction verification to the application provider upon receiving a desired result to the prompt.
  • the request for a non-repudiable transaction includes terms of the transaction and the client identifier of the digital wireless device and the secure link to the digital wireless network is through the data gateway of the digital wireless network.
  • the prompt is provided when the digital wireless device identifies itself by its client identifier on the secure link to the digital wireless network and the prompting of the digital wireless device optionally includes the terms for the transaction and information identifying the application provider with whom the transaction is being completed.
  • the steps of providing the non-repudiable transaction verification to the digital wireless device upon receiving the desired response to the prompt and redirecting the digital wireless device to connect the digital wireless device to the application provider following the step of providing non-repudiable transaction verification are also provided.
  • a system for authenticating a digital wireless device having a client identifier and being connected to a digital wireless network, for an application provider connected to a data network that is in communication with the digital wireless device comprising an authenticator, operatively connected to the application provider over the data network, for receiving authentication requests for the digital wireless device from the application provider, for generating and transmitting redirect requests for the digital wireless device, for receiving connections from the digital wireless device over a secure link to the digital wireless network, and for transmitting to the application provider authentication of the digital wireless device when the digital wireless device connects to the authenticator over the secure link to the digital wireless network and additionally comprising a data gateway, operatively connected to the digital wireless network, the data network and the authenticator, for preventing access to the authenticator secure link to the digital wireless network.
  • the digital wireless network is connected to the data network, which is a network such as the Internet, based on a .protocol included in the transmission control protocol/internet protocol suite through the data gateway.
  • the application provider and authenticator are operatively connected by either a clearinghouse or a private network.
  • a system for obtaining non-repudiable authorisation for a transaction from a digital wireless device having a client identifier and being connected to a digital wireless network, for an application provider connected to a data network
  • said system comprising an authenticator, operatively connected to the application provider over the data network, for receiving requests for non-repudiable transactions with the digital wireless device from the application provider, for generating and transmitting redirect requests for the digital wireless device, for receiving connections from the digital wireless device over a secure link to the digital wireless network, for providing a transaction request to the digital wireless device when the digital wireless device connects to the authenticator over the secure link to the digital wireless network and for providing a non-repudiable transaction verification when the digital wireless device agrees to the transaction request and a data gateway, operatively connected to the digital wireless network, the data network and the authenticator, for preventing access to the authenticator over the secure link to the digital wireless network.
  • the request for non-repudiable transactions include the terms of the transaction, as does the transaction request provided to the digital wireless device.
  • the digital wireless network is connected to the data network, which is a network such as the Internet, based on a protocol included in the transmission control protocol/internet protocol suite through the data gateway.
  • the application provider and authenticator are operatively connected by either a clearinghouse or a private network.
  • FIG. 1 is an illustration of an exemplary system of the present invention
  • Fig. 2 is a flowchart illustrating an exemplary method of authentication according to the present invention
  • FIG. 3 is an illustration of an exemplary system of the present invention showing a malicious third party
  • Fig. 4 is a flowchart illustrating a method of providing a non-repudiable transaction according to the present invention.
  • the present invention provides a method and system for authenticating a digital wireless device at an application provider, so as to authenticate the digital wireless device and provide a non-repudiable transaction.
  • the present invention seeks to implement a system for authenticating a digital wireless device without substantially altering current systems.
  • a client id is associated with each digital wireless device, and that client id is used to authenticate the digital wireless device.
  • Impersonation of one digital wireless device by another digital wireless device on the same network is addressed using the security presently available on digital wireless networks that employ client identifiers such as electronic serial numbers or client id's and shared secret keys, or other security methods that would be known to one of skill in the art.
  • FIG. 1 illustrates the elements of a system of the present invention.
  • a digital wireless device 100 with associated client id, is connected to a digital wireless network
  • the digital wireless network includes a data gateway 104.
  • the data gateway is used to interface the digital wireless network with any system that employs a data packet communications protocol, such as a protocol in the TCP/IP suite.
  • data gateway 104 is used to attach a data client id, henceforth referred to simply as a client id, to the data packets originating from digital wireless device 100.
  • data packets originating from digital wireless device 100 have a client id attached by digital wireless device 100 itself.
  • Data gateway 104 connects digital wireless network 102 to data network 106.
  • Data network 106 is a packet based data network, that in one embodiment uses a protocol from the TCP/IP suite. In a specific embodiment, data network 106 is the Internet.
  • AP 108 is a content provider that offers services to digital wireless device 100.
  • AP 108 is connected, through data network 106, to authenticator 110.
  • Authenticator 110 is used to authenticate digital wireless device 100, and is additionally connected to data gateway 106 to receive a data connection.
  • Data gateway 106 can be implemented so as to act as a digital firewall, preventing traffic from outside of digital wireless network 102 from communicating to authenticator 110 through digital wireless network 102.
  • digital wireless network 102 can be designed so as to prevent external access to data gateway 104 and authenticator 110 except from trusted parties such as other digital wireless networks with which there are roaming agreements and parties such as AP 108.
  • the data gateway 104 can be adapted to selectively allow traffic to enter digital wireless network 102 if the traffic is from a trusted network, and optionally only if the user on the trusted network is known to data gateway 104, as any user of digital wireless network 102 would be.
  • FIG. 2 is a flowchart that illustrates the method of authentication used by the exemplary system of Figure 1.
  • AP 108 receives a request for service from digital wireless device 100.
  • the request for service includes the client id associated with digital wireless device 100.
  • AP 108 requires authentication that the reported client id is not being fraudulently reported, so it issues a request for authentication of the client id to the authenticator, through the data network in step 122.
  • Authenticator 122 receives the request for authentication, including the client id to be authenticated and in step 124 requests that digital wireless device 100 be redirected to connect to authenticator 122 directly.
  • the redirection request instructs digital wireless device 100 to connect to authenticator 110 through digital wireless network 102 using a data protocol, without transmitting over data network 106.
  • the authenticator receives a connection from digital wireless device 100 through digital wireless network 102, bypassing data network 106.
  • authenticator 110 reports a valid authentication if the incoming client id is the same as the client id reported in the request for authentication. In an alternate embodiment the client id is not included in the request for service of step 120.
  • AP 108 issues a request to authenticator 110 to identify the client id of digital wireless device 100, and redirects digital wireless device 100 to connect to authenticator 110.
  • Authenticator 110 serves as a client id provider by recognising the client id of digital wireless device 100 upon connection, and then provides the client id of digital wireless device 100 to AP 108, and redirects digital wireless device 100 to reconnect to AP 108.
  • the message to AP 108 from authenticator 110 can be transmitted directly, or can be provided by digital wireless device 100 when it reconnects to AP 108.
  • Other elements of digital wireless network 102 that are capable of associating digital wireless device 100 with its corresponding client id can be used in place of authenticator 110, such elements include data gateway 104.
  • authenticator 110 does not receive a response to the request for redirection of step 124 within a predetermined amount of time it can report to AP 108 that the authentication has failed. Alternatively, authenticator 110 will not report to AP 108 unless it has received the connection of step 126, allowing the AP to determine the amount of time permitted prior to determining that the authentication has failed. Upon failure to authenticate, authenticator 110 can re-request the redirection of step 124, or AP 108 can re-issue the request for authentication of step 122.
  • data gateway 104 is the connection point of digital wireless network 102 to all data based networks. Thus, if a fraudulent connection is attempted by a malicious third party, the attempt to connect to authenticator 110 through digital wireless network 102, in the redirect attempt, from an outside network element can be blocked.
  • Data gateway 104, and any other access points between digital wireless network 102 and data network 106, are designed to be secure, so as to allow traffic to enter digital wireless network 102 only if it originates from a trusted party such as AP 108, or other digital wireless networks with whom roaming agreements have been made. Additionally it is possible to prevent access to authenticator 110 from any party other than trusted parties as described above.
  • Figure 3 illustrates such a situation where a third party 112 is connecting to AP 108 while attempting to impersonate digital wireless device 100.
  • the method of Figure 2 will proceed through steps 120, 122 and 124 as before.
  • malicious third party 112 attempts to connect to authenticator 110, in the redirect attempt, through digital wireless network 102 instead of through data network 106 the packets destined for authenticator 110 are rejected by data gateway 104, or by other firewalls used in digital wireless network 102.
  • steps 126 and 128 are not able to occur. This causes a timeout in either authenticator 110 or AP 108, resulting in a failed authentication.
  • system and method described above are able to authenticate that the client id associated with digital wireless device 100 is only reported by digital wireless device 100.
  • AP 108 can provide service without fear of admitting the wrong party. The problems of impersonation by a malicious third party on the data network, is resolved.
  • the system of the present invention can also be used to provide non-repudiation of transactions, preventing impersonation of digital wireless device 100 by an unscrupulous AP. Without proper authentication and record keeping at the time of a transaction, a dishonest user could claim that the transaction was not conducted during the session, and thus must be a falsified transaction. Alternatively, without authentication at the time of the transaction an unscrupulous AP could impersonate a user after that user has completed a session, or could charge the user more than the amount indicated. Thus a non-repudiable transaction is required. The transaction should be non-repudiable so that neither party in the transaction can claim that the transactions was not completed, or had different terms.
  • a non- repudiable transaction allows a digital wireless network provider to collect on behalf of the AP, without fear that the transaction was not agreed to.
  • FIG. 4 is a flowchart that illustrates an exemplary method of obtaining non- repudiable transactions according to the present invention.
  • the authenticator 110 receives a request from the AP 108 for a non-repudiable transaction.
  • this request for a transaction includes the client id of digital wireless device 100, and a payment prompt that includes the terms of the payment agreement.
  • Authenticator 110 transmits a redirect request to digital wireless device 100 via AP 108 in step 132.
  • the redirection request instructs digital wireless device 100 to connect to authenticator 110 through digital wireless network 102 using a data protocol, without using data network 106.
  • Authenticator 110 receives a connection from digital wireless device 100, with a client id corresponding to the client id provided with the request for a transaction, through digital wireless network 102 in step 134.
  • authenticator 110 presents the payment prompt to digital wireless device 110, and receives a reply in step 138.
  • the authenticator redirects digital wireless device 100 to AP 108 in step 140, and provides AP 108 with the transaction result in step 142.
  • the transaction result of step 142 is typically a transaction id generated by authenticator 110 to track the billing of the transaction and the result of the transaction.
  • AP 108 is provided with a receipt to indicate that digital wireless device 100 has accepted the terms of the transaction.
  • authenticator 110 can maintain a list of authenticated transaction receipts.
  • the terms of the transaction, which are typically provided to the digital wireless device 100 in the prompt include the cost of the service which is being purchased in the transaction, and may include other information the application provider deems necessary for a transaction to be fully understood and agreed to.
  • the transaction id is provided to digital wireless device 100 prior to redirecting the connection in step 140, this provides digital wireless device 100 with a reference number identifying the transaction.
  • this provides digital wireless device 100 with a reference number identifying the transaction.
  • the requirements of the transaction the agreement of AP 108 to provide a service, the agreement of digital wireless device 100 to pay for the service, and receipts for both AP 108 and digital wireless device 100 to indicate the completion of the transaction are provided. If a third party 112, or AP 108, attempts to fraudulently complete the transaction, steps 130 and 132 would proceed as described above, but due to the setup of data gateway 104, the ability of either third party 112 or AP 108 to connect to the authenticator through digital wireless network 102 is impeded.
  • the transaction Without the ability to connect to authenticator 110 through digital wireless network 102, the transaction is unable to complete, and depending upon the configuration of the system elements, one or both of AP 108 and authenticator 110 will timeout, causing the transaction to fail. If authenticator 110 experiences a timeout, it will report a failure to authenticate the transaction to AP 108, and the transaction will not proceed.
  • a clearinghouse can be employed to connect a plurality of application providers to a plurality of authenticators.
  • Such a clearinghouse can be regarded as an element of data network 106.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A system and method for authenticating a subscriber to an application provider using the authentication services of the wireless network over which the connection is made is disclosed herein. A unique client id is provided, over a public network, by an application provider to an authenticator. The authenticator requests the digital wireless device corresponding to the unique client id be redirected to connect to a secure port of the authenticator. The secure port of the authenticator is connected to a data gateway that does not permit public access, and only permits connections from addresses originating within the wireless network to which the digital wireless device is connected. Upon receiving a connection on the secure port from the digital wireless device, the authenticator provides authentication of the digital wireless device to the application provider. A method and system for obtaining non-repudiable authorization for a billing transaction, so that charges can be placed on a network access billing system by an outside service provider, is also disclosed.

Description

AUTHENTICATION OF A SUBSCRIBER ON A PUBLIC NETWORK THROUGH REDIRECTION
FIELD OF THE INVENTION
The present invention relates to authenticating a subscriber on a public network. In particular, the present invention relates to a system for authenticating the identity of a user using a mobile device, such as a cellular phone, to log in to an application provider.
BACKGROUND OF THE INVENTION
In the field of wireless telecommunications, authentication of a user's identity is of fundamental concern. Three of the most substantial concerns regarding identity relate to whether or not the wireless device is legitimately identifying itself instead of reporting a false identification sequence, whether or not the handset is in the possession of the authorised user and generating an audit trail for billing purposes. In a purely voice-based telephony environment digital cellular phones are designed to overcome all three obstacles through the use of electronic serial numbers, or other client identification, and a shared secret key that can be used to demonstrate the authenticity of the phone to the digital cellular network.
Digital cellular services are by nature designed to handle digital communications. Voice calls on a digital cellular network are packetised prior to transmission, and are transmitted as a series of binary representative packets. This allows digital cellular devices to interact with computers without the need for a modem. It also allows digital cellular devices to serve as digital wireless data stations.
So called wireless web functionality, wherein cellular devices allow a user to browse a subset of internet web sites through a proxy server or directly if the web site offers wireless markup language (WML) services, are already commonly implemented. Numerous services, from stock pricing to sports scores are commonly offered by application providers (AP), such as wireless application service providers (WASP). Additionally interactive services, such as banking transactions and stock trading can also be offered to users. These services are typically accessed through a data network that relies upon the transmission of data as packets. In many implementations the data is transmitted in packets conforming to the standards of the transmission control protocol/internet protocol (TCP/IP) suite. To translate between the wireless protocols of the network and the wired protocols of data networks, such as the Internet, a gateway, such as a wireless application protocol (WAP) gateway, may be employed.
These wireless application service providers typically require a combination of user identifier and password to identify the user and select the corresponding account information. Though transmitted over a semi-secure connection, many people's user identification and password information are easy to discern. Due to the limited interface of the majority of digital cellular devices many user identification and password combinations are very short, and thus more readily fall prey to conventional social engineering techniques, thus making illicit access to wireless ASP services easier to access than typical non- wireless systems.
Whereas in the voice-based telephony environment there is commonly only one type of impersonation that can be perpetrated by a malicious party, in the wireless data environment there are three main types of impersonation that must be remedied. The first of these three types of impersonation is the impersonation of one digital cellular phone by another in a data transmission. The second type of impersonation is the impersonation of a digital cellular phone by a simulator on the same network as the WASP. The third type of impersonation is the impersonation of a digital cellular device by an unscrupulous WASP. The first of these three impersonations is typically performed by cloning the first cellular phone with another. This technique is typically foiled by the digital cellular networks using the same techniques that are applied to stop a digital cellular phone from being impersonated in the voice-based telephony environment. The other two types of impersonation make it difficult for a WASP to authenticate the identity of a user in a manner that allows the proper generation of an audit trail for billing purposes.
By discerning user identification and password information, it is possible to impersonate a user of a WASP from any digital cellular device. Additionally, the impersonation requires less effort than the cloning of an analogue cellular phone, as impersonation requires no specialised equipment, whereas cloning analogue cellular devices requires equipment to reprogram electrically erasable programmable read only memory (EEPROM). Thus, impersonation from a digital cellular device introduces the problem of authentication of the identity of the user in the wireless data environment.
The client id of a digital cellular phone can also be falsified by a computer with access to the WASP over a network. The data sent in reply, by the WASP, is directed to the address of the computer that transmitted the packet, and not to a specific digital cellular phone. Thus an individual could falsify a client id field and attempt to interact with the WASP, using discerned user identification and password information, without the WASP knowing that an unauthorised access had been performed. Because it is not possible for a WASP to ensure that the user using the service is the authorised user, it is difficult to authenticate a user request in a manner that prevents the user from repudiating the transaction at a later time. Due to the ability of the user to repudiate transactions, forming fee per use billing arrangements with cellular service providers is difficult. Though banking institutions are content to carry out their own authentication and billing, other financial services, or services associated with personal information, lack the infrastructure to either bill a client on a fee-per-transaction basis or obtain a non-repudiable transaction authorisation. One such example is a gaming service that allows wireless online gaming and requires the ability to bill small amounts of money to a carrier billing system per session. Another example is a stock monitoring service, where a user does not carry out a transaction, but does require authentication of the user to protect the privacy of a user's portfolio, that would benefit from the ability to offer the same levels of security as the basic network requires. Additionally, since it is impossible for a cellular service provider to ensure that an application provider is not acting in an unscrupulous manner, without a non-repudiable method of authenticating a user transaction cellular service- providers are apt to restrict access to their central billing systems.
Due to the cost of developing digital wireless networks, and network services it is impractical to propose that each WASP create a unique database of user identification and password information. Additionally it is impractical to get a number of digital cellular network providers to establish a trusted relationship with each WASP. Authentication and non-repudiation systems should be compatible with the existing base of digital cellular devices that have data capabilities if they are to be successful, as converting the existing base of digital cellular phones to a new standard is impractical. Authentication and non- repudiation systems should also be designed to minimise user interaction due to the limited input capabilities resulting from current form factors. Such systems should also be designed to require minimal processing abilities from the digital cellular phone, making complex encryption systems impractical. It is therefore desirable to provide a system and method for remote authentication of a wireless device for a service, without requiring the cumbersome step of requiring a user identification and password entry on the user interface limited input device. It is further desirable to provide a method of authorising a WASP to bill a user through the wireless cellular provider, with proof that the WASP received authorisation for the billing.
SUMMARY OF THE INVENTION
It is an object of the present invention to obviate or mitigate at least one disadvantage of the prior art.
In one aspect of the present invention there is provided a method of authenticating a digital wireless device having a client identifier, said digital wireless device connected to a digital wireless network having a data gateway, at an authenticator, having a secure link to the digital wireless network, said authenticator connected to an application provider through a data packet protocol based connection, the method comprising the steps of receiving a request for authentication of the digital wireless device from the application provider, requesting that the digital wireless device redirect its connection through the secure link to the digital wireless network and providing the application provider with authentication of the digital wireless device when the digital wireless device forms a connection with the authenticator through the secure link to the digital wireless network. In an embodiment of the present aspect of the invention the request for authentication includes the client identifier associated with the digital wireless device to be authenticated. In another embodiment of the present aspect the secure link to the digital wireless network is through the data gateway of the digital wireless network and authentication is provided to the application provider when the digital wireless device identifies itself by its client id over the secure link to the digital wireless network. In a further embodiment of the present aspect there is provided a further step of redirecting the digital wireless device to connect to the application provider following the step of providing the application provider with authentication, wherein optionally the authentication of the digital wireless device is provided to the application provider by the digital wireless device upon receiving the redirected connection. In an embodiment of the present invention the steps of receiving a client identification request from the application provider, requesting that the digital wireless device redirect its connection to the authenticator, determining the client identifier of the digital wireless device upon receiving the redirected connection, requesting that the digital wireless device redirect its connection to the application provider, and providing the client identifier of the digital wireless device to the authenticator occur prior to the step of receiving an authentication request.
In a second aspect of the present invention there is provided a method of obtaining non-repudiable authorisation for a transaction, from a' digital wireless device having a client identifier said digital wireless device connected to a digital wireless network having a data gateway, by an application provider, at an authenticator having a secure link to the digital wireless network, said authenticator connected to the application provider by a data packet protocol based connection, the method comprising the steps of receiving a request for a non-repudiable transaction from the application provider, requesting that the digital wireless device redirect its connection through the secure link to the digital wireless network, providing, upon receiving a connection from the digital wireless device through the secure link to the digital wireless network, a prompt to a user of the digital wireless device to agree to the transaction and providing a non-repudiable transaction verification to the application provider upon receiving a desired result to the prompt. In an embodiment of the present aspect of the invention the request for a non-repudiable transaction includes terms of the transaction and the client identifier of the digital wireless device and the secure link to the digital wireless network is through the data gateway of the digital wireless network. In an alternate embodiment the prompt is provided when the digital wireless device identifies itself by its client identifier on the secure link to the digital wireless network and the prompting of the digital wireless device optionally includes the terms for the transaction and information identifying the application provider with whom the transaction is being completed. In a further embodiment the steps of providing the non-repudiable transaction verification to the digital wireless device upon receiving the desired response to the prompt and redirecting the digital wireless device to connect the digital wireless device to the application provider following the step of providing non-repudiable transaction verification are also provided.
In another aspect of the present invention there is provided a system for authenticating a digital wireless device, having a client identifier and being connected to a digital wireless network, for an application provider connected to a data network that is in communication with the digital wireless device comprising an authenticator, operatively connected to the application provider over the data network, for receiving authentication requests for the digital wireless device from the application provider, for generating and transmitting redirect requests for the digital wireless device, for receiving connections from the digital wireless device over a secure link to the digital wireless network, and for transmitting to the application provider authentication of the digital wireless device when the digital wireless device connects to the authenticator over the secure link to the digital wireless network and additionally comprising a data gateway, operatively connected to the digital wireless network, the data network and the authenticator, for preventing access to the authenticator secure link to the digital wireless network. In embodiments of the third aspect of the present invention the digital wireless network is connected to the data network, which is a network such as the Internet, based on a .protocol included in the transmission control protocol/internet protocol suite through the data gateway. In presently preferred embodiments the application provider and authenticator are operatively connected by either a clearinghouse or a private network.
In a fourth aspect of the present invention there is provided a system for obtaining non-repudiable authorisation for a transaction, from a digital wireless device having a client identifier and being connected to a digital wireless network, for an application provider connected to a data network, said system comprising an authenticator, operatively connected to the application provider over the data network, for receiving requests for non-repudiable transactions with the digital wireless device from the application provider, for generating and transmitting redirect requests for the digital wireless device, for receiving connections from the digital wireless device over a secure link to the digital wireless network, for providing a transaction request to the digital wireless device when the digital wireless device connects to the authenticator over the secure link to the digital wireless network and for providing a non-repudiable transaction verification when the digital wireless device agrees to the transaction request and a data gateway, operatively connected to the digital wireless network, the data network and the authenticator, for preventing access to the authenticator over the secure link to the digital wireless network. In an embodiment of the present aspect of the invention the request for non-repudiable transactions include the terms of the transaction, as does the transaction request provided to the digital wireless device. In embodiments of the fourth aspect of the present invention the digital wireless network is connected to the data network, which is a network such as the Internet, based on a protocol included in the transmission control protocol/internet protocol suite through the data gateway. In presently preferred embodiments the application provider and authenticator are operatively connected by either a clearinghouse or a private network.
Other aspects and features of the present invention will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example only, with reference to the attached Figures, wherein: Fig. 1 is an illustration of an exemplary system of the present invention;
Fig. 2 is a flowchart illustrating an exemplary method of authentication according to the present invention;
Fig. 3 is an illustration of an exemplary system of the present invention showing a malicious third party; and Fig. 4 is a flowchart illustrating a method of providing a non-repudiable transaction according to the present invention.
DETAILED DESCRIPTION
Generally, the present invention provides a method and system for authenticating a digital wireless device at an application provider, so as to authenticate the digital wireless device and provide a non-repudiable transaction.
The present invention seeks to implement a system for authenticating a digital wireless device without substantially altering current systems. As in current systems, a client id is associated with each digital wireless device, and that client id is used to authenticate the digital wireless device. Impersonation of one digital wireless device by another digital wireless device on the same network is addressed using the security presently available on digital wireless networks that employ client identifiers such as electronic serial numbers or client id's and shared secret keys, or other security methods that would be known to one of skill in the art.
Figure 1 illustrates the elements of a system of the present invention. A digital wireless device 100, with associated client id, is connected to a digital wireless network
102. The digital wireless network includes a data gateway 104. The data gateway is used to interface the digital wireless network with any system that employs a data packet communications protocol, such as a protocol in the TCP/IP suite. In one embodiment, data gateway 104 is used to attach a data client id, henceforth referred to simply as a client id, to the data packets originating from digital wireless device 100. In an alternate embodiment, data packets originating from digital wireless device 100 have a client id attached by digital wireless device 100 itself. Data gateway 104 connects digital wireless network 102 to data network 106. Data network 106 is a packet based data network, that in one embodiment uses a protocol from the TCP/IP suite. In a specific embodiment, data network 106 is the Internet. One of the nodes of data network 106 is application provider (AP) 108. AP 108 is a content provider that offers services to digital wireless device 100. AP 108 is connected, through data network 106, to authenticator 110. Authenticator 110 is used to authenticate digital wireless device 100, and is additionally connected to data gateway 106 to receive a data connection. Data gateway 106 can be implemented so as to act as a digital firewall, preventing traffic from outside of digital wireless network 102 from communicating to authenticator 110 through digital wireless network 102. Alternatively, digital wireless network 102 can be designed so as to prevent external access to data gateway 104 and authenticator 110 except from trusted parties such as other digital wireless networks with which there are roaming agreements and parties such as AP 108. To allow users to roam on other wireless networks the data gateway 104 can be adapted to selectively allow traffic to enter digital wireless network 102 if the traffic is from a trusted network, and optionally only if the user on the trusted network is known to data gateway 104, as any user of digital wireless network 102 would be.
Figure 2 is a flowchart that illustrates the method of authentication used by the exemplary system of Figure 1. In step 120, AP 108 receives a request for service from digital wireless device 100. The request for service, in this exemplary case, includes the client id associated with digital wireless device 100. AP 108 requires authentication that the reported client id is not being fraudulently reported, so it issues a request for authentication of the client id to the authenticator, through the data network in step 122. Authenticator 122 receives the request for authentication, including the client id to be authenticated and in step 124 requests that digital wireless device 100 be redirected to connect to authenticator 122 directly. The redirection request instructs digital wireless device 100 to connect to authenticator 110 through digital wireless network 102 using a data protocol, without transmitting over data network 106. In step 126 the authenticator receives a connection from digital wireless device 100 through digital wireless network 102, bypassing data network 106. In step 128 authenticator 110 reports a valid authentication if the incoming client id is the same as the client id reported in the request for authentication. In an alternate embodiment the client id is not included in the request for service of step 120. To obtain the client id of digital wireless device 100, AP 108 issues a request to authenticator 110 to identify the client id of digital wireless device 100, and redirects digital wireless device 100 to connect to authenticator 110. Authenticator 110 serves as a client id provider by recognising the client id of digital wireless device 100 upon connection, and then provides the client id of digital wireless device 100 to AP 108, and redirects digital wireless device 100 to reconnect to AP 108. The message to AP 108 from authenticator 110 can be transmitted directly, or can be provided by digital wireless device 100 when it reconnects to AP 108. Other elements of digital wireless network 102 that are capable of associating digital wireless device 100 with its corresponding client id can be used in place of authenticator 110, such elements include data gateway 104.
If authenticator 110 does not receive a response to the request for redirection of step 124 within a predetermined amount of time it can report to AP 108 that the authentication has failed. Alternatively, authenticator 110 will not report to AP 108 unless it has received the connection of step 126, allowing the AP to determine the amount of time permitted prior to determining that the authentication has failed. Upon failure to authenticate, authenticator 110 can re-request the redirection of step 124, or AP 108 can re-issue the request for authentication of step 122.
This method of the present invention is facilitated by the setup of data gateway 104. As mentioned earlier data gateway 104 is the connection point of digital wireless network 102 to all data based networks. Thus, if a fraudulent connection is attempted by a malicious third party, the attempt to connect to authenticator 110 through digital wireless network 102, in the redirect attempt, from an outside network element can be blocked. Data gateway 104, and any other access points between digital wireless network 102 and data network 106, are designed to be secure, so as to allow traffic to enter digital wireless network 102 only if it originates from a trusted party such as AP 108, or other digital wireless networks with whom roaming agreements have been made. Additionally it is possible to prevent access to authenticator 110 from any party other than trusted parties as described above. Other methods of preventing access to authenticator 110 by parties connected to data network 106 will be evident to one of skill in the art. Figure 3 illustrates such a situation where a third party 112 is connecting to AP 108 while attempting to impersonate digital wireless device 100. The method of Figure 2 will proceed through steps 120, 122 and 124 as before. When malicious third party 112 attempts to connect to authenticator 110, in the redirect attempt, through digital wireless network 102 instead of through data network 106 the packets destined for authenticator 110 are rejected by data gateway 104, or by other firewalls used in digital wireless network 102. Thus steps 126 and 128 are not able to occur. This causes a timeout in either authenticator 110 or AP 108, resulting in a failed authentication.
In another embodiment system and method described above are able to authenticate that the client id associated with digital wireless device 100 is only reported by digital wireless device 100. Thus, AP 108 can provide service without fear of admitting the wrong party. The problems of impersonation by a malicious third party on the data network, is resolved.
The system of the present invention can also be used to provide non-repudiation of transactions, preventing impersonation of digital wireless device 100 by an unscrupulous AP. Without proper authentication and record keeping at the time of a transaction, a dishonest user could claim that the transaction was not conducted during the session, and thus must be a falsified transaction. Alternatively, without authentication at the time of the transaction an unscrupulous AP could impersonate a user after that user has completed a session, or could charge the user more than the amount indicated. Thus a non-repudiable transaction is required. The transaction should be non-repudiable so that neither party in the transaction can claim that the transactions was not completed, or had different terms. To be non-repudiable the transaction have the consent of both parties to provided terms, and should provide proof to both sides that the transaction was agreed to. A non- repudiable transaction allows a digital wireless network provider to collect on behalf of the AP, without fear that the transaction was not agreed to.
Figure 4 is a flowchart that illustrates an exemplary method of obtaining non- repudiable transactions according to the present invention. In step 130 the authenticator 110 receives a request from the AP 108 for a non-repudiable transaction. Typically this request for a transaction includes the client id of digital wireless device 100, and a payment prompt that includes the terms of the payment agreement. Authenticator 110 transmits a redirect request to digital wireless device 100 via AP 108 in step 132. The redirection request instructs digital wireless device 100 to connect to authenticator 110 through digital wireless network 102 using a data protocol, without using data network 106. Authenticator 110 receives a connection from digital wireless device 100, with a client id corresponding to the client id provided with the request for a transaction, through digital wireless network 102 in step 134. In step 136, authenticator 110 presents the payment prompt to digital wireless device 110, and receives a reply in step 138. Upon receiving the reply in step 138 the authenticator redirects digital wireless device 100 to AP 108 in step 140, and provides AP 108 with the transaction result in step 142. The transaction result of step 142 is typically a transaction id generated by authenticator 110 to track the billing of the transaction and the result of the transaction. Thus AP 108 is provided with a receipt to indicate that digital wireless device 100 has accepted the terms of the transaction. Alternatively authenticator 110 can maintain a list of authenticated transaction receipts. The terms of the transaction, which are typically provided to the digital wireless device 100 in the prompt include the cost of the service which is being purchased in the transaction, and may include other information the application provider deems necessary for a transaction to be fully understood and agreed to.
In another embodiment the transaction id is provided to digital wireless device 100 prior to redirecting the connection in step 140, this provides digital wireless device 100 with a reference number identifying the transaction. Thus the requirements of the transaction, the agreement of AP 108 to provide a service, the agreement of digital wireless device 100 to pay for the service, and receipts for both AP 108 and digital wireless device 100 to indicate the completion of the transaction are provided. If a third party 112, or AP 108, attempts to fraudulently complete the transaction, steps 130 and 132 would proceed as described above, but due to the setup of data gateway 104, the ability of either third party 112 or AP 108 to connect to the authenticator through digital wireless network 102 is impeded. Without the ability to connect to authenticator 110 through digital wireless network 102, the transaction is unable to complete, and depending upon the configuration of the system elements, one or both of AP 108 and authenticator 110 will timeout, causing the transaction to fail. If authenticator 110 experiences a timeout, it will report a failure to authenticate the transaction to AP 108, and the transaction will not proceed.
It will be evident to one of skill in the art that because there can conceivably be a number of application providers, and there are a number of digital wireless networks with associated authenticators, a clearinghouse can be employed to connect a plurality of application providers to a plurality of authenticators. Such a clearinghouse, not shown, can be regarded as an element of data network 106.
Additionally, one of skill in the art will readily appreciate that any of the communications between different elements of the system of the present invention can be carried out using encrypted channels without departing from the scope of the present invention.
The system and method described above, require no drastic changes to current digital wireless network topology, and as such provide an affordable and incremental solution. Additionally the commands to redirect a user to a different server already exist in current wireless web implementations. Due to the use of the client id as a part of the authentication it is possible for AP 108 to associate digital wireless device 100 with a particular user by default, negating the need for the user of digital wireless device 100 to key in a difficult user identification sequence.
The above-described embodiments of the present invention are intended to be examples only. Alterations, modifications and variations may be effected to the particular embodiments by those of skill in the art without departing from the scope of the invention, which is defined solely by the claims appended hereto.

Claims

What is claimed is:
1. A method of authenticating a digital wireless device having a client identifier, said digital wireless device connected to a digital wireless network having a data gateway, at an authenticator having a secure link to the digital wireless network, said authenticator connected to an application provider through a data packet protocol based connection, the method comprising the steps of: receiving a request for authentication of the digital wireless device from the application provider; requesting that the digital wireless device redirect its connection through the secure link to the digital wireless network; and providing the application provider with authentication of the digital wireless device when the digital wireless device forms a connection with the authenticator through the secure link to the digital wireless network.
2. A method, as in claim 1, wherein the request for authentication includes the client identifier associated with the digital wireless device to be authenticated.
3. A method, as in claim 1, wherein the secure link to the digital wireless network is through the data gateway of the digital wireless network.
4. A method, as in claim 1, wherein authentication is provided to the application provider when the digital wireless device identifies itself by its client id over the secure link to the digital wireless network.
5. A method, as in claim 1, further including the step of redirecting the digital wireless device to connect to the application provider following the step of providing the application provider with authentication.
6. A method, as in claim 5, wherein the authentication of the digital wireless device is provided to the application provider by the digital wireless device upon receiving the redirected connection.
7. A method, as in claim 1, further including the steps of receiving a client identification request from the application provider; requesting that the digital wireless device redirect its connection to the authenticator; determining the client identifier of the digital wireless device upon receiving the redirected connection; requesting that the digital wireless device redirect its connection to the application provider; and providing the client identifier of the digital wireless device to the application provider prior to the step of receiving an authentication request.
8. A method of obtaining non-repudiable authorisation for a transaction, from a digital wireless device having a client identifier, said digital wireless device connected to a digital wireless network having a data gateway, at an authenticator having a secure link to the digital wireless network, said authenticator connected to an application provider by a data packet protocol based connection, the method comprising the steps of: receiving a request for a non-repudiable transaction from the application provider; requesting that the digital wireless device redirect its connection to connect through the secure link to the digital wireless network; providing, upon receiving a connection from the digital wireless device through the secure link to the digital, wireless network, a prompt to a user of the digital wireless device to agree to the transaction; and providing a non-repudiable transaction verification to the application provider upon receiving a desired response to the prompt.
9. A method, as in claim 8, wherein the request for a non-repudiable transaction includes terms of the transaction and the client identifier of the digital wireless device
10. A method, as in claim 9, wherein the terms of the transaction include a cost of a service being purchased.
11. A method, as in claim 8, wherein the prompt is provided when the digital wireless device identifies itself by its client identifier over the secure link to the digital wireless network.
12. A method, as in claim 8, wherein the prompt includes terms for the transaction.
13. A method, as in claim 8, wherein the prompt includes information identifying the application provider with whom the transaction is being completed.
14. A method, as in claim 8, further comprising the step of providing the non- repudiable transaction verification to the digital wireless device.
15. A method, as in claim 8, further comprising the step of redirecting the digital wireless device to connect to the application provider following the step of providing the non-repudiable transaction verification.
16. A system for authenticating a digital wireless device, the digital wireless device having a client identifier and being connected to a digital wireless network, for an application provider, connected to a data network, that is in communication with the digital wireless device, comprising: an authenticator, operatively connected to the application provider over the data network, for receiving authentication requests for the digital wireless device from the application provider, for generating and transmitting redirect requests for the digital wireless device, for receiving connections from the digital wireless device over a secure link to the digital wireless network, and for transmitting to the application provider authentication of the digital wireless device when the digital wireless device connects to the authenticator over the secure link to the digital wireless network; and a data gateway, operatively connected to the digital wireless network, the data network and the authenticator, for preventing access to the authenticator over the secure link to the digital wireless network.
17. A system, as in claim 16, wherein the digital wireless network is connected to the data network through the data gateway.
18. A system, as in claim 16, wherein the data network implements a protocol included in the transmission control protocol/internet protocol suite.
19. A system, as in claim 16, wherein the data network is the Internet.
20. A system, as in claim 16, wherein the application provider and the authenticator are connected by a private network.
21. A system, as in claim 16, wherein the application provider and the authenticator are operatively connected by a clearinghouse.
22. A system for obtaining non-repudiable authorisation for a transaction, from a digital wireless device having a client identifier and being connected to a digital wireless network, for an application provider connected to a data network, said system comprising: an authenticator, operatively connected to the application provider over the data network, for receiving a request for a non-repudiable transaction with the digital wireless device from the application provider, for generating and transmitting redirect requests for the digital wireless device, for receiving connections from the digital wireless device over a secure link to the digital wireless network, for providing a transaction request to the digital wireless device when the digital wireless device connects to the authenticator over the secure link to the digital wireless network, and for providing a non-repudiable transaction verification when the digital wireless device agrees to the transaction request; and a data gateway, operatively connected to the digital wireless network, the data network and the authenticator, for preventing access to the authenticator over the secure link to the digital wireless network.
23. A system, as in claim 22, wherein the request for the non-repudiable transaction include the terms of the transaction.
24. A system, as in claim 23, wherein the transaction request provided to the digital wireless device includes the terms of the transaction.
25. A system, as in claim 22, wherein the digital wireless network is connected to the data network through the data gateway.
26. A system, as in claim 22, wherein the data network implements a protocol included in the transmission control protocol/internet protocol suite.
27. A system, as in claim 22, wherein the data network is the Internet.
28. A system, as in claim 22, wherein the application provider and the authenticator are operatively connected by a clearinghouse.
29. A system, as in claim 22, wherein the application provider and the authenticator are operatively connected by a private network.
PCT/CA2002/001531 2001-10-15 2002-10-11 Authentication of a subscriber on a public network through redirection WO2003034681A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CA002358801A CA2358801A1 (en) 2001-10-15 2001-10-15 Authentication and non-repudiation of a subscriber on a public network through redirection
CA2,358,801 2001-10-15

Publications (1)

Publication Number Publication Date
WO2003034681A1 true WO2003034681A1 (en) 2003-04-24

Family

ID=4170238

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2002/001531 WO2003034681A1 (en) 2001-10-15 2002-10-11 Authentication of a subscriber on a public network through redirection

Country Status (2)

Country Link
CA (1) CA2358801A1 (en)
WO (1) WO2003034681A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1936905A1 (en) * 2006-12-19 2008-06-25 Siemens Enterprise Communications GmbH & Co. KG Method for operating a VoIP terminal and VoIP terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996042041A2 (en) * 1995-06-07 1996-12-27 Open Market, Inc. Internet server access control and monitoring systems
WO2001054438A1 (en) * 2000-01-18 2001-07-26 Microinspection, Inc. Authentication method using cellular phone in internet

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996042041A2 (en) * 1995-06-07 1996-12-27 Open Market, Inc. Internet server access control and monitoring systems
WO2001054438A1 (en) * 2000-01-18 2001-07-26 Microinspection, Inc. Authentication method using cellular phone in internet

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"MeT Authorization for account based payment using a SET Wallet Server", MET MOBILE ELECTRONIC TRANSACTIONS, 21 February 2001 (2001-02-21), XP002221755 *
WRONA K ET AL: "ADAPTATION OF THE SET PROTOCOL TO MOBILE NETWORKS AND TO THE WIRELESS APPLICATION PROTOCOL", ITG FACHBERICHTE, VDE VERLAG, BERLIN, DE, no. 157, 6 October 1999 (1999-10-06), pages 193 - 198, XP008009525, ISSN: 0932-6022 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1936905A1 (en) * 2006-12-19 2008-06-25 Siemens Enterprise Communications GmbH & Co. KG Method for operating a VoIP terminal and VoIP terminal

Also Published As

Publication number Publication date
CA2358801A1 (en) 2003-04-15

Similar Documents

Publication Publication Date Title
US7142851B2 (en) Technique for secure wireless LAN access
EP3008935B1 (en) Mobile device authentication in heterogeneous communication networks scenario
JP4394682B2 (en) Apparatus and method for single sign-on authentication via untrusted access network
US8601566B2 (en) Mechanism supporting wired and wireless methods for client and server side authentication
CN100417152C (en) Distributed Network Authentication and Access Control System
RU2464729C2 (en) Method to authenticate mobile devices connected to femtocell acting according to multistation access with code channel division
CN102415119B (en) Managing undesired service requests in a network
US20020169966A1 (en) Authentication in data communication
Matsunaga et al. Secure authentication system for public WLAN roaming
US20050277434A1 (en) Access controller
US20080307517A1 (en) Method for Securely Associating Data with Http and Https Sessions
KR20090036562A (en) Method and system for controlling access to network
US20040010713A1 (en) EAP telecommunication protocol extension
CN111918284B (en) Safe communication method and system based on safe communication module
US20020165783A1 (en) Accounting in peer-to-peer data communication networks
RU2253187C2 (en) System and method for local provision of meeting specified regulations for internet service providers
CN100571461C (en) Communication system
EP1961149B1 (en) Method for securely associating data with http and https sessions
Ventura Diameter: Next generations AAA protocol
CA2356420A1 (en) Authentication and non-repudiation of a subscriber on a public network
EP3735668A1 (en) Methods for access point systems and payment systems therefor
WO2003034681A1 (en) Authentication of a subscriber on a public network through redirection
US20040152448A1 (en) Method and arrangement for authenticating terminal equipment
KR20060094453A (en) Authentication method and system for part-time service using EAP
WO2003032667A2 (en) Authentication of a wireless device using a personal identification number

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CH CN CO CR CU CZ DE DK DZ EC EE ES FI GB GD GE GH GM HR ID IL IN IS JP KE KG KP KR KZ LC LK LS LT LU LV MA MD MG MK MN MW MZ NO NZ OM PH PL PT RO RU SD SE SI SK SL TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载