CA2358732A1 - Method and system for remote authentication of a digital wireless device using a personal identification number - Google Patents
Method and system for remote authentication of a digital wireless device using a personal identification number Download PDFInfo
- Publication number
- CA2358732A1 CA2358732A1 CA002358732A CA2358732A CA2358732A1 CA 2358732 A1 CA2358732 A1 CA 2358732A1 CA 002358732 A CA002358732 A CA 002358732A CA 2358732 A CA2358732 A CA 2358732A CA 2358732 A1 CA2358732 A1 CA 2358732A1
- Authority
- CA
- Canada
- Prior art keywords
- digital wireless
- wireless device
- secret information
- register
- authenticator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A method and system for authenticating the user of a digital wireless device, such as a cellular phone, by an application provider using the home location register personal identification number, is disclosed herein. The home location register personal identification number, or another trusted personal identification number, is accessed by an authenticator at the request of the application provider and is compared to a personal identification number supplied by the user. All communications between the application provider and the authenticator are facilitated by data networking protocols.
Description
METHOD AND SYSTEM FOR REMOTE AUTHENTICATION OF A DIGITAL
WIRELESS DEVICE USING A PERSONAL IDENTIFICATION NUMBER
FIELD OF THE INVENTION
The present invention relates to authenticating a subscriber on a public network. In particular, the present invention relates to a system for authenticating the identity of a user using a mobile device, such as a cellular phone, to log in to an application provider.
BACKGROUND OF THE INVENTION
In the field of wireless telecommunications, authentication of a user's identity is of fundamental concern. Three of the most substantial concerns regarding identity relate to whether or not the wireless device is legitimately identifying itself instead of reporting a false identification sequence, whether or not the handset is in the possession of the authorised user and generating an audit trail for billing purposes.
To facilitate the solution to the second problem, and to allow user billing, each wireless device is assigned a unique wireless device identifier, which is reported to the network upon initialisation of the phone. The cellular phone service provider can check this wireless device identifier to ensure that the wireless device has not been reported stolen. Thus the assumption is made that unless reported stolen, a phone is in the hands of an authorised user, and that until reporting the phone missing the user is responsible for all charges incurred.
Digital cellular services are designed to handle digital communications. Voice calls on a digital cellular network are packetised prior to transmission, and are transmitted as a series of binary representative packets. This allows digital cellular devices to interact with computers without the need for a modem. It also allows digital cellular devices to serve as digital wireless data stations.
So called wireless web functionality, wherein cellular devices allow a user to browse a subset of Internet web sites through a proxy server or directly if the web site offers wireless mark-up language (WML) services, are already commonly implemented.
Application providers (AP), such as wireless application service providers (WASPs j, offer numerous services from stock pricing to sports scores. Additionally interactive services, such as banking transactions and stock trading can also be offered to users.
These services are typically accessed through a data network that relies upon the transmission of data as packets. In many implementations the data is transmitted in packets conforming to the standards of the transmission control protocol/internet protocol (TCP/IP) suite. To translate between the wireless protocols of the network and the wired protocols of data networks, such as the Internet, a gateway, such as a wireless application protocol (WAP) gateway, may be employed.
These wireless application service providers typically require some form of user or device identification to provide customised access and to select the corresponding account information. Each digital wireless device, such as a digital cellular telephone, can be provided a unique wireless device identifier that is used by the network to identify the device. In many instances this identifier is an electronic serial number, though when the digital wireless device is communicating with data servers it is typically an identifier uniquely associated with the electronic serial number. The wireless device identifier can be discerned by a WASP through inspection of an incoming data request, and can be falsified by a computer with access to the WASP over a network. The data sent, in reply, by the WASP, is directed to the data network address of the computer that transmitted the packet, and not to a specific digital cellular phone. Thus an individual can falsify a wireless device identifier field and attempt to interact with the WASP, using discerned identification information, without the WASP knowing that an unauthorised access had been performed.
A WASP, or other content provider, can create a user database containAng the wireless device identifier associated with each registered user. This database can associate a personal identification number (PIN) with each client id, so that a user can be recognised by the client id and still prompted for confirmation of identity. Though this provides a degree of certainty as to the identity of a user of a digital cellular device, such databases are subject to a number of data integrity and security issues as they are accessible to users of the network. Additionally, this solution creates problems for users who must manage a number of PINS for each WASP they use. This often leads users to select a single PIN for numerous services, which increases security risks for the user.
Because it is not possible for a WASP to ensure that the user using the service is the authorised user, forming fee per use billing arrangements with cellular service providers is difficult. Though banking institutions are content to carry out their own authentication and billing, other financial services, or services associated with personal information, lack the infrastructure to either bill a client on a fee-per-transaction. One such example is a gaming service that allows wireless online gaming and requires the ability to bill small amounts of money to a carrier billing system per session. Another example is a stock monitoring service, where a user does not carry out a transaction, but does require authentication of the user to protect the privacy of a user's portfolio, that would benefit from the ability to offer the same levels of security as the basic network requires.
One of the greatest challenges to an application provider (AP), such as a WASP, is obtaining a reliable authentication of the user to prove to a cellular service provider that a login was performed by a given user. Providing such a reliable authentication is essential if the AP wants to bill its subscribers through the cellular service provider's billing system.
In addition, the cellular service provider requires assurance that a valid user logged in to an AP prior to permitting the AP to submit billing requests. This assurance is needed to prevent fraudulent APs from submitting invalid requests. At the present time, no suitable method exists for providing such an assurance save for AP and cellular service provider integration.
It is, therefore, desirable to provide a method and system for a data based authentication of a user as the valid user of a digital cellular device through use of a single PIN for voice and data services.
SUMMARY OF THE INVENTION
It is an object of the present invention to obviate or mitigate at least one disadvantage of previous systems and methods for authenticating the user as the valid user of a digital wireless device.
In a first aspect, the present invention provides a method of authenticating the user of a digital wireless device at an application provider connected to an authenticator by a data network. The digital wireless device has both an associated client identifier and associated secret information. The authenticator is connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device. The method consists of receiving, from the application provider, a request for authentication of the user of a digital wireless device. The user of the digital wireless device is then requested to provide the secret information associated with the digital wireless device. The requested secret information is then compared to the secret information stored in the connected register. If the received secret information and the secret information stored in the connected register are equivalent, authentication of the user of the digital cellular device is provided to the application provider.
In an embodiment of the first aspect of the present invention, the secret information is a personal identification number. In another embodiment of the first aspect of the present invention, the register is a home location register and the personal identification number is a home location register personal identification number, while in other embodiments the register is either a visiting location register or a RADIUS server. In a further embodiment of the present invention there is included the further step of receiving a request for service containing the client identifier associated with the digital wireless device at the application provider prior to the step of receiving a request for authentication. Alternate embodiments include the steps of requesting the client identifier of the digital wireless device, and receiving the client identifier of the digital wireless device prior to the step of requesting that the user of the digital wireless device provide the secret information. In another embodiment of the present invention the request for authentication includes the client identifier of the digital wireless device.
In a further embodiment of the present invention, the secret information request and comparison are repeated, if the received secret information is not equivalent to the copy of the secret information stored in the connected register.
In a further aspect, the present invention provides a system for authenticating a user of a digital wireless device. The digital wireless device has a client identifier., and is connected to a digital wireless network having a register for storing a secret information associated with the client identifier. An application provider is connected to both the digital wireless device and a data network. The data network includes an authenticator, connected to both the register and the application provider. The authenticator includes means to receive a request for authentication of a provided client identifier from the application provider. The authenticator includes means for generating a request for a secret information, such as the home location register personal identification number or other personal identification number, from the digital wireless device associated with the provided client identifier, and means for receiving a response from the digital wireless device that contains the requested secret information. The authenticator includes means to compare the secret information to a copy of the secret information stored in the connected register. The authenticator also includes means to transmit an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent.
In embodiments of the system of the present invention, the data network, such as the Internet, uses a data protocol such as the TCP/IP suite. In further embodiments of this aspect of the present invention, the digital wireless device is connected to the application provider by the digital wireless network and the data network. In another embodiment of the present invention the authenticator is connected to the application provider by the data network. In alternate embodiments, the authenticator is connected to the register by either the data network, a connection using standard telephony protocols, or a secure private network. In yet another embodiment, the register is one of a home location register, a visiting location register or a RADIUS server. In an alternate embodiment the authenticator includes means for redirecting the digital wireless device to connect to the authenticator using only the digital wireless network, and means for redirecting the digital wireless device to reconnect to the application provider.
In a third aspect of the present invention there is provided a method of obtaining non-repudiable authorisation for a transaction from a digital wireless device, having both an associated client identifier and associated secret information by an application provider, at an authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of receiving a request for a non-repudiable transaction from the application provider, receiving a response from the digital wireless device, including the associated secret information and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device. In an embodiment of the third aspect of the present invention, the request for a non-repudiable transaction includes the terms of the transaction. In another embodiment of the third aspect of the present invention the response from the digital wireless device includes indication of the agreement to the terms of the transaction. Another embodiment of the present aspect of the invention includes the step of providing a non-repudiable transaction verification to the digital wireless device upon receiving agreement to the transaction from the digital wireless device.
WIRELESS DEVICE USING A PERSONAL IDENTIFICATION NUMBER
FIELD OF THE INVENTION
The present invention relates to authenticating a subscriber on a public network. In particular, the present invention relates to a system for authenticating the identity of a user using a mobile device, such as a cellular phone, to log in to an application provider.
BACKGROUND OF THE INVENTION
In the field of wireless telecommunications, authentication of a user's identity is of fundamental concern. Three of the most substantial concerns regarding identity relate to whether or not the wireless device is legitimately identifying itself instead of reporting a false identification sequence, whether or not the handset is in the possession of the authorised user and generating an audit trail for billing purposes.
To facilitate the solution to the second problem, and to allow user billing, each wireless device is assigned a unique wireless device identifier, which is reported to the network upon initialisation of the phone. The cellular phone service provider can check this wireless device identifier to ensure that the wireless device has not been reported stolen. Thus the assumption is made that unless reported stolen, a phone is in the hands of an authorised user, and that until reporting the phone missing the user is responsible for all charges incurred.
Digital cellular services are designed to handle digital communications. Voice calls on a digital cellular network are packetised prior to transmission, and are transmitted as a series of binary representative packets. This allows digital cellular devices to interact with computers without the need for a modem. It also allows digital cellular devices to serve as digital wireless data stations.
So called wireless web functionality, wherein cellular devices allow a user to browse a subset of Internet web sites through a proxy server or directly if the web site offers wireless mark-up language (WML) services, are already commonly implemented.
Application providers (AP), such as wireless application service providers (WASPs j, offer numerous services from stock pricing to sports scores. Additionally interactive services, such as banking transactions and stock trading can also be offered to users.
These services are typically accessed through a data network that relies upon the transmission of data as packets. In many implementations the data is transmitted in packets conforming to the standards of the transmission control protocol/internet protocol (TCP/IP) suite. To translate between the wireless protocols of the network and the wired protocols of data networks, such as the Internet, a gateway, such as a wireless application protocol (WAP) gateway, may be employed.
These wireless application service providers typically require some form of user or device identification to provide customised access and to select the corresponding account information. Each digital wireless device, such as a digital cellular telephone, can be provided a unique wireless device identifier that is used by the network to identify the device. In many instances this identifier is an electronic serial number, though when the digital wireless device is communicating with data servers it is typically an identifier uniquely associated with the electronic serial number. The wireless device identifier can be discerned by a WASP through inspection of an incoming data request, and can be falsified by a computer with access to the WASP over a network. The data sent, in reply, by the WASP, is directed to the data network address of the computer that transmitted the packet, and not to a specific digital cellular phone. Thus an individual can falsify a wireless device identifier field and attempt to interact with the WASP, using discerned identification information, without the WASP knowing that an unauthorised access had been performed.
A WASP, or other content provider, can create a user database containAng the wireless device identifier associated with each registered user. This database can associate a personal identification number (PIN) with each client id, so that a user can be recognised by the client id and still prompted for confirmation of identity. Though this provides a degree of certainty as to the identity of a user of a digital cellular device, such databases are subject to a number of data integrity and security issues as they are accessible to users of the network. Additionally, this solution creates problems for users who must manage a number of PINS for each WASP they use. This often leads users to select a single PIN for numerous services, which increases security risks for the user.
Because it is not possible for a WASP to ensure that the user using the service is the authorised user, forming fee per use billing arrangements with cellular service providers is difficult. Though banking institutions are content to carry out their own authentication and billing, other financial services, or services associated with personal information, lack the infrastructure to either bill a client on a fee-per-transaction. One such example is a gaming service that allows wireless online gaming and requires the ability to bill small amounts of money to a carrier billing system per session. Another example is a stock monitoring service, where a user does not carry out a transaction, but does require authentication of the user to protect the privacy of a user's portfolio, that would benefit from the ability to offer the same levels of security as the basic network requires.
One of the greatest challenges to an application provider (AP), such as a WASP, is obtaining a reliable authentication of the user to prove to a cellular service provider that a login was performed by a given user. Providing such a reliable authentication is essential if the AP wants to bill its subscribers through the cellular service provider's billing system.
In addition, the cellular service provider requires assurance that a valid user logged in to an AP prior to permitting the AP to submit billing requests. This assurance is needed to prevent fraudulent APs from submitting invalid requests. At the present time, no suitable method exists for providing such an assurance save for AP and cellular service provider integration.
It is, therefore, desirable to provide a method and system for a data based authentication of a user as the valid user of a digital cellular device through use of a single PIN for voice and data services.
SUMMARY OF THE INVENTION
It is an object of the present invention to obviate or mitigate at least one disadvantage of previous systems and methods for authenticating the user as the valid user of a digital wireless device.
In a first aspect, the present invention provides a method of authenticating the user of a digital wireless device at an application provider connected to an authenticator by a data network. The digital wireless device has both an associated client identifier and associated secret information. The authenticator is connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device. The method consists of receiving, from the application provider, a request for authentication of the user of a digital wireless device. The user of the digital wireless device is then requested to provide the secret information associated with the digital wireless device. The requested secret information is then compared to the secret information stored in the connected register. If the received secret information and the secret information stored in the connected register are equivalent, authentication of the user of the digital cellular device is provided to the application provider.
In an embodiment of the first aspect of the present invention, the secret information is a personal identification number. In another embodiment of the first aspect of the present invention, the register is a home location register and the personal identification number is a home location register personal identification number, while in other embodiments the register is either a visiting location register or a RADIUS server. In a further embodiment of the present invention there is included the further step of receiving a request for service containing the client identifier associated with the digital wireless device at the application provider prior to the step of receiving a request for authentication. Alternate embodiments include the steps of requesting the client identifier of the digital wireless device, and receiving the client identifier of the digital wireless device prior to the step of requesting that the user of the digital wireless device provide the secret information. In another embodiment of the present invention the request for authentication includes the client identifier of the digital wireless device.
In a further embodiment of the present invention, the secret information request and comparison are repeated, if the received secret information is not equivalent to the copy of the secret information stored in the connected register.
In a further aspect, the present invention provides a system for authenticating a user of a digital wireless device. The digital wireless device has a client identifier., and is connected to a digital wireless network having a register for storing a secret information associated with the client identifier. An application provider is connected to both the digital wireless device and a data network. The data network includes an authenticator, connected to both the register and the application provider. The authenticator includes means to receive a request for authentication of a provided client identifier from the application provider. The authenticator includes means for generating a request for a secret information, such as the home location register personal identification number or other personal identification number, from the digital wireless device associated with the provided client identifier, and means for receiving a response from the digital wireless device that contains the requested secret information. The authenticator includes means to compare the secret information to a copy of the secret information stored in the connected register. The authenticator also includes means to transmit an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent.
In embodiments of the system of the present invention, the data network, such as the Internet, uses a data protocol such as the TCP/IP suite. In further embodiments of this aspect of the present invention, the digital wireless device is connected to the application provider by the digital wireless network and the data network. In another embodiment of the present invention the authenticator is connected to the application provider by the data network. In alternate embodiments, the authenticator is connected to the register by either the data network, a connection using standard telephony protocols, or a secure private network. In yet another embodiment, the register is one of a home location register, a visiting location register or a RADIUS server. In an alternate embodiment the authenticator includes means for redirecting the digital wireless device to connect to the authenticator using only the digital wireless network, and means for redirecting the digital wireless device to reconnect to the application provider.
In a third aspect of the present invention there is provided a method of obtaining non-repudiable authorisation for a transaction from a digital wireless device, having both an associated client identifier and associated secret information by an application provider, at an authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of receiving a request for a non-repudiable transaction from the application provider, receiving a response from the digital wireless device, including the associated secret information and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device. In an embodiment of the third aspect of the present invention, the request for a non-repudiable transaction includes the terms of the transaction. In another embodiment of the third aspect of the present invention the response from the digital wireless device includes indication of the agreement to the terms of the transaction. Another embodiment of the present aspect of the invention includes the step of providing a non-repudiable transaction verification to the digital wireless device upon receiving agreement to the transaction from the digital wireless device.
Upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures, other aspects and features of the present invention will become apparent to those of skill in the art.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of f;xample only, with reference to the attached Figures, wherein:
Fig. 1 is an illustration of a prior art network connecting a cellular device on a roaming network to the HLR of its home network;
Fig. 2 is an illustration of a system of the present invention; and Fig. 3 is an illustration of a system of the present invention employing a redirected HLRPIN transmission.
DETAILED DESCRIPTION
Generally, the present invention provides a method and system for data based authentication of a user as the valid user of a digital cellular device.
1 S Currently all digital cellular service providers provide support for a home location register (HLR). The HLR is accessible to other carriers with whom the digital cellular service provider has roaming agreements. To facilitate modifying services, or sharing of accounting information for a user account, a digital cellular service provider offering roaming service to a digital wireless device can create a visiting location register (VLR) entry. Typically the visiting location register entry is populated with data from the subscriber's home HLR.
The HLR's account information details subscribed services, information regarding call-forwarding status, and other information such as a personal identification number, hereinafter referred to as the HLRPIN. The HLRPIN is commonly used to activate, or de-activate, such features as call forwarding and do not disturb, as well as to login to user voicemail and corner billing systems.
The transmission of the HLRPIN is commonly performed via a signalling system 7 (SS7) out of band transmission. One of skill in the art will appreciate the integration of the HLR in a network supporting SS7 is beneficial to the development of a wireless intelligent network.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of f;xample only, with reference to the attached Figures, wherein:
Fig. 1 is an illustration of a prior art network connecting a cellular device on a roaming network to the HLR of its home network;
Fig. 2 is an illustration of a system of the present invention; and Fig. 3 is an illustration of a system of the present invention employing a redirected HLRPIN transmission.
DETAILED DESCRIPTION
Generally, the present invention provides a method and system for data based authentication of a user as the valid user of a digital cellular device.
1 S Currently all digital cellular service providers provide support for a home location register (HLR). The HLR is accessible to other carriers with whom the digital cellular service provider has roaming agreements. To facilitate modifying services, or sharing of accounting information for a user account, a digital cellular service provider offering roaming service to a digital wireless device can create a visiting location register (VLR) entry. Typically the visiting location register entry is populated with data from the subscriber's home HLR.
The HLR's account information details subscribed services, information regarding call-forwarding status, and other information such as a personal identification number, hereinafter referred to as the HLRPIN. The HLRPIN is commonly used to activate, or de-activate, such features as call forwarding and do not disturb, as well as to login to user voicemail and corner billing systems.
The transmission of the HLRPIN is commonly performed via a signalling system 7 (SS7) out of band transmission. One of skill in the art will appreciate the integration of the HLR in a network supporting SS7 is beneficial to the development of a wireless intelligent network.
Refernng to Figure l, the current state of the art regarding transmission of the HLRPIN is shown. When a roaming user activates a supplementary feature or modifies a profile on a visiting network the request is transmitted by a digital cellular device 100 and is received by base station 102 in the roaming network 104 as an out of band transmission. This is performed out of band to minimise the bandwidth of the communication, as out of band transmission use fewer resources than an actual call based connection. The base station connects to the HLR on the cellular device's home network through the mobile switching center 106 and the visiting location register 108, to transmit the modification or supplementary service request. Included in the request is a mobile device identifier. The request is routed to the home network 110 of the digital cellular device 100. The home network 100 routes the connection request to the HLR 112.
Upon receiving the request and mobile device identifier the HLR 112 transmits to the cellular device 100 a request to provide a password, the HLRPIN. Typically the HLRPIN
is a value chosen by the user, usually four digits in length. Upon providing a valid HLRPIN
the supplementary feature is enabled, and the HLR 112 notifies the VLR 114 to update the VLR profile and also sends confirmation to the cellular device 100.
All communication, between the base station 102 and the cellular device 100, is performed in an encrypted out of band channel, while all other communication is performed using standard telephone protocols such as the ANSI-41 HLR standard.
Thus, carriers have established the HLR 112 as valid proof of identity when simple possession of digital cellular device 100 is insufficient.
Carriers already recognize the HLRPIN as a method of authenticating the user of the digital wireless device, while other means are employed to authenticate the actual digital wireless device. An HLR, storing the HLRPIN, that is accessible to an authenticator used to authenticate users in a data environment, can provide a means to authenticate a user of a digital wireless device through a data network.
Additionally other secured and trusted sources of personal identification numbers can be substituted for the HLR while remaining within the intended scope of the present invention. ~f the aforementioned three substantial concerns, the present invention seeks to obviate the problem of ensuring that a handset is in the possession of the authorised user.
Figure 2 illustrates an embodiment of the system of the present invention where the application provider is a trusted identity relative to the carrier. A digital wireless device 120, such as a digital cellular phone or other wireless device capable of data transmission, is connected to a digital wireless network 122. Digital wireless device 120 has a uniquely associated client identifier (client id). Associated with the client id is secret information such as a personal identification number (PIN). In a presently preferred embodiment the secret information is the HLRPIN. Typically, digital wireless network 122 is a digital cellular network designed to allow data transmissions to and from terminal nodes such as digital wireless device 120. Digital wireless network 122 is connected to data network 124 so as to allow connections to a variety of servers including application provider 126. The connection between digital wireless network 122 and application provider (AP) 126 uses a data packet based protocol such as a component of the TCP/IP suite of networking protocols. In one embodiment the data network, based upon TCP/IP, is the Internet. AP
126 provides data based services to digital wireless device 120 through conventional wireless data protocols. The authenticator and HLR are normally resident within the secure network of the carrier.
In order to authenticate the user of digital wireless device 120, AP 126 is connected, through data network 124 to an authenticator 130. Authenticator 130 is a series of software applications running on computer hardware designed to compare information provided by digital wireless device 120 to information stored in an attached register 138, such as an HLR in a presently preferred embodiment. Register 138 is a database application, running on computer hardware, that stores client identifiers and the personal identification number associated with each. If register 138 is an HLR, the personal identification number is the HLRPIN. Authenticator 130 can be provided with a PIN by the user of the digital wireless device, which can then be compared to a PIN
associated with the client id of the digital wireless device that is stored in the register 138. If the two values are equivalent, authenticator 130 generates an authentication message that it transmits to AP 126 containing information that the user of digital wireless device 120 has been authenticated and that service to digital wireless device 120 should be started.
Figure 2 additionally illustrates the flow of data between elements to perform the authentication. For the purpose of the following example, the register is assumed to be an HLR, and the PIN is assumed to be the HLRPIN, though it could be other registers holding personal information hosted by a digital wireless network provider, including by not limited to the visiting location register. Digital wireless device 120 is initialised on _g_ digital cellular network 122 using conventional means. Digital wireless device 1.20 then initiates a data call by connecting to data network 124, and through data network 124 to AP 126. The connection to AP 126 is initialized with a request for service 128. Typically this request for service includes the client id associated with digital wireless device 120, but if it does not, AP 126 can request the client id from digital wireless device 120 and await a reply from digital wireless device 120 prior to proceeding with the rest of the connection. Alternately AP 126 can redirect the digital wireless device 120 to authenticator 130, and request authenticator 130 to provide a client id for the digital wireless device 120. Other elements of digital wireless network 122 could be used in place of authenticator 130, so long as the element is accessible to AP 126 and is capable of identifying the client id of digital wireless device 120.
Upon receiving the client id, typically upon receipt of the request for service 128, AP 126 connects to authenticator 130 through data network 124, and requests authentication of the digital wireless device based upon the provided client id 132.
Authenticator 130 responds by transmitting an prompt for the HLRPIN 134 to AP
126.
The AP 126 transmits the prompt 134 to the digital cellular device 120 through data network 124 and digital wireless device 122. In response to the prompt for the HLRPIN
134, the user of digital wireless device 120 inputs the requested HLRPIN. The HLRPIN
forms the authentication response 136 which digital wireless device 120 transmits to AP
126 through digital wireless network 122 and data network 124. AP 126 transmits the received response 136 to authenticator 130. Authenticator 130 compares the received response 136, which contains the HLRPIN, to an HLRPIN provided by the HLR 138.
After transmitting the authentication prompt to AP 126, authenticator 130 requests the HLRPIN 140 associated with the client id, from the HLR 138. The HLR 138 replies to the authenticator 130 with its copy of the shared the HLRPIN 144.
Communications between the HLR 138 and the authenticator 130 can use standard telephony protocols, or in a presently preferred embodiment can use data communication protocols, such as TCP/IP. When the response 136, containing the user input HLRPIN, arnves from digital wireless device 120, the authenticator 130 compares the two copies of the HLRPIN. If the two copies are equivalent then a message is transmitted to the AP 126 containing information about the successful authentication 144. AP 126 then can begin service 146 to the digital wireless device 120. If an incorrect HLRPIN is supplied, the authenticator 130 can inform AP 126 that an invalid login was attempted, and service can be denied by AP
126. Alternatively, authenticator 130 can repeat the request for the HLRPIN.
Figure 3 illustrates a further embodiment of the present invention where the application provider is not a hwsted entity to the carrier. The secret information, such as the HLRPIN, is provided by the user of digital wireless device 120 to authenticator 130 through digital wireless network 122, bypassing data network 124 and AP 126.
This is done to prevent AP 126 from gaining access to the HLRPIN. The method operates in a similar manner to that illustrated in Figure 2, but after authenticator 130 receives authentication request 132, redirection instructions for the digital wireless device 120 are transmitted. Redirect 148 requests that digital wireless device 120 connect through digital wireless network 122 and directly into authenticator 130. Upon receiving a cormection from digital wireless device 120 authenticator 130 issues a prompt for the HLRPIN 152.
Prompt 152 can be presented directly by authenticator 130, and can contain additional requests for personal information or other identifiers from the user, if desired. Response 136, including the HLRPIN, is then transmitted to authenticator 136. Upon receiving , response 136, authenticator 130 redirects digital wireless device 120 to AP
126; as shown by flow 154. Digital wireless device 120 reconnects to AP 126, as shown by flow 156, and the rest of the method of Figure 2 is used to authenticate the HLRPIN and report the results to AP 126. Response 136 can be transmitted through an internal secure network.
In an alternate embodiment, push technology can be used to redirect the digital wireless device 120 to the authenticator 130. Upon receiving a request to authenticate the digital wireless device 120 from AP 126, authenticator 130 pushes a prompt to the digital wireless device 120, and receives a reply, at which point it informs AP of the authentication results.
It will be apparent to one of skill in the art that the connection between digital wireless network 122 and authenticator 130 can use a direct link using standard telephony based data protocols, or can use a data packet protocol, or be managed directly through data network 124. Those of skill in the art will appreciate that a variety of encryption methods can be used, and are fully contemplated by the present invention.
These include encryption of the HLRPIN to provide security against eavesdropping or detection of the HLRPIN by a third party or by AP 126.
Additionally a clearinghouse can be employed to connect a plurality of application providers to a plurality of authenticators, particularly where there are a number of application providers, and a number of digital wireless networks with associated authenticators. Such a clearinghouse, not shown, can be regarded as an element of the data network 124.
In present wireless infrastructures, a VLR is populated with the account information for a roaming user that is traditionally stored in the HLR. Thus, while roaming, the user of a digital wireless device can be authenticated by the authenticator of the roaming network using the information in the VLR, instead of being authenticated by the authenticator of the home network using the HLR. In embodiments with clearinghouses as elements of data network 124, authentication can be redirected to the home network. Preferably, such redirection will occur over a secure inter-carrier network.
It will be evident to one of skill in the art that the register, which in a presently preferred embodiment is an HLR, is fulfilling the role of an secure database used to store and protect user identification and password information. As a result it would be possible to substitute a number of similar systems in the place of the register without departing from the scope of the present invention. One such possible substitution would be to replace the register with a RADIUS server.
The present invention permits authentication of a digital wireless device in both the telephony domain, using dual tone multiple frequency (DTMF) signals and SS7 transmission standards, and the data networking domain, using data packets and such standard protocols as those in the TCP/IP suite, using a single HLRPIN. The acceptance of the HLRPIN as a method of authenticating the user can allow application providers to authenticate the user of a digital wireless device with carrier grade security. Because carriers are unwilling to allow application providers to bill users through carrier billing systems without a sufficient level of security, earner grade security in the authentication of the user can remove an obstacle to allowing carrier billing for application provider services on a fee per use basis. The cost of implementation is limited to a one time modification of the manner in which pre-existing HLRs interact within the network, and the manner in which authenticators interact with external networks.
The present invention can also be used to provide non-repudiation for transactions.
A prompt can be provided to digital wireless device 120 when a transaction is initiated by AP 126. The transaction can be approved by entering the HLRPIN, which is then authenticated by authenticator 130. Alternatively, a payment prompt can be provided to authenticator 130 and the digital wireless device 120 can be redirected to connect to authenticator 130 directly, whereupon it receives the transaction prompt and reply with the HLRPIN as above. The redirection of the authentication can be effected by means similar to those used for authentication as illustrated in Figure 3.
The system and method described above, require no drastic changes to current digital wireless network topology, and as such provide an affordable and incremental solution. Additionally the present invention provides a method of authenticating the user of a digital wireless device 100 at an application provider 108, without requiring the application provider 108 to maintain a database of user identification and password information. Additionally it provides the user of a digital wireless device 100 with the ability to access the services of numerous application providers with the same secret information used to verify identity. Due to the use of the client id as a part of the authentication it is possible for AP 108 to associate digital wireless device 100 with a particular user by default, negating the need for the user of digital wireless device 100 to key in a difficult user identification sequence.
The above-described embodiments of the present invention are intended to be examples only. Alterations, modifications and variations may be effected to the particular embodiments by those of skill in the art without departing from the scope of the invention, which is defined solely by the claims appended hereto.
Upon receiving the request and mobile device identifier the HLR 112 transmits to the cellular device 100 a request to provide a password, the HLRPIN. Typically the HLRPIN
is a value chosen by the user, usually four digits in length. Upon providing a valid HLRPIN
the supplementary feature is enabled, and the HLR 112 notifies the VLR 114 to update the VLR profile and also sends confirmation to the cellular device 100.
All communication, between the base station 102 and the cellular device 100, is performed in an encrypted out of band channel, while all other communication is performed using standard telephone protocols such as the ANSI-41 HLR standard.
Thus, carriers have established the HLR 112 as valid proof of identity when simple possession of digital cellular device 100 is insufficient.
Carriers already recognize the HLRPIN as a method of authenticating the user of the digital wireless device, while other means are employed to authenticate the actual digital wireless device. An HLR, storing the HLRPIN, that is accessible to an authenticator used to authenticate users in a data environment, can provide a means to authenticate a user of a digital wireless device through a data network.
Additionally other secured and trusted sources of personal identification numbers can be substituted for the HLR while remaining within the intended scope of the present invention. ~f the aforementioned three substantial concerns, the present invention seeks to obviate the problem of ensuring that a handset is in the possession of the authorised user.
Figure 2 illustrates an embodiment of the system of the present invention where the application provider is a trusted identity relative to the carrier. A digital wireless device 120, such as a digital cellular phone or other wireless device capable of data transmission, is connected to a digital wireless network 122. Digital wireless device 120 has a uniquely associated client identifier (client id). Associated with the client id is secret information such as a personal identification number (PIN). In a presently preferred embodiment the secret information is the HLRPIN. Typically, digital wireless network 122 is a digital cellular network designed to allow data transmissions to and from terminal nodes such as digital wireless device 120. Digital wireless network 122 is connected to data network 124 so as to allow connections to a variety of servers including application provider 126. The connection between digital wireless network 122 and application provider (AP) 126 uses a data packet based protocol such as a component of the TCP/IP suite of networking protocols. In one embodiment the data network, based upon TCP/IP, is the Internet. AP
126 provides data based services to digital wireless device 120 through conventional wireless data protocols. The authenticator and HLR are normally resident within the secure network of the carrier.
In order to authenticate the user of digital wireless device 120, AP 126 is connected, through data network 124 to an authenticator 130. Authenticator 130 is a series of software applications running on computer hardware designed to compare information provided by digital wireless device 120 to information stored in an attached register 138, such as an HLR in a presently preferred embodiment. Register 138 is a database application, running on computer hardware, that stores client identifiers and the personal identification number associated with each. If register 138 is an HLR, the personal identification number is the HLRPIN. Authenticator 130 can be provided with a PIN by the user of the digital wireless device, which can then be compared to a PIN
associated with the client id of the digital wireless device that is stored in the register 138. If the two values are equivalent, authenticator 130 generates an authentication message that it transmits to AP 126 containing information that the user of digital wireless device 120 has been authenticated and that service to digital wireless device 120 should be started.
Figure 2 additionally illustrates the flow of data between elements to perform the authentication. For the purpose of the following example, the register is assumed to be an HLR, and the PIN is assumed to be the HLRPIN, though it could be other registers holding personal information hosted by a digital wireless network provider, including by not limited to the visiting location register. Digital wireless device 120 is initialised on _g_ digital cellular network 122 using conventional means. Digital wireless device 1.20 then initiates a data call by connecting to data network 124, and through data network 124 to AP 126. The connection to AP 126 is initialized with a request for service 128. Typically this request for service includes the client id associated with digital wireless device 120, but if it does not, AP 126 can request the client id from digital wireless device 120 and await a reply from digital wireless device 120 prior to proceeding with the rest of the connection. Alternately AP 126 can redirect the digital wireless device 120 to authenticator 130, and request authenticator 130 to provide a client id for the digital wireless device 120. Other elements of digital wireless network 122 could be used in place of authenticator 130, so long as the element is accessible to AP 126 and is capable of identifying the client id of digital wireless device 120.
Upon receiving the client id, typically upon receipt of the request for service 128, AP 126 connects to authenticator 130 through data network 124, and requests authentication of the digital wireless device based upon the provided client id 132.
Authenticator 130 responds by transmitting an prompt for the HLRPIN 134 to AP
126.
The AP 126 transmits the prompt 134 to the digital cellular device 120 through data network 124 and digital wireless device 122. In response to the prompt for the HLRPIN
134, the user of digital wireless device 120 inputs the requested HLRPIN. The HLRPIN
forms the authentication response 136 which digital wireless device 120 transmits to AP
126 through digital wireless network 122 and data network 124. AP 126 transmits the received response 136 to authenticator 130. Authenticator 130 compares the received response 136, which contains the HLRPIN, to an HLRPIN provided by the HLR 138.
After transmitting the authentication prompt to AP 126, authenticator 130 requests the HLRPIN 140 associated with the client id, from the HLR 138. The HLR 138 replies to the authenticator 130 with its copy of the shared the HLRPIN 144.
Communications between the HLR 138 and the authenticator 130 can use standard telephony protocols, or in a presently preferred embodiment can use data communication protocols, such as TCP/IP. When the response 136, containing the user input HLRPIN, arnves from digital wireless device 120, the authenticator 130 compares the two copies of the HLRPIN. If the two copies are equivalent then a message is transmitted to the AP 126 containing information about the successful authentication 144. AP 126 then can begin service 146 to the digital wireless device 120. If an incorrect HLRPIN is supplied, the authenticator 130 can inform AP 126 that an invalid login was attempted, and service can be denied by AP
126. Alternatively, authenticator 130 can repeat the request for the HLRPIN.
Figure 3 illustrates a further embodiment of the present invention where the application provider is not a hwsted entity to the carrier. The secret information, such as the HLRPIN, is provided by the user of digital wireless device 120 to authenticator 130 through digital wireless network 122, bypassing data network 124 and AP 126.
This is done to prevent AP 126 from gaining access to the HLRPIN. The method operates in a similar manner to that illustrated in Figure 2, but after authenticator 130 receives authentication request 132, redirection instructions for the digital wireless device 120 are transmitted. Redirect 148 requests that digital wireless device 120 connect through digital wireless network 122 and directly into authenticator 130. Upon receiving a cormection from digital wireless device 120 authenticator 130 issues a prompt for the HLRPIN 152.
Prompt 152 can be presented directly by authenticator 130, and can contain additional requests for personal information or other identifiers from the user, if desired. Response 136, including the HLRPIN, is then transmitted to authenticator 136. Upon receiving , response 136, authenticator 130 redirects digital wireless device 120 to AP
126; as shown by flow 154. Digital wireless device 120 reconnects to AP 126, as shown by flow 156, and the rest of the method of Figure 2 is used to authenticate the HLRPIN and report the results to AP 126. Response 136 can be transmitted through an internal secure network.
In an alternate embodiment, push technology can be used to redirect the digital wireless device 120 to the authenticator 130. Upon receiving a request to authenticate the digital wireless device 120 from AP 126, authenticator 130 pushes a prompt to the digital wireless device 120, and receives a reply, at which point it informs AP of the authentication results.
It will be apparent to one of skill in the art that the connection between digital wireless network 122 and authenticator 130 can use a direct link using standard telephony based data protocols, or can use a data packet protocol, or be managed directly through data network 124. Those of skill in the art will appreciate that a variety of encryption methods can be used, and are fully contemplated by the present invention.
These include encryption of the HLRPIN to provide security against eavesdropping or detection of the HLRPIN by a third party or by AP 126.
Additionally a clearinghouse can be employed to connect a plurality of application providers to a plurality of authenticators, particularly where there are a number of application providers, and a number of digital wireless networks with associated authenticators. Such a clearinghouse, not shown, can be regarded as an element of the data network 124.
In present wireless infrastructures, a VLR is populated with the account information for a roaming user that is traditionally stored in the HLR. Thus, while roaming, the user of a digital wireless device can be authenticated by the authenticator of the roaming network using the information in the VLR, instead of being authenticated by the authenticator of the home network using the HLR. In embodiments with clearinghouses as elements of data network 124, authentication can be redirected to the home network. Preferably, such redirection will occur over a secure inter-carrier network.
It will be evident to one of skill in the art that the register, which in a presently preferred embodiment is an HLR, is fulfilling the role of an secure database used to store and protect user identification and password information. As a result it would be possible to substitute a number of similar systems in the place of the register without departing from the scope of the present invention. One such possible substitution would be to replace the register with a RADIUS server.
The present invention permits authentication of a digital wireless device in both the telephony domain, using dual tone multiple frequency (DTMF) signals and SS7 transmission standards, and the data networking domain, using data packets and such standard protocols as those in the TCP/IP suite, using a single HLRPIN. The acceptance of the HLRPIN as a method of authenticating the user can allow application providers to authenticate the user of a digital wireless device with carrier grade security. Because carriers are unwilling to allow application providers to bill users through carrier billing systems without a sufficient level of security, earner grade security in the authentication of the user can remove an obstacle to allowing carrier billing for application provider services on a fee per use basis. The cost of implementation is limited to a one time modification of the manner in which pre-existing HLRs interact within the network, and the manner in which authenticators interact with external networks.
The present invention can also be used to provide non-repudiation for transactions.
A prompt can be provided to digital wireless device 120 when a transaction is initiated by AP 126. The transaction can be approved by entering the HLRPIN, which is then authenticated by authenticator 130. Alternatively, a payment prompt can be provided to authenticator 130 and the digital wireless device 120 can be redirected to connect to authenticator 130 directly, whereupon it receives the transaction prompt and reply with the HLRPIN as above. The redirection of the authentication can be effected by means similar to those used for authentication as illustrated in Figure 3.
The system and method described above, require no drastic changes to current digital wireless network topology, and as such provide an affordable and incremental solution. Additionally the present invention provides a method of authenticating the user of a digital wireless device 100 at an application provider 108, without requiring the application provider 108 to maintain a database of user identification and password information. Additionally it provides the user of a digital wireless device 100 with the ability to access the services of numerous application providers with the same secret information used to verify identity. Due to the use of the client id as a part of the authentication it is possible for AP 108 to associate digital wireless device 100 with a particular user by default, negating the need for the user of digital wireless device 100 to key in a difficult user identification sequence.
The above-described embodiments of the present invention are intended to be examples only. Alterations, modifications and variations may be effected to the particular embodiments by those of skill in the art without departing from the scope of the invention, which is defined solely by the claims appended hereto.
Claims (30)
1. A method of authenticating the user of a digital wireless device, having both an associated client identifier and associated secret information, at an application provider connected to an authenticator by a data network, said authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of:
receiving, from the application provider, a request for authentication of the user of a digital wireless device;
requesting that the user of the digital wireless device provide the secret information associated with the digital wireless device;
receiving, from the digital wireless device, the requested secret information;
comparing the received secret information to the copy of the secret information stored in the connected register; and providing authentication of the user of the digital cellular device to the application provider when the received secret information and the secret information stored in the connected register are equivalent.
receiving, from the application provider, a request for authentication of the user of a digital wireless device;
requesting that the user of the digital wireless device provide the secret information associated with the digital wireless device;
receiving, from the digital wireless device, the requested secret information;
comparing the received secret information to the copy of the secret information stored in the connected register; and providing authentication of the user of the digital cellular device to the application provider when the received secret information and the secret information stored in the connected register are equivalent.
2. The method, as in claim 1, wherein the secret information is a personal identification number.
3. The method, as in claim 1, wherein the register is a home location register.
4. The method, as in claim 3, wherein the secret information is a home location register personal identification number.
5. The method, as in claim 1, wherein the register is a visiting location register.
6. The method, as in claim 1, wherein the register is a RADIUS server.
7. The method, as in claim 1, further including the step of receiving a request for service containing the client identifier associated with the digital wireless device at the application provider prior to the step of receiving a request for authentication.
8. The method, as in claim 1, wherein the request for authentication includes the client identifier of the digital wireless device.
9. The method, as in claim 1, further including the steps of requesting the client identifier of the digital wireless device, and receiving the client identifier of the digital wireless device prior to the step of requesting that the user of the digital wireless device provide the secret information.
10. The method, as in claim 1, wherein the steps of requesting the secret information, receiving the requested secret information and comparing the received secret information to the copy of the secret information stored in the connected register are repeated if the received secret information is not equivalent to the copy of the secret information stored in the connected register.
11. The method, as in claim 1, further including the step of requesting that the digital wireless device be redirected to connect to the authenticator using only the digital wireless network following to the step of receiving a request for authentication of the user of the digital wireless device.
12. The method, as in claim 11, further including the step of requesting that the digital wireless device reconnect to the application provider following the step of receiving the requested secret information.
13. A system for authenticating a user of a digital wireless device having a client identifier, the digital wireless device connected to a digital wireless network having a register for storing secret information associated with the client identifier, at an application provider connected to the digital wireless device and connected to a data network, comprising:
an authenticator, connected to the register, and connected to the application provider, for receiving from the application provider a request for authentication of a provided client identifier, for generating a request for the secret information for the digital wireless device associated with the provided client identifier, for receiving from the digital wireless device a response containing the secret information, for comparing the received secret information to the secret information stored in the connected register, and for transmitting an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent.
an authenticator, connected to the register, and connected to the application provider, for receiving from the application provider a request for authentication of a provided client identifier, for generating a request for the secret information for the digital wireless device associated with the provided client identifier, for receiving from the digital wireless device a response containing the secret information, for comparing the received secret information to the secret information stored in the connected register, and for transmitting an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent.
14. The system, as in claim 13, wherein the data network is the Internet.
15. The system, as in claim 13, wherein the secret information is a personal identification number.
16. The system, as in claim 13, wherein the data network uses a protocol from the transmission control protocol/internet protocol suite.
17. The system, as in claim 13, wherein the digital wireless device is connected to the application provider by the digital wireless network and the data network.
18. The system, as in claim 13, wherein the application provider is connected to the authenticator by the data network.
19. The system, as in claim 13, wherein the authenticator is connected to the register by the data network.
20. The system, as in claim 13, wherein the authenticator is connected to the register by a connection using standard telephony protocols.
21. The system, as in claim 13, wherein the authenticator is connected to the register by a secure private network.
22. The system, as in claim 13, wherein the register is a home location register.
23. The system, as in claim 13, wherein the register is a visiting location register.
24. The system, as in claim 13, wherein the register is a RADIUS server.
25. The system, as in claim 13, wherein the authenticator includes means for redirecting the digital wireless device to connect to the authenticator using only the digital wireless network, and means for redirecting the digital wireless device to reconnect to the application provider.
26. The system, as in claim 13, wherein the authenticator includes means for pushing the generated request to the digital wireless device using only the digital wireless network.
27. A method of obtaining non-repudiable authorisation for a transaction from a digital wireless device, having both an associated client identifier and associated secret information by an application provider, at an authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of receiving a request for a non-repudiable transaction from the application provider;
receiving a response from the digital wireless device, including the associated secret information; and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device.
receiving a response from the digital wireless device, including the associated secret information; and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device.
28. The method, as in claim 27, wherein the request for a non-repudiable transaction includes the terms of the transaction.
29. The method, as in claim 27, wherein the response from the digital wireless device includes indication of the agreement to the terms of the transaction.
30. The method, as in claim 27, further including the step of providing a non-repudiable transaction verification to the digital wireless device upon receiving agreement to the transaction from the digital wireless device.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002358732A CA2358732A1 (en) | 2001-10-12 | 2001-10-12 | Method and system for remote authentication of a digital wireless device using a personal identification number |
AU2002333081A AU2002333081A1 (en) | 2001-10-12 | 2002-10-11 | Authentication of a wireless device using a personal identification number |
PCT/CA2002/001529 WO2003032667A2 (en) | 2001-10-12 | 2002-10-11 | Authentication of a wireless device using a personal identification number |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002358732A CA2358732A1 (en) | 2001-10-12 | 2001-10-12 | Method and system for remote authentication of a digital wireless device using a personal identification number |
Publications (1)
Publication Number | Publication Date |
---|---|
CA2358732A1 true CA2358732A1 (en) | 2003-04-12 |
Family
ID=4170228
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002358732A Abandoned CA2358732A1 (en) | 2001-10-12 | 2001-10-12 | Method and system for remote authentication of a digital wireless device using a personal identification number |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2002333081A1 (en) |
CA (1) | CA2358732A1 (en) |
WO (1) | WO2003032667A2 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE535546C2 (en) | 2009-07-14 | 2012-09-18 | Ericsson Telefon Ab L M | Method and apparatus for verifying a telephone number |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI105966B (en) * | 1998-07-07 | 2000-10-31 | Nokia Networks Oy | Authentication in a telecommunications network |
AU4603100A (en) * | 1999-05-03 | 2000-11-17 | Nokia Corporation | Sim based authentication mechanism for dhcrv4/v6 messages |
US6785823B1 (en) * | 1999-12-03 | 2004-08-31 | Qualcomm Incorporated | Method and apparatus for authentication in a wireless telecommunications system |
KR100407922B1 (en) * | 2000-01-18 | 2003-12-01 | 마이크로 인스펙션 주식회사 | Certified method on the internet using cellular phone |
FI20000760A0 (en) * | 2000-03-31 | 2000-03-31 | Nokia Corp | Authentication in a packet data network |
-
2001
- 2001-10-12 CA CA002358732A patent/CA2358732A1/en not_active Abandoned
-
2002
- 2002-10-11 AU AU2002333081A patent/AU2002333081A1/en not_active Abandoned
- 2002-10-11 WO PCT/CA2002/001529 patent/WO2003032667A2/en not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
AU2002333081A1 (en) | 2003-04-22 |
WO2003032667A2 (en) | 2003-04-17 |
WO2003032667A3 (en) | 2003-09-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8315593B2 (en) | Method for billing in a telecommunications network | |
CA2530891C (en) | Apparatus and method for a single sign-on authentication through a non-trusted access network | |
US7860800B2 (en) | Policy control and billing support for call transfer in a session initiation protocol (SIP) network | |
US7865173B2 (en) | Method and arrangement for authentication procedures in a communication network | |
AU2002226278B2 (en) | Use of a public key key pair in the terminal for authentication and authorisation of the telecommunication user with the network operator and business partners | |
US20090282467A1 (en) | Method and system for controlling access to networks | |
EP1610528A2 (en) | System and method of asserting identities in a telecommunications network | |
WO2000044130A1 (en) | A method, system and arrangement for providing services on the internet | |
RU2253187C2 (en) | System and method for local provision of meeting specified regulations for internet service providers | |
EP1961149B1 (en) | Method for securely associating data with http and https sessions | |
US20020042820A1 (en) | Method of establishing access from a terminal to a server | |
EP1320236A1 (en) | Access control for network services for authenticating a user via separate link | |
KR20060094453A (en) | Authentication method for pay-per-use service using eap and system thereof | |
CA2358732A1 (en) | Method and system for remote authentication of a digital wireless device using a personal identification number | |
FI115284B (en) | Method and arrangement for terminal authentication | |
CA2358801A1 (en) | Authentication and non-repudiation of a subscriber on a public network through redirection | |
WO2024100677A1 (en) | A system for lora based lightweight blockchain financial network for offline payments and method thereof | |
KR20030039033A (en) | Wireless internet fee service billing method | |
AU2002250388A1 (en) | A method for billing in a telecommunications network | |
MXPA06000590A (en) | Peer-to-peer telephone system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FZDE | Dead |