EP2274927A1 - Rapport de service - Google Patents

Rapport de service

Info

Publication number
EP2274927A1
EP2274927A1 EP08735981A EP08735981A EP2274927A1 EP 2274927 A1 EP2274927 A1 EP 2274927A1 EP 08735981 A EP08735981 A EP 08735981A EP 08735981 A EP08735981 A EP 08735981A EP 2274927 A1 EP2274927 A1 EP 2274927A1
Authority
EP
European Patent Office
Prior art keywords
service
security
information
server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08735981A
Other languages
German (de)
English (en)
Inventor
Hannu Tuominen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks Oy
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Publication of EP2274927A1 publication Critical patent/EP2274927A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/58Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP based on statistics of usage or network monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/61Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP based on the service used
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing

Definitions

  • the invention relates to a method, an application server, a security server and a computer program product for reporting information about use of services.
  • GBA Generic Authentication Architecture
  • GBA Generic Bootstrapping Architecture
  • 3GPP 3 rd generation partnership project
  • the GBA defines how to establish a shared secret between a service provider and a mobile terminal with help of a trusted authenticating party.
  • the authentication is possible if a user owns a valid identity in a Home Location Register (HLR) or a Home Subscriber Server (HSS) .
  • the shared secret can be given by the authenticating party to the service provider so that the terminal and the service provider have a common shared secret that can be used for user authentication or message confidentiality.
  • GAA/GBA specifies a mechanism how a user is authenticated and authorized with help of an authenticating party to access services provided by service providers
  • the authenticating party such as a mobile network operator, lacks the mechanism to manage the total service portfolio offered by the service providers .
  • the object of the invention is to overcome the above drawbacks .
  • Embodiments of the invention solve the problem of prior art by providing an application server, method and computer program product comprising, receiving a request for a service associated with a user, requesting security parameters from a security server to authenticate the user, and sending information about use of the service to the security server.
  • the application server, method and computer program product can comprise receiving instruction relating to sending the information about the use of the service to the security server.
  • the instruction can comprises at least one of
  • the information about the use of the service may comprise at least one of
  • the service may comprise a mobile television service and the sub service may comprise a television channel the user has selected.
  • the information about the use of the service can comprise at least one of - information relating to identification of a type of a content file downloaded by the user,
  • the content may comprise one of audio, video, ring tone, software application.
  • the information about the use of the service may comprise an identification of an electronic service.
  • the authentication may comprise authenticating according to generic authentication architecture of 3 rd generation partnership project.
  • the application server can be a network application function of the generic authentication architecture of 3 rd generation partnership project.
  • the application server can provide the service to the user.
  • the application server can be hosted by a service provider and the requesting security parameters from the security server can comprise contacting the security server of a network operator, other than the service provider, whose subscriber the user is.
  • a security server, method and computer program product comprising obtaining security parameters associated with a subscriber of a network operator, sending the security parameters to an application server controlled by a service provider other than the network operator, and receiving information about use of a service provided to the subscriber by the application server controlled by the service provider.
  • the security server, method and computer program product can comprise charging the subscriber on behalf of the service provider, and/or collecting statistics about use of services provided to subscribers of the network operator wherein the services are provided by a service providers other than the network operator, and statistics is collected based on the information received.
  • the security server can be a bootstrapping function and/or obtaining the security parameters can include obtaining the security parameters according to a generic bootstrapping architecture of 3 rd generation partnership project .
  • the security server, method and computer program product can comprise sending instruction to the application server relating to the information about the use of the service the application server is to report to the security server.
  • the security server can be hosted by the network operator.
  • a system is provided, the system comprises the security and the application server described above.
  • the present invention can provide one or more of advantages below: a network operator can have better focus on the services that end-users are interested to use. a network operator may advertise other services that are similar than users are currently using. - a network operator can decide to drop those services from the service portfolio that are not used by end-users. This is beneficial if there are many service providers wishing to provide services by means of GBA/GAA authenticating users with the network operator. - Add average revenue per user (ARPU) and reduce churn by being able better monitor the behaviour of the end-users .
  • ARPU average revenue per user
  • Figure 1 presents an overview of a network architecture relevant for this invention.
  • Figure 2 presents a signaling flow of a bootstrapping authentication procedure.
  • Figure 3 presents a signaling flow of an embodiment of the invention.
  • FIG. 4 illustrates process steps of an embodiment of the invention.
  • Figure 5 illustrates internal structures and functions of an entity providing an application and a security server of an embodiment of the invention.
  • FIG. 6 illustrates process steps of an embodiment of the invention. Detailed description of the invention
  • An example of an authenticating party is a bootstrapping server function (BSF) which mutually authenticates with the user equipment (UE) by using the authentication and key agreement (AKA) procedure, and agrees on session keys that are then applied between the UE and a service provider controlled network application function (NAF) .
  • BSF bootstrapping server function
  • AKA authentication and key agreement
  • NAF service provider controlled network application function
  • the GAA/GBA enables a user to authenticate to and communicate in a secure manner with third party service providers (NAFs) using existing trusted relationship to a home mobile network operator (BSF, HSS/HLR) of the user.
  • NAFs third party service providers
  • BPF home mobile network operator
  • HSS/HLR home mobile network operator
  • NAFs service providers
  • the UE and a NAF can run some application specific protocol where the authentication and securing of the actual content or messages can be based on those session keys generated during the mutual authentication between the UE and the BSF.
  • the BSF can be hosted in a network element under the control of a mobile network operator (MNO) .
  • MNO mobile network operator
  • SIM subscriber identity module
  • UICC Universal Mobile Telecommunications System
  • USIM Universal Mobile Telecommunications System
  • AKA Authentication and key agreement
  • 3G third generation
  • IETF Internet Engineering Task force
  • IETF Internet Engineering Task force
  • the AKA is a challenge-response based mechanism that uses symmetric cryptography and is typically run in a UMTS IP Multimedia Subsystem (IMS) Identity Module (ISIM), which resides on a smart card like device that also provides tamper resistant storage of shared secrets.
  • IMS IP Multimedia Subsystem
  • ISIM UMTS IP Multimedia Subsystem
  • Hypertext transfer protocol (HTTP) digest authentication is an HTTP authentication which verifies with a challenge-response mechanism that both parties to the communication know a shared secret, such as a password.
  • HTTP Hypertext transfer protocol
  • USS User Security Setting
  • an authentication part which contains the list of identities of the user needed for the application (e.g. public user identities (IMPU), MSISDN, pseudonyms), and an authorisation part, which contains the user permission flags (e.g. access to application allowed, type of certificates which may be issued) .
  • a USS may contain a key selection indication, which is used in the UICC based GBA (GBA_U) case to mandate the usage of either the mobile equipment (ME) based key or the UICC-based key or both.
  • GBA_U UICC based GBA
  • the USS can be delivered to the BSF as a part of GBA User Security Settings (GUSS) from the HSS, and from the BSF to the NAF if requested by the NAF.
  • GUSS can contain the BSF specific information element and the set of all application-specific USSs.
  • Reference point Ub 11 is between a UE 1 and a BSF 2.
  • a cloud 15 illustrates a network of a mobile network operator.
  • the UE 1, the BSF 2 and the HSS 4 can be associated with the network 15 which means that the UE 1, the BSF 2 and the HSS 4 can communicate with each other in trusted way through the network 15.
  • the UE 1 can be a subscriber to the network 15.
  • the NAF 3 is located outside the trusted network 15, and belongs to a network of a service provider 16. Normally there exists no trusted way of communication between the UE 1 and the third party NAF 3.
  • the GAA/GBA provides this trusted relationship by means of the BSF 2 and the NAF 3 agreeing security parameters over trusted Zn interface 13.
  • a UE 1 When a UE wants to interact with a NAF, and it knows that the bootstrapping procedure is needed, it can first perform a bootstrapping authentication presented in figure 2.
  • a UE 1 sends an HTTP request towards the BSF 2.
  • the request contains a user identity, such as a private user identity (IMPI) .
  • RAND is a non-predictable number which is used as challenge in a challenge response protocol.
  • Cipher key (CK) is a sequence of symbols that can control the operation of encipherment and decipherment.
  • Integrity key (IK) is a data protection key that can be used for protecting the integrity of data items. The integrity key (IK) is generated, together with the ciphering key (CK) .
  • Expected user response (XRES) is a part of the authentication quintuplet which is used as a reference value for the response to the challenge during the authentication and key agreement (AKA) .
  • step 23 the BSF 2 forwards the RAND and AUTN to the UE 1 in the 401 "Unauthorized WWW -Authenticate" message (without the CK, IK and XRES) . This is to demand the UE 1 to authenticate itself.
  • step 24 the UE 1 checks the AUTN to verify that the challenge is from an authorised network.
  • the UE 1 can also calculate CK, IK and response (RES) . This will result in the session keys IK and CK in both the BSF 2 and the UE 1.
  • step 25 the UE 1 can send another HTTP request, containing the Digest AKA response (calculated using the RES), to the BSF 2 and in step 26, the BSF 2 can authenticate the UE 1 by verifying the Digest AKA response .
  • the BSF 2 can generate key material (Ks) by concatenating the CK and the IK. Also a Bootstrapping Transaction Identifier (B-TID) value is generated. B-TID is used to bind the subscriber identity to the keying material in reference points Ua 12, Ub 11 and Zn 13.
  • the BSF 2 can send a 200 OK message, including the B-TID, to the UE 1 to indicate the success of the authentication.
  • the BSF 2 can supply the lifetime of the key Ks.
  • the key material Ks can be generated in the UE 1 by concatenating CK and IK is step 29.
  • Figure 3 presents an embodiment of the invention.
  • the UE 1 and the NAF 3 can first agree whether to use shared keys obtained by means of the GBA.
  • the UE 1 can start communication over reference point Ua 12 with the NAF 3 by sending an application request.
  • the UE 1 may supply the B-TID to the NAF 3, to allow the NAF 3 to retrieve the corresponding keys from the BSF 2.
  • the NAF 3 starts communication over reference point Zn 13 with the BSF 2 by sending an authentication request to request key material corresponding to the B- TID supplied by the UE 1 to the NAF 3 over reference point Ua 12.
  • the NAF 3 may also request one or more application-specific USSs for applications which the UE 1 may access over reference point Ua 12.
  • the BSF 2 can derive the keys required to protect the protocol used over reference point Ua 12 from the key Ks and the key derivation parameters, and can supply to the NAF 3 in an authentication answer the requested key Ks_NAF, as well as the bootstrapping time and the lifetime of that key, and the requested application-specific and potentially NAF group specific USSs if they are available in subscriber's GUSS and if the NAF 3 is authorized to receive the requested USSs.
  • the BSF 2 may also send the private user identity (IMPI) and requested USSs to the NAF 3 according to the policy of the BSF 2.
  • IMPI private user identity
  • the BSF 2 may request in the authentication answer the NAF 3 to report to the BSF 2 information relating to use of the application the NAF 3 provides to the UE 1.
  • the NAF 3 can continue with the protocol used over the reference point Ua 12 with the UE 1 and responds with application answer to the UE 1.
  • the NAF 3 can then provide the requested application, for example mobile TV, to the UE 1.
  • the NAF 3 in step 35, can report to the BSF 2 information relating to use of the application.
  • the NAF 3 may do the reporting according to instructions received from the BSF 2, for example, in an
  • the NAF 3 may do the reporting based on other logic, for example based on its internal policy or configuration, or based on some other trigger.
  • An embodiment of this invention modifies a message, for example Authentication Answer, by adding a new information element in the message that allows a BSF 2 to request information about the service usage.
  • a new message called
  • the Application Report 35 can send by the NAF 3 to the BSF 2 containing information about the service usage.
  • the Application Report 35 may contain parameters relating to at least one of service usage time (when, how long) and data volumes transferred.
  • a new information element is added, for example to Authentication Answer 33 signaling message, from the BSF 2 to the NAF 3 for instructing which details and/or how often the NSF 3 should report to the BSF 2.
  • the BSF 2 can instruct the NAF 3 also using other signaling message than Authentication Answer, for example a completely new signaling message.
  • a user is authenticated to use Mobile TV service via a NAF 3, and can be authorized according a USS for the service to watch following TV channels: YLE, MTV, Eurosport and Disney Channel.
  • An Application Report 35 may contain information about the channels the user watched, and when.
  • the Application Report 35 may contain x start time' and x stop time' of watching certain channel (s) :
  • a BSF 2 can instruct the NAF 3 to send reports in certain intervals (e.g. every 30 minutes) or based on other criteria. If the BSF 2 is not giving any instructions to the NAF 3 about how often the reporting should be done, the NAF 3 may report to the BSF 2 after the user stops using or disconnects the service, or based on other criteria configured to the NAF 3.
  • a NAF 3 can be an application server which provides the service to a user.
  • a NAF can interface one or more further (trusted) application servers for providing parts of a service to the user. These other application servers can belong to the same service provider which hosts also the NAF, thereby having trusted interfaces between each other.
  • FIG 5 shows an example of the internal structure of an application server 3, such as NAF.
  • the NAF 3 can include a receiving unit 501 configured to receive a request for a service from a user 1.
  • the request can be an application request over Ua reference point of 3GPP GBA.
  • the NAF 3 may include security unit 502 which can request security parameters from a security server 2, such as BSF 2, for the user 1, for example to authenticate the user 1.
  • the security unit 502 can send an authentication request over Zn reference point to request key material corresponding to the B-TID supplied by the UE 1 to the receiving unit 501.
  • the NAF 3 can include sending unit 504 to send information about use of the service or application to the security server 2. The information may be sent in an application report signaling message over Zn reference point.
  • the NAF 3 can comprise an instruction unit 505 configured to receive instruction relating to sending the information about the use of the service to the security server 2.
  • the instruction can define, for example, what information and/or when (for example how often) the sending unit 504 should report to BSF 2.
  • the NAF 3 can have a rules unit 506 to store rules and policy relating to sending information about use of services.
  • the rules can define, for example, what information and/or when (for example how often) the sending unit 504 should report to BSF 2.
  • the NAF 3 can include service unit 503 configured to provide a service or application to the user 1.
  • the service unit 503 can apply the security parameters obtained from the security unit 502 to protect content or messages relating to providing the service or application to the user 1.
  • the service unit 503 can provide the service or application with help of a further trusted application server (not shown in Fig 5) .
  • FIG. 5 also shows an example structure of a security server 2, such as BSF.
  • the BSF 2 can include a security unit 516 to obtain security parameters for a subscriber 1 of a network operator.
  • the security unit 516 can communicate with a HLR or HSS 4 over Zh reference point of 3GPP to retrieve at least part of the security parameters, for example, as described in the explanation of step 22 of Fig 2 earlier in this document.
  • the security unit 516 can comprise an internal database for storing security parameters of subscribers of the network operator.
  • the BSF 2 can comprise sending unit
  • the BSF 2 may have a receiving unit 513 configured to receive information about use of a service provided to the subscriber 1 by the application server 3.
  • the BSF 2 can comprise a charging unit 514 which may be configured to collect and/or process charging and/or billing related data relating to providing the service or application to the subscriber 1.
  • the charging unit 514 can manage the data for subscriber charging and billing which the network operator can take care of on behalf of service provider (s) providing the actual services.
  • the BSF 2 can comprise a statistics unit 515 to collect statistics about use of services provided to subscribers 1 of the network operator.
  • the services can be provided by service providers other than the network operator.
  • the statistics unit 515 can be configured to collect statistics based on information received by the receiving unit 513. The collected can be used for preparing charging/billing of the user.
  • the BSF 2 can include instruction unit 512 to send instruction to the application server 3 relating to the information about the use of the service the application server 3 should report to the receiving unit 513.
  • the 512 can for example send instruction about what information and/or when (for example how often) the application server 3 should report to the receiving unit 513.
  • Items reported to a BSF can include identification of a used sub-service (e.g. watched TV channel), a time (when and/or how long a (sub-) service has been used, for example by indicating start/stop times of watching a channel) , transferred data volume (per service or sub- service) .
  • a used sub-service e.g. watched TV channel
  • a time when and/or how long a (sub-) service has been used, for example by indicating start/stop times of watching a channel
  • transferred data volume per service or sub- service
  • Items reported to a BSF can include a name and/or a type (audio, video, ring tone, software application etc) of downloaded file.
  • a type of a device or a model of a mobile device of the user 1 to which the content was downloaded can be reported to the BSF.
  • FIG. 4 presents a process according to an embodiment of the invention.
  • the process can be implemented for example by an application server, such as NAF 3.
  • a request for providing a service is received.
  • the request can be received from a UE 1, and/or can be associated with a user 1.
  • the request can include a B- TID.
  • security parameters are retrieved.
  • the security parameters can be retrieved based on the B-TID received in step 41, and thereby the security parameters can be linked to the user 1.
  • the security parameters may include at least one security key and/or at least one USS.
  • the USS can be linked to the service requested in step 41.
  • a reporting instruction can be received on reporting service use related parameters.
  • the instruction can be received from a security entity, such as BSF, and may treat reporting to the security entity.
  • the service is provided to the user 1.
  • information relating to the service is reported.
  • the reporting in step 45 and instruction in step 43 can include details described above in connection with 1.) streaming services, 2.) content services and 3.) electronic services.
  • Providing the service in step 44 can continue over time as indicated by arrow 46 and reporting information relating to the service in step 45 may take place several times.
  • the reporting step 45 can be done once after the service has been provided in step 44.
  • the reporting step 45 can be done based on pre-configured rules and policy.
  • FIG. 6 presents another process according to an embodiment of the invention.
  • the process can be implemented, for example, by a security server, such as BSF 2.
  • security parameters of a user 1 can be obtained. This may include retrieving from a HLR 4 or HSS 4 a set of GBA user security settings and/or authentication vector based on the identity of user 1, for example, IMPI.
  • the obtaining may include generating security keys (CK, IK, Ks) based on the retrieved security parameters.
  • a B-TID can be generated.
  • security parameters are transmitted to an application server.
  • the security parameters may include security keys, and the security parameters to be transmitted can be identified and/or associated with the user 1 based on the B-TID which can be received from the application server.
  • a reporting instruction can be sent on reporting service use related parameters.
  • a report is received.
  • the report comprises information relating to providing a service to the user 1.
  • the reporting in step 64 and instruction in step 63 can include details described above in connection with 1.) streaming services, 2.) content services and 3.) electronic services.
  • several reports can be received during providing the service.
  • the reporting 64 can be done once after the service has been provided.
  • information for charging and/or billing of the user can be prepared based on the reported information relating to services provided to the user 1.
  • statistics on use of services can be prepared based on reported information relating to services provided to users. As shown, one, both or none of the steps 65 and 67 can belong to the process.
  • an authenticating party can not receive information about use of services provided by third party application servers or proprietary methods must be mutually agreed between the authenticating party and the third party (internet service provider ISP, NAF) .
  • mobile network operators can receive information from service providers how subscribers of the mobile network operators use services relying on GAA/GBA authentication.
  • Embodiments of the invention can allow mobile networks operators to take care of charging and billing of end users on behalf of service providers by collecting relevant charging and billing related data through a BSF.
  • An application server and a security server may be physically implemented in a switch, router, server or other hardware platform or electronic equipment which can support data transmission and processing tasks, or can be implemented as a component of other existing device .
  • the invention is not limited to mobile networks, but can also be applied in other type of networks having similar type of authentication logic as the GAA/GBA, similar type of security entity role as the BSF and similar type of application server role as the NAF. Therefore, the BSF is only used here as an example of a security entity, and NAF only as an example of an application serving entity.
  • Functions of the security entity (BSF) and the application entity (NAF) described above may be implemented by code means, as software, and loaded into memory of a computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un serveur d’application (3) reçoit une demande pour un service associé à un utilisateur (1), demandant aux paramètres de sécurité d’un serveur de sécurité (2) d’authentifier l’utilisateur, et envoie les informations concernant l’utilisation du service au serveur de sécurité. Le serveur de sécurité peut envoyer une instruction au serveur d’application se rapportant aux informations qui concernent l’utilisation du service que le serveur d’application va rapporter au serveur de sécurité.
EP08735981A 2008-04-09 2008-04-09 Rapport de service Withdrawn EP2274927A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/054255 WO2009124587A1 (fr) 2008-04-09 2008-04-09 Rapport de service

Publications (1)

Publication Number Publication Date
EP2274927A1 true EP2274927A1 (fr) 2011-01-19

Family

ID=40417649

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08735981A Withdrawn EP2274927A1 (fr) 2008-04-09 2008-04-09 Rapport de service

Country Status (3)

Country Link
EP (1) EP2274927A1 (fr)
CN (1) CN101990771B (fr)
WO (1) WO2009124587A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188229B (zh) * 2011-12-30 2017-09-12 上海贝尔股份有限公司 用于安全内容访问的方法和设备
CN110830240B (zh) * 2018-08-09 2023-02-24 阿里巴巴集团控股有限公司 一种终端与服务器的通信方法和装置
WO2020146376A1 (fr) * 2019-01-07 2020-07-16 Apple Inc. Mesures de performance liées à la qualité de flux de service et demande de service

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE0103337D0 (sv) * 2001-10-08 2001-10-08 Service Factory Sf Ab System and method relating to mobile communications
KR100509936B1 (ko) * 2003-02-10 2005-08-24 주식회사 케이티프리텔 이동통신망에서 멀티미디어 데이터의 선불형 지능망서비스 제공 시스템 및 방법
US20050177515A1 (en) * 2004-02-06 2005-08-11 Tatara Systems, Inc. Wi-Fi service delivery platform for retail service providers
ES2311821T3 (es) * 2004-05-12 2009-02-16 Telefonaktiebolaget Lm Ericsson (Publ) Sistema de autenticacion.
EP1898349A1 (fr) * 2006-09-06 2008-03-12 Siemens Aktiengesellschaft Procédé et système pour fournir un service à un abonné d'un opérateur de réseau mobile

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic bootstrapping architecture (Release 8)", 3GPP STANDARD; 3GPP TS 33.220, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V8.3.0, 1 March 2008 (2008-03-01), pages 1 - 75, XP050376712 *

Also Published As

Publication number Publication date
CN101990771A (zh) 2011-03-23
CN101990771B (zh) 2014-07-02
WO2009124587A1 (fr) 2009-10-15

Similar Documents

Publication Publication Date Title
KR101078455B1 (ko) 보안 인터넷 프로토콜 권한 관리 아키텍쳐에 대한 키 관리프로토콜 및 인증 시스템
EP3376735B1 (fr) Procédé et système permettant de fournir une authentification d'autorisation par un tiers
RU2335866C2 (ru) Способ формирования и распределения криптографических ключей в системе мобильной связи и соответствующая система мобильной связи
US7185362B2 (en) Method and apparatus for security in a data processing system
US7246236B2 (en) Method and apparatus for providing peer authentication for a transport layer session
KR101461455B1 (ko) 인증 방법, 시스템 및 장치
US20060059344A1 (en) Service authentication
CN110995418B (zh) 云存储认证方法及系统、边缘计算服务器、用户路由器
US20080141313A1 (en) Authentication bootstrap by network support
US20080072301A1 (en) System And Method For Managing User Authentication And Service Authorization To Achieve Single-Sign-On To Access Multiple Network Interfaces
US8875236B2 (en) Security in communication networks
CN101322428A (zh) 用于传递密钥信息的方法和设备
KR20070102722A (ko) 통신 시스템에서 사용자 인증 및 권한 부여
CN101449510A (zh) 加密和解密媒体数据的方法、装置和计算机程序产品
CN109120408A (zh) 用于认证用户身份的方法、装置和系统
EP1639782B1 (fr) Procede de distribution de mots de passe
CN101990771B (zh) 服务报告
CN115767527A (zh) 一种均衡安全和效率的改进型5g消息rcs接入鉴权ims-aka机制
WO2011017851A1 (fr) Procédé permettant à un client d’accéder de manière sécurisée à un serveur de stockage de messages, et dispositifs correspondants
Proserpio et al. Introducing Infocards in NGN to enable user-centric identity management
KR20120054949A (ko) 사용자 중심의 동적 신뢰 관계 형성 방법
KR20080036731A (ko) 이동통신망의 애플리케이션 실행을 위한 부트스트랩 방법

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20101109

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20110701

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: NOKIA SOLUTIONS AND NETWORKS OY

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 12/08 20090101ALI20171124BHEP

Ipc: H04L 29/08 20060101AFI20171124BHEP

INTG Intention to grant announced

Effective date: 20171212

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20181101