SE519072C2 - Method of access control in mobile communications - Google Patents
Method of access control in mobile communicationsInfo
- Publication number
- SE519072C2 SE519072C2 SE0200061A SE0200061A SE519072C2 SE 519072 C2 SE519072 C2 SE 519072C2 SE 0200061 A SE0200061 A SE 0200061A SE 0200061 A SE0200061 A SE 0200061A SE 519072 C2 SE519072 C2 SE 519072C2
- Authority
- SE
- Sweden
- Prior art keywords
- policy
- mobile
- communication system
- password
- service provider
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Abstract
Description
nanm» 10 15 20 25 30 35 519 072 före, distribution av dessa enheter. nanm »10 15 20 25 30 35 519 072 before, distribution of these units.
Sàväl mobiloperatörer som banker är intresserade av, och arbetar med att ta fram, lösningar där en användare skall kunna autentiseras (identifieras ha uppgiven identitet) och skapa oavvisliga digitala signaturer med sin mobila enhet. Typiskt utgörs den mobila enheten av en mobiltelefon med ett eller flera sa kallade smart card. Den mobila enheten (eller i regel ett smart card i den mobila enheten) innehåller i sin tur en eller flera privata nycklar, vilka är användbara för autenti- sering och för att skapa oavvislighet först när en CA (Certificate Authority) utfärdat certifikat som intygar att en specifik användare innehar dessa privata nycklar.Both mobile operators and banks are interested in, and working to develop, solutions where a user can be authenticated (identified as having a stated identity) and create irrefutable digital signatures with their mobile device. Typically, the mobile device consists of a mobile phone with one or more so-called smart cards. The mobile device (or usually a smart card in the mobile device) in turn contains one or more private keys, which are useful for authentication and for creating intransigence only when a CA (Certificate Authority) has issued a certificate certifying that a specific user holds these private keys.
Användandet av de privata nycklarna skyddas sà gott som alltid av ett lösenord, som användare ofta själva har möjlighet att ändra eller välja. CA har i mánga fall synpunkter pà vilka regler som skall gälla för vilka lösenord en användare tilläts välja. CA har dä vad man kan kalla en lösenordspolicy.The use of the private keys is almost always protected by a password, which users often have the opportunity to change or choose. In many cases, CA has views on which rules should apply to which passwords a user was allowed to choose. CA then has what can be called a password policy.
Lösenordspolicyn kan t ex gälla regler avseende längd, tillàtna tecken och uppdateringsintervall. En sådan policy har endast kunnat tillämpas i de fall det redan vid kortets utgivande varit klarlagt vilken CA som skall utfärda certifikat kopplat till nycklarna pà kortet. I det mobila fallet kommer smartcardet ofta att distribueras till användaren innan någon vet vilken CA som kommer att utfärda certifikat kopplade till nyckelpar på kortet, varför metoden att lägga in CA:s lösenords-policy pà kortet innan det distribueras till användaren inte är tillämplig.The password policy can, for example, apply to rules regarding length, permitted characters and update intervals. Such a policy could only be applied in cases where it had already been clarified at the time of issuance of the card which CA was to issue the certificate linked to the keys on the card. In the mobile case, the smart card will often be distributed to the user before anyone knows which CA will issue certificates linked to key pairs on the card, so the method of entering the CA's password policy on the card before distributing it to the user is not applicable.
SAMMANFATTNING AV UPPFINNINGEN Syftet med uppfinningen är att tillhandahålla en metod för att elektroniskt distribuera en lösenordspolicy över ett mobilt kommunikationssystem till en mobila enhet så att nämnda policy direkt kan börja tillämpas i den mobila enheten eller en tilläggsenhet. Uppfinningen innefattar sàledes en metod inom ett mobilt radiokommunikationssystem med mobila enheter och anslutna tjänstetillhandahàllare som tillhandahåller tjänster 10 15 20 25 30 35 519 072 över nämnda kommunikationssystem, där åtkomsten fràn en mobil terminal av en tjänst hos en tjänstetillhandahàllare kräver ett lösenord. Metod innefattar stegen att - frán en tjänstetillhandahàllare, eller av honom utpekad certifikat-myndighet elektroniskt avsända en lösenordspolicy mot en mobil enhet - i en mobil enhet, elektroniskt ta emot nämnda policy och hantera och utforma lösenord sammanhängande med nämnda tjänstetillhandahàllare i enlighet med regler specificerade i den fràn tjänstetillhandahàllaren eller av honom utpekad certifikat-myndighet, nämnda avsända policy.SUMMARY OF THE INVENTION The object of the invention is to provide a method for electronically distributing a password policy over a mobile communication system to a mobile device so that said policy can be directly applied in the mobile device or an additional device. The invention thus comprises a method within a mobile radio communication system with mobile units and connected service providers which provide services over said communication system, wherein the access from a mobile terminal of a service of a service provider requires a password. Method includes the steps of - from a service provider, or by the certificate authority designated by it, electronically sending a password policy to a mobile device - in a mobile device, electronically receiving said policy and managing and designing passwords associated with said service provider in accordance with rules specified in the said policy sent by the service provider or by the certificate authority designated by him.
Metoden innefattar även att den mobila enheten eller en speciell gateway autentiserar och auktoriserar avsändaren av policyn för att förhindra oseriöst utnyttjande av möjligheten att ändra en policy.The method also includes that the mobile device or a special gateway authenticates and authorizes the sender of the policy to prevent rogue use of the possibility to change a policy.
KORTFATTAD BESKRIVNING AV RITNINGARNA Uppfinningen kommer att beskrivas närmare i det följande under hänvisning till bifogade ritningar, i vilka: figur l visar en administrationsväg enligt en utföringsform av uppfinningen för PIN-policy, figur 2 visar en administrationsväg för PIN-policy enligt en annan utföringsform av uppfinningen, och figur 3 visar ett flödesschema för en metod enligt upp- finningen.BRIEF DESCRIPTION OF THE DRAWINGS The invention will be described in more detail below with reference to the accompanying drawings, in which: Figure 1 shows an administration route according to an embodiment of the invention for PIN policy, Figure 2 shows an administration route for PIN policy according to another embodiment of the invention, and Figure 3 shows a flow chart for a method according to the invention.
Figur 4A och 4B visar schematiskt placeringen av autentiserings- och auktoriserings-enheter enligt tvà utföringsformer av uppfinningen.Figures 4A and 4B schematically show the location of authentication and authorization units according to two embodiments of the invention.
BESKRIVNING Av FÖREDRAGNA UTFÖRINGSFORMER En utföringsform av uppfinningen avser en metod för att distribuera ett lösenord i form av en PIN-policy för kryptografiska nycklar i mobila enheter ”over-the-air", dvs via det kommunikationssystem som enheten är avsedd att verka i.DESCRIPTION OF PREFERRED EMBODIMENTS An embodiment of the invention relates to a method for distributing a password in the form of a PIN policy for cryptographic keys in mobile devices "over-the-air", ie via the communication system in which the device is intended to operate.
Nycklarna förvaras i typfallet i en ”manipulationssäker” anordning/smartcard i den mobila enheten, men det är inte nödvändigt. De kryptografiska nycklarna är i typfallet privata nycklar i asymmetriska nyckelpar. Det kryptografiska nycklarna, unna. 10 15 20 25 30 35 519 072 eller den enhet i vilken dessa genereras, har distribuerats till användaren redan innan det är känt vilken part som kommer att utfärda certifikat som kopplar användaren till ett visst nyckelpar.The keys are typically stored in a “tamper-proof” device / smartcard in the mobile device, but this is not necessary. The cryptographic keys are typically private keys in asymmetric key pairs. The cryptographic keys, treat. 10 15 20 25 30 35 519 072 or the device in which these are generated, has been distributed to the user even before it is known which party will issue certificates linking the user to a certain key pair.
När en CA skall utfärda ett certifikat, knyts användaren till en privat nyckel pà sedvanligt sätt via en ”over-the-air-proof- of possession”-procedur. Före, efter eller under denna procedur distribuerar CA sin PIN-policy via det cellulära mobila kommunikationssystemet till den mobila enheten vilken inne- häller den privata nyckeln. En applikation i den mobila enheten ser till att PIN-policyn träder i kraft, och tvingar användaren att välja en PIN-kod enligt policyn för nyttjande av den certifierade nyckeln. I figur 1 illustreras flödet: l.CA 101 har beslutat sig för att distribuera sin PIN-policy till en viss mobil enhet. 2.CA adresserar PIN-policyn till en viss mobil enhet och en viss privat nyckel i den mobila enheten 115 och skickar denna till en gateway 105 för ändamålet. Denna gateway 105 autentiserar CA 101 och avgör om CA 101 har rätt att distribuera en PIN-policy till den mobila enheten 115 (auktorisering). Nämnda gateway 105 är företrädesvis anordnad hos operatören av det mobila kommunikations- systemet. 3.Gateway 105 skickar PIN-policyn vidare över det mobila kommunikationsnätet 110. 4.Den mobila enheten 115 mottar PIN-policyn, säkerställer att den kommer fràn mobiloperatörens gateway 105 samt aktiverar policyn för aktuell nyckel. Om användaren sedan tidigare har en PIN-kod som inte uppfyller policyn, uppmanas han att välja en ny PIN-kod enligt policyn. 5.Alternativt, när användaren byter PIN-kod nästa gang mäste den uppfylla kraven i PIN-policyn.When a CA is to issue a certificate, the user is linked to a private key in the usual way via an "over-the-air-proof-of-possession" procedure. Before, after or during this procedure, the CA distributes its PIN policy via the cellular mobile communication system to the mobile device which contains the private key. An application in the mobile device ensures that the PIN policy enters into force, and forces the user to select a PIN code according to the policy for using the certified key. Figure 1 illustrates the flow: l.CA 101 has decided to distribute its PIN policy to a specific mobile device. 2.CA addresses the PIN policy to a specific mobile device and a specific private key in the mobile device 115 and sends this to a gateway 105 for the purpose. This gateway 105 authenticates CA 101 and determines whether CA 101 has the right to distribute a PIN policy to the mobile device 115 (authorization). The gateway 105 is preferably arranged at the operator of the mobile communication system. 3. Gateway 105 forwards the PIN policy over the mobile communication network 110. 4. The mobile unit 115 receives the PIN policy, ensures that it comes from the mobile operator's gateway 105 and activates the policy for the current key. If the user already has a PIN code that does not comply with the policy, he is prompted to select a new PIN code according to the policy. 5.Alternatively, the next time the user changes the PIN code, it must meet the requirements of the PIN policy.
Steg 1 föregås företrädesvis av en förfrågan fràn klienten/ användaren till CA om utfärdande av ett klientcertifikat. 10 15 20 25 30 35 519 072 5 En lösenordspolicy innehàller företrädesvis regler om, i det generella fallet: - antal tecken (min, max) - förbjudna tecken - förbjudna teckenkombinationer - intervall för hur ofta byte av lösenord mäste ske (t ex antal gànger ett lösenord får användas).Step 1 is preferably preceded by a request from the client / user to the CA for the issuance of a client certificate. 10 15 20 25 30 35 519 072 5 A password policy preferably contains rules on, in the general case: - number of characters (min, max) - prohibited characters - prohibited character combinations - intervals for how often password changes must take place (eg number of times a password may be used).
Policyn kan givetvis vara generell för alla användare, men också personaliserad, t ex innehálla kontroller pà att en viss användare inte nyttjar sitt personnummer som PIN osv.The policy can of course be general for all users, but also personalized, eg contain checks that a certain user does not use their social security number as a PIN, etc.
I en utföringsform bestàr en PIN-policy av en datastruktur som tolkas av en applikation för ändamålet som anordnats i den mobila enheten. I en annan utföringsform realiseras en PIN- policy som en exekverbar applikation som skickas till den mobila enheten. I det första fallet kan man tänka sig att flera PIN-policy kan vara aktiva samtidigt, men någon mekanism för att lösa eventuellt motstridiga policy krävs dà.In one embodiment, a PIN policy consists of a data structure which is interpreted by an application for the purpose provided in the mobile device. In another embodiment, a PIN policy is realized as an executable application that is sent to the mobile device. In the first case, it is conceivable that several PIN policies may be active at the same time, but some mechanism for resolving any conflicting policies is required then.
Den mobila enheten 115 innehåller företrädesvis ett eller flera integrerade eller löstagbara smartcard eller någon annan form av manipulationssäker anordning. Uppfinningen är givetvis tillämplig även i de fall den privata nyckeln inte är lagrad i en manipulationssäker anordning, utan pá nàgot annat sätt i den mobila enheten.The mobile unit 115 preferably contains one or more integrated or detachable smart cards or some other form of tamper-proof device. The invention is of course applicable even in cases where the private key is not stored in a tamper-proof device, but in some other way in the mobile unit.
I en utföringsform finns ej den speciella gateway som nämns i I stället skickar CA 201 sin policy via (GGSN steg 2, jämför figur 2. en generell trafikal gateway för mobilkommunikationsnätet för GPRS/UMTS) 210, auktorisering av CA 201. utan mekanismer för autentisering och I denna utföringsform implementeras i stället mekanismer för autentisering och auktorisering i den mobila enheten 215.In one embodiment, there is no special gateway mentioned in Instead, CA 201 sends its policy via (GGSN step 2, compare Figure 2. a general traffic gateway for the mobile communication network for GPRS / UMTS) 210, authorization of CA 201. without authentication mechanisms and In this embodiment, mechanisms for authentication and authorization are implemented in the mobile unit 215 instead.
I figur 3 visas metodstegen motsvarande distributionsvägen i figur l och figur 2. CA skapar 310 en policyspecifikation, samt adresserar 320 en mobil enhet och adresserar 330 en privat nyckel inom nämnda mobila enhet. Vidare skickas 340 ~u aßua» 10 15 20 25 30 35 519 072 specifikationen över mobilnätet, eventuellt via en speciell gateway sàsom nämnts ovan. Specifikationen mottages 350 och avsändaren autentiseras 360 respektive i förekommande fall auktoriseras 370. Beroende pà antal mellanliggande enheter mellan CA och mobil enhet som behöver egen autentisering och auktorisering upprepas 375 stegen skicka 340, ta emot 350, autentisera 360 och auktorisera 370. Slutligen lagras och aktiveras policyn i den mobila stationen.Figure 3 shows the method steps corresponding to the distribution path in Figure 1 and Figure 2. CA creates 310 a policy specification, and addresses 320 a mobile unit and addresses 330 a private key within said mobile unit. Furthermore, the 340 ~ u aßua »10 15 20 25 30 35 519 072 specification is sent over the mobile network, possibly via a special gateway as mentioned above. The specification is received 350 and the sender is authenticated 360 and, if applicable, authorized 370. Depending on the number of intermediate devices between CA and mobile device that need its own authentication and authorization, 375 steps are sent 340, receive 350, authenticate 360 and authorize 370. Finally stored and activated the policy of the mobile station.
Givetvis kan i alternativa utföringsformer andra parter än CA ladda ned en PIN-policy. Speciellt är i en utföringsform operatören av den mobila kommunikationstjänsten kapabel att ladda ned sin PIN-policy till de mobila enheterna i sitt nät.Of course, in alternative embodiments, parties other than CA can download a PIN policy. In particular, in one embodiment, the operator of the mobile communication service is capable of downloading its PIN policy to the mobile devices in its network.
PIN-policy för andra syften än upplåsning/användning av privata nycklar kan givetvis ocksa distribueras till den mobila enheten enligt uppfinningen. T ex PIN-koder och lösenord för: - användande av symmetriska nycklar - skriv-/läsrättigheter till datafiler - GSM - applikationsexekvering osv.PIN policy for purposes other than unlocking / using private keys can of course also be distributed to the mobile device according to the invention. Eg PIN codes and passwords for: - use of symmetric keys - write / read rights to data files - GSM - application execution etc.
I det fall det finns flera CA (vi kallar dessa A respektive B) som certifierar samma nyckel, är följande metod en utförings- form av uppfinningen: - Bàde A och B kan ladda ned sin policy till den mobila enheten. Bàde policy fràn CA A och policy fràn CA B tillämpas varje gàng PIN ändras. Detta kräver en mekanism i den mobila enheten för att lösa motstridiga krav.In case there are several CAs (we call these A and B respectively) that certify the same key, the following method is an embodiment of the invention: - Both A and B can download their policy to the mobile device. Both policy from CA A and policy from CA B apply each time the PIN is changed. This requires a mechanism in the mobile device to resolve conflicting requirements.
- Bàde A och B skickar sin policy till operatören av det mobila kommunikationsnätet. Operatören skapar en ”summering” av dessa regler och bestämmer över vilken policy som till slut skickas till den mobila enheten.- Both A and B send their policy to the operator of the mobile communication network. The operator creates a "summary" of these rules and decides on which policy is eventually sent to the mobile device.
- Bàde A och B kan ladda ned sin policy till den mobila enheten. Separata Pin används för samma nyckel beroende pà vilket av sina certifikat användaren vill àberopa. Policy fràn CA A gäller när användaren àberopar sitt certifikat 519 072 ana... fràn CA A, och policy fràn CA B gäller när användaren àbe- ropar sitt certifikat fràn CA B.- Both A and B can download their policy to the mobile device. Separate Pin is used for the same key depending on which of its certificates the user wants to invoke. Policy from CA A applies when the user invokes his certificate 519 072 ana ... from CA A, and policy from CA B applies when the user invokes his certificate from CA B.
I fig. 4 A och 4 B visas hur enheter för autentisering och auktorisering anordnats i föredragna utföringsformer. Fig. 4 A visar en autentiseringsenhet 402 och en auktoriseringsenhet 404 anordnad i gateway 105. Fig. 4 B visar en autentiseringsenhet 402 och en auktoriseringsenhet 404 anordnad i en mobil enhet 115.Figures 4A and 4B show how units for authentication and authorization are arranged in preferred embodiments. Fig. 4A shows an authentication unit 402 and an authorization unit 404 arranged in gateway 105. Fig. 4B shows an authentication unit 402 and an authorization unit 404 arranged in a mobile unit 115.
Givetvis krävs det i de flesta fall en säker transportmekanism för att överföra en PIN-policy fràn CA, eller annan utgivare av policyn, till den mobila enheten. Det finns mànga metoder för att realisera detta, men det faller utanför uppfinningens ram.Of course, in most cases a secure transport mechanism is required to transfer a PIN policy from the CA, or other issuer of the policy, to the mobile device. There are many methods for realizing this, but it falls outside the scope of the invention.
Uppfinningens skyddsomfáng är endast begränsat av nedanstående patentkrav.The scope of the invention is limited only by the following claims.
Claims (1)
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE0200061A SE519072C2 (en) | 2002-01-10 | 2002-01-10 | Method of access control in mobile communications |
AU2002359203A AU2002359203A1 (en) | 2002-01-10 | 2002-12-20 | Method at access right control within mobile communication |
EP02793724A EP1466438A1 (en) | 2002-01-10 | 2002-12-20 | Method at access right control within mobile communication |
PCT/SE2002/002424 WO2003058880A1 (en) | 2002-01-10 | 2002-12-20 | Method at access right control within mobile communication |
NO20042773A NO20042773L (en) | 2002-01-10 | 2004-07-01 | Procedure for controlling access rights in mobile communications |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE0200061A SE519072C2 (en) | 2002-01-10 | 2002-01-10 | Method of access control in mobile communications |
Publications (3)
Publication Number | Publication Date |
---|---|
SE0200061D0 SE0200061D0 (en) | 2002-01-10 |
SE0200061L SE0200061L (en) | 2003-01-07 |
SE519072C2 true SE519072C2 (en) | 2003-01-07 |
Family
ID=20286626
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
SE0200061A SE519072C2 (en) | 2002-01-10 | 2002-01-10 | Method of access control in mobile communications |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1466438A1 (en) |
AU (1) | AU2002359203A1 (en) |
NO (1) | NO20042773L (en) |
SE (1) | SE519072C2 (en) |
WO (1) | WO2003058880A1 (en) |
Families Citing this family (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2107756A1 (en) | 2008-03-31 | 2009-10-07 | British Telecommunications Public Limited Company | Policy resolution |
US9137739B2 (en) | 2009-01-28 | 2015-09-15 | Headwater Partners I Llc | Network based service policy implementation with network neutrality and user privacy |
US8832777B2 (en) | 2009-03-02 | 2014-09-09 | Headwater Partners I Llc | Adapting network policies based on device service processor configuration |
US8548428B2 (en) | 2009-01-28 | 2013-10-01 | Headwater Partners I Llc | Device group partitions and settlement platform |
US8898293B2 (en) | 2009-01-28 | 2014-11-25 | Headwater Partners I Llc | Service offer set publishing to device agent with on-device service selection |
US8924543B2 (en) | 2009-01-28 | 2014-12-30 | Headwater Partners I Llc | Service design center for device assisted services |
US8589541B2 (en) | 2009-01-28 | 2013-11-19 | Headwater Partners I Llc | Device-assisted services for protecting network capacity |
US8391834B2 (en) | 2009-01-28 | 2013-03-05 | Headwater Partners I Llc | Security techniques for device assisted services |
US8626115B2 (en) | 2009-01-28 | 2014-01-07 | Headwater Partners I Llc | Wireless network service interfaces |
US8340634B2 (en) | 2009-01-28 | 2012-12-25 | Headwater Partners I, Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
US8402111B2 (en) | 2009-01-28 | 2013-03-19 | Headwater Partners I, Llc | Device assisted services install |
US8635335B2 (en) | 2009-01-28 | 2014-01-21 | Headwater Partners I Llc | System and method for wireless network offloading |
US8924469B2 (en) | 2008-06-05 | 2014-12-30 | Headwater Partners I Llc | Enterprise access control and accounting allocation for access networks |
US8275830B2 (en) | 2009-01-28 | 2012-09-25 | Headwater Partners I Llc | Device assisted CDR creation, aggregation, mediation and billing |
US8346225B2 (en) | 2009-01-28 | 2013-01-01 | Headwater Partners I, Llc | Quality of service for device assisted services |
US8406748B2 (en) | 2009-01-28 | 2013-03-26 | Headwater Partners I Llc | Adaptive ambient services |
US9557889B2 (en) | 2009-01-28 | 2017-01-31 | Headwater Partners I Llc | Service plan design, user interfaces, application programming interfaces, and device management |
US9571559B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners I Llc | Enhanced curfew and protection associated with a device group |
US8893009B2 (en) | 2009-01-28 | 2014-11-18 | Headwater Partners I Llc | End user device that secures an association of application to service policy with an application certificate check |
US9647918B2 (en) | 2009-01-28 | 2017-05-09 | Headwater Research Llc | Mobile device and method attributing media services network usage to requesting application |
US9253663B2 (en) | 2009-01-28 | 2016-02-02 | Headwater Partners I Llc | Controlling mobile device communications on a roaming network based on device state |
US8745191B2 (en) | 2009-01-28 | 2014-06-03 | Headwater Partners I Llc | System and method for providing user notifications |
US9609510B2 (en) | 2009-01-28 | 2017-03-28 | Headwater Research Llc | Automated credential porting for mobile devices |
US10715342B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
US9565707B2 (en) | 2009-01-28 | 2017-02-07 | Headwater Partners I Llc | Wireless end-user device with wireless data attribution to multiple personas |
US10057775B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Virtualized policy and charging system |
US10492102B2 (en) | 2009-01-28 | 2019-11-26 | Headwater Research Llc | Intermediate networking devices |
US11218854B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
US10841839B2 (en) | 2009-01-28 | 2020-11-17 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US10264138B2 (en) | 2009-01-28 | 2019-04-16 | Headwater Research Llc | Mobile device and service management |
US10237757B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | System and method for wireless network offloading |
US8793758B2 (en) | 2009-01-28 | 2014-07-29 | Headwater Partners I Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US10779177B2 (en) | 2009-01-28 | 2020-09-15 | Headwater Research Llc | Device group partitions and settlement platform |
US9858559B2 (en) | 2009-01-28 | 2018-01-02 | Headwater Research Llc | Network service plan design |
US10484858B2 (en) | 2009-01-28 | 2019-11-19 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
US9392462B2 (en) | 2009-01-28 | 2016-07-12 | Headwater Partners I Llc | Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy |
US9706061B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Service design center for device assisted services |
US9980146B2 (en) | 2009-01-28 | 2018-05-22 | Headwater Research Llc | Communications device with secure data path processing agents |
US9955332B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Method for child wireless device activation to subscriber account of a master wireless device |
US10248996B2 (en) | 2009-01-28 | 2019-04-02 | Headwater Research Llc | Method for operating a wireless end-user device mobile payment agent |
US10064055B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US9954975B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
US10798252B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | System and method for providing user notifications |
US10783581B2 (en) | 2009-01-28 | 2020-09-22 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
US9578182B2 (en) | 2009-01-28 | 2017-02-21 | Headwater Partners I Llc | Mobile device and service management |
US9270559B2 (en) | 2009-01-28 | 2016-02-23 | Headwater Partners I Llc | Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow |
US10326800B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Wireless network service interfaces |
US9755842B2 (en) | 2009-01-28 | 2017-09-05 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
US10200541B2 (en) | 2009-01-28 | 2019-02-05 | Headwater Research Llc | Wireless end-user device with divided user space/kernel space traffic policy system |
US9351193B2 (en) | 2009-01-28 | 2016-05-24 | Headwater Partners I Llc | Intermediate networking devices |
US9572019B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners LLC | Service selection set published to device agent with on-device service selection |
US9154826B2 (en) | 2011-04-06 | 2015-10-06 | Headwater Partners Ii Llc | Distributing content and service launch objects to mobile devices |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0354771B1 (en) * | 1988-08-11 | 1995-05-31 | International Business Machines Corporation | Personal identification number processing using control vectors |
US4924514A (en) * | 1988-08-26 | 1990-05-08 | International Business Machines Corporation | Personal identification number processing using control vectors |
US5944824A (en) * | 1997-04-30 | 1999-08-31 | Mci Communications Corporation | System and method for single sign-on to a plurality of network elements |
US6202157B1 (en) * | 1997-12-08 | 2001-03-13 | Entrust Technologies Limited | Computer network security system and method having unilateral enforceable security policy provision |
DK174672B1 (en) * | 1999-11-09 | 2003-08-25 | Orange As | Electronic identification code delivery system |
-
2002
- 2002-01-10 SE SE0200061A patent/SE519072C2/en not_active IP Right Cessation
- 2002-12-20 AU AU2002359203A patent/AU2002359203A1/en not_active Abandoned
- 2002-12-20 WO PCT/SE2002/002424 patent/WO2003058880A1/en not_active Application Discontinuation
- 2002-12-20 EP EP02793724A patent/EP1466438A1/en not_active Withdrawn
-
2004
- 2004-07-01 NO NO20042773A patent/NO20042773L/en not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
SE0200061L (en) | 2003-01-07 |
AU2002359203A1 (en) | 2003-07-24 |
NO20042773L (en) | 2004-09-10 |
SE0200061D0 (en) | 2002-01-10 |
EP1466438A1 (en) | 2004-10-13 |
WO2003058880A1 (en) | 2003-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
SE519072C2 (en) | Method of access control in mobile communications | |
US7487357B2 (en) | Virtual smart card system and method | |
CN101421970B (en) | Avoiding server storage of client state | |
US6075860A (en) | Apparatus and method for authentication and encryption of a remote terminal over a wireless link | |
EP1486025B1 (en) | System and method for providing key management protocol with client verification of authorization | |
US6718470B1 (en) | System and method for granting security privilege in a communication system | |
US7362869B2 (en) | Method of distributing a public key | |
KR100990320B1 (en) | Method and system for providing client privacy when requesting content from a public server | |
US8001615B2 (en) | Method for managing the security of applications with a security module | |
CN101129014B (en) | System and method for multi-session establishment | |
US20040148429A1 (en) | Method and system for remote activation and management of personal security devices | |
US20050120248A1 (en) | Internet protocol telephony security architecture | |
CN101014958A (en) | System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces | |
CA2475216A1 (en) | Method and system for providing third party authentification of authorization | |
US20110213959A1 (en) | Methods, apparatuses, system and related computer program product for privacy-enhanced identity management | |
WO2013007525A1 (en) | Method and system to share or storage personal data without loss of privacy | |
RU2007138849A (en) | NETWORK COMMERCIAL TRANSACTIONS | |
WO2006112761A1 (en) | Method and system for electronic reauthentication of a communication party | |
EP1075748B1 (en) | Method, arrangement and apparatus for authentication | |
CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
JP4607602B2 (en) | How to provide access | |
KR102372503B1 (en) | Method for providing authentification service by using decentralized identity and server using the same | |
EP0645688A1 (en) | Method for the identification of users of telematics servers | |
HUE029848T2 (en) | Method and equipment for establishing secure connection on a communication network | |
EP3685563A1 (en) | Method for configuring user authentication on a terminal device by means of a mobile terminal device and for logging a user onto a terminal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NUG | Patent has lapsed |