WO2002015626A1 - Network authentication by using a wap-enabled mobile phone - Google Patents

Network authentication by using a wap-enabled mobile phone Download PDF

Info

Publication number
WO2002015626A1
WO2002015626A1 PCT/EP2001/008320 EP0108320W WO0215626A1 WO 2002015626 A1 WO2002015626 A1 WO 2002015626A1 EP 0108320 W EP0108320 W EP 0108320W WO 0215626 A1 WO0215626 A1 WO 0215626A1
Authority
WO
WIPO (PCT)
Prior art keywords
cryptographic module
mobile communications
communications device
communications
authentication
Prior art date
Application number
PCT/EP2001/008320
Other languages
French (fr)
Inventor
Stefan Andersson
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0020095A external-priority patent/GB2366139B/en
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to EP01962861A priority Critical patent/EP1323323A1/en
Priority to AU2001283949A priority patent/AU2001283949A1/en
Publication of WO2002015626A1 publication Critical patent/WO2002015626A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Definitions

  • L5 a service provider may wish to ensure that only some computer users are able to access specific information.
  • US Patent No. 5,784,463 describes a system in which a computer system is secured against authorized access, while date exchanged by a user with the
  • US Patent No. 5,784,463 describes the use of an authentication token, which may be a hardware device or which may be a software module, 25 which allows the user to authenticate himself to the remote computer.
  • shared secret keys provide mutual authentication between the two users. The shared secret keys are generated only at the time of registration, and are distributed using
  • This system has the disadvantage that, before a computer user can take part in secure online transactions using the described system, he must obtain a separate authentication token. Further there is a 35 cost associated with the distribution of such tokens, either to pay for the additional hardware, or to supply information for the .software module.
  • an existing communications device can be used as an authentication token.
  • a communications device which has a cryptographic module for use in mobile communications, can be used as an authentication token.
  • the device may be a device which can operate under the Wireless Application Protocol, that is, a WAP-enabled device, such as a mobile phone.
  • WAP-enabled devices include components which are used in public key/private key cryptographic systems as a part of their standard communication functions. These components therefore advantageously allow the device to be used as an authentication token when communicating with a remote server.
  • the device can use Wireless Transport Layer Security (WTLS) for mobile communications, and employs its cryptographic module when in use as an authentication token.
  • WTLS Wireless Transport Layer Security
  • Figure 1 is a schematic illustration of a network in which the present invention can be implemented.
  • Figure 2 is a flow chart showing a first authentication method in accordance with the invention.
  • Figure 3 is a flow chart showing a second authentication method in accordance with the invention.
  • the WAP Gateway 20 converts signals between different protocols used over the wireless network and over the wired networks which are involved.
  • the WAP Gateway 20 has an interface for connection to a Wireless Telephony Application (WTA) server 30, which provides telephony-related functions, such as handling voice calls or text messages .
  • WTA Wireless Telephony Application
  • One specific use of WAP-enabled devices is to access the internet, and in particular to access the information on web pages which are specifically designed for that purpose.
  • the WAP Gateway 20 also includes an interface for connection to a Wireless Applications
  • WAE server 40 The WAE server 40 is in turn connected to the internet 50. Data which may be accessed by a WAP-enabled device are stored on a web server 52. As is well known, the internet is made up of very many servers of this type, storing such information.
  • a scripting language WMLScript can be used.
  • Wireless Transport Layer Security can be used. This provides confidentiality for users, by encrypting messages which are transmitted over the wireless interface, and also provides authentication, by means of digital certificates. In order to provide this WTLS functionality, the
  • WAP-enabled device 10 includes a cryptographic module, which uses an embedded public key and private key on handshake for authentication, then generates symmetric session keys, which are used to encode messages before transmission and to decode received messages,
  • the cryptographic module can be realised in hardware or in software in the phone 10, or may be provided on an external smart card, or the phone 10 may also include a Wireless Identity Module (WIM) card, which is used to identify the subscriber.
  • WIM Wireless Identity Module
  • the cryptographic module of the phone and other features which are used to provide secure communication using the Wireless Application Protocol, also allow the phone 10 to be used as an authentication token for other communications .
  • the cryptographic module is embodied in hardware
  • the necessary information is provided on an integrated circuit in the device.
  • WPKI Wireless Public Key Infrastructure
  • WTLS Wireless Public Key Infrastructure
  • authentication can take place at the WAP
  • the modem can have an associated authentication server 17
  • the WAP Gateway can have an associated authentication server 22
  • a web server 52 can have an associated authentication server 54.
  • the authentication server 54 associated with a web server 52 can be directly connected thereto, or (as shown in Figure 1) can be connected thereto over the internet.
  • Carrying out additional authentications in this way can provide additional security.
  • using the device as an authentication token to carry out authentications at the WAP Gateway avoids the need for the user to enter a password, which increases the convenience for the user.
  • FIG. 2 shows the operation of the device 10 as an authentication token in the WAP environment .
  • This operation will be described here with reference to a situation in which the device 10 is authenticated to the authentication server 17 associated with the modem 15.
  • authentication can take place in a similar way at many points in the network.
  • the user starts the WAP browser software in the device 10, and attempts to communicate through the modem 15.
  • the modem 15 requires authentication, and the device 10 detects this requirement at step 72.
  • the device verifies the identity of the user. As part of this procedure, the device gives a prompt to the user, asking the user to identify himself.
  • PIN Personal Identification Number
  • the device 10 can also use a form of biometrics to provide user authentication.
  • the device 10 can include means for examining a physical feature which uniquely or nearly uniquely identifies a user, such as his fingerprints or voice recognition or another biometric technique, and allowing the user access to the system only if that physical feature is found to match the intended user.
  • the token can authenticate itself to the modem 15, a . step 76.
  • the token performs the necessary calculations, and, at step 78, information is provided to the WAP browser software, for example allowing it to respond to challenges from the authentication server 17, or to generate a password based on offline information.
  • Such an authentication procedure may be used in the WAP environment in many situations.
  • the user may use the device 10 to authenticate himself to a bank machine, or to a further device which controls access to a building or area.
  • the device 10 can be used as an authentication token when a user wishes to access the internet 50 using a personal computer 60.
  • a personal computer has the advantage, compared with current mobile devices, that it has a wider range of input options (such as a full size keyboard and a mouse) , and has a larger display for retrieved data.
  • the personal computer 60 is provided with a wired broadband connection to the internet 50. Possible uses of a personal computer 60, in conjunction with the internet 50, include retrieving data from servers to which there is intended to be restricted access, and carrying out online transactions, which may include transmitting confidential user information to a third party computer.
  • the third party computer from which information is to be retrieved, or to which information is to be transmitted, has an associated authentication server 54.
  • Figure 2 shows the PC connected to the internet 50 through a modem 56, which has an associated authentication server 58.
  • the description below refers to authentication towards the authentication server, but the same procedure can be used to authenticate towards the authentication server 58.
  • Secure communications between the personal computer 60 and the authentication server 54 can then be achieved using an authentication token, as is generally known.
  • the authentication token can use the cryptographic components of a device, which also uses those components in, for example, WTLS communications.
  • FIG 3 shows the operation of the device 10 as an authentication token in conjunction with the PC 60.
  • the user starts the application which requires authentication, and the authentication functionality of the device 10 is started.
  • the device verifies the identity of the user. As described, with reference to Figure 2, the user may be required to enter a Personal Identification Number (PIN) , while, to provide an additional layer of security, the device 10 can also, use a form of biometrics to provide user authentication.
  • PIN Personal Identification Number
  • the token can authenticate itself to the web server, at step 84. Using the selected authentication protocol, the token performs the necessary calculations to generate the required passwords, and, at step 86, information is sent to the authentication server 54.
  • the necessary password can in effect be generated automatically by the WAP-enabled device 10, using the public key infrastructure provided by the cryptographic module of the device, on the basis of the identity of the user confirmed by the wireless identity module in the device.
  • the WAP-enabled device 10 can be used an authentication token for multiple authentication servers, including authentication servers from multiple manufacturers. All that is necessary is for an authentication server and the device 10 to be able to operate the same authentication protocols .
  • the cryptographic module in the device can be used in any suitable method for generating passwords and encrypting communications, although use of Wireless Public Key Infrastructure is preferred.
  • the WAP-enabled device allows the use of digital signatures, for the purposes of non-repudiation. This same functionality can also be re-used when the device is being used as an authentication token.
  • connection between the personal computer 60 and the WAP-enabled mobile phone 10.
  • the connection may be wired, or, advantageously, communications between the personal computer 60 and mobile phone 10 can take place using the Bluetooth short-range radio transmission protocol .
  • this functionality of the phone must be started. This can be carried out automatically by means of a specific command sent from the personal computer to the phone, and may alternatively or additionally be carried out in response to a specific keypress on the keyboard of the phone .
  • commands may be transferred to and from the device using the AT protocol.
  • passwords which are generated in the mobile phone 10 acting a the authentication token are transferred to the personal computer 60, and can be automatically sent to the authentication server.
  • a manual operation is also possible, in which the necessary authentication calculations are carried out in the authentication token, and the required password or passwords are displayed on a screen of the device, and can be manually entered by the user through the keyboard of the personal computer, and can then be sent to the authentication server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An existing communications device, such as a WAP-enabled mobile phone or other device, can be used as an authentication token. This has the advantage that WAP-enabled devices include components which are used in public key/private key cryptographic systems as a part of their standard communication fuctions. These components therefore advantageously allow the device to be used as an authentication token when communication with a remoter server.

Description

NETWORK AUTHENTICATION BY USING A WAP-ENABLED MOBILE PHONE
TECHNICAL FIELD OF THE INVENTION
This invention relates to the field of computer security, and in particular to the authentication of a 5 user over a computer network.
BACKGROUND OF THE INVENTION
It is desirable to be able to transmit confidential and personal information over unsecured
L0 public computer networks, such as the internet. To allow this, it is necessary to provide a secure registration system, which allows an individual user to have confidence that personal information transmitted over the network will remain confidential . Conversely,
L5 a service provider may wish to ensure that only some computer users are able to access specific information.
US Patent No. 5,784,463 describes a system in which a computer system is secured against authorized access, while date exchanged by a user with the
20 computer system is encrypted when it is sent over the public network.
More specifically, US Patent No. 5,784,463 describes the use of an authentication token, which may be a hardware device or which may be a software module, 25 which allows the user to authenticate himself to the remote computer. In this prior art system, shared secret keys provide mutual authentication between the two users. The shared secret keys are generated only at the time of registration, and are distributed using
30 a public key/private key cryptographic system.
This system has the disadvantage that, before a computer user can take part in secure online transactions using the described system, he must obtain a separate authentication token. Further there is a 35 cost associated with the distribution of such tokens, either to pay for the additional hardware, or to supply information for the .software module.
SUMMARY OF THE INVENTION In accordance with a preferred aspect of the invention, an existing communications device can be used as an authentication token.
In a preferred embodiment of the invention, a communications device which has a cryptographic module for use in mobile communications, can be used as an authentication token. For example, the device may be a device which can operate under the Wireless Application Protocol, that is, a WAP-enabled device, such as a mobile phone. This has the advantage that WAP-enabled devices include components which are used in public key/private key cryptographic systems as a part of their standard communication functions. These components therefore advantageously allow the device to be used as an authentication token when communicating with a remote server. Advantageously, the device can use Wireless Transport Layer Security (WTLS) for mobile communications, and employs its cryptographic module when in use as an authentication token.
It should be emphasised that the term "comprises/comprising" when used in this specification is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof.
BRIEF DESCRIPTION OF DRAWINGS
Figure 1 is a schematic illustration of a network in which the present invention can be implemented. Figure 2 is a flow chart showing a first authentication method in accordance with the invention. Figure 3 is a flow chart showing a second authentication method in accordance with the invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS Figure 1 shows a system in accordance with the invention, which allows a user to communicate securely over the internet. As is conventional, the user has a WAP-enabled device, for example, a mobile phone 10. The mobile phone 10 communicates over a wireless interface through a wireless modem 15 with a WAP
Gateway 20. The WAP Gateway 20, for example, converts signals between different protocols used over the wireless network and over the wired networks which are involved. As an example, the WAP Gateway 20 has an interface for connection to a Wireless Telephony Application (WTA) server 30, which provides telephony-related functions, such as handling voice calls or text messages . One specific use of WAP-enabled devices is to access the internet, and in particular to access the information on web pages which are specifically designed for that purpose.
Thus, the WAP Gateway 20 also includes an interface for connection to a Wireless Applications
Environment (WAE) server 40. The WAE server 40 is in turn connected to the internet 50. Data which may be accessed by a WAP-enabled device are stored on a web server 52. As is well known, the internet is made up of very many servers of this type, storing such information.
As is known, content on web pages which are intended to be accessed by web-enabled devices is conventionally written using Wireless Markup Language (WML) , a language which is designed to meet the constraints which typically apply in this environment, namely the relatively low bandwidth available in the wireless interface, and the generally small available display, sizes on the handheld WAP-enabled devices such as mobile phones .
In order to enhance services written in WML, a scripting language WMLScript, can be used.
In order to provide security between the WAP- enabled client device 10 and the WAP Gateway 20, Wireless Transport Layer Security (WTLS) can be used. This provides confidentiality for users, by encrypting messages which are transmitted over the wireless interface, and also provides authentication, by means of digital certificates. In order to provide this WTLS functionality, the
WAP-enabled device 10 includes a cryptographic module, which uses an embedded public key and private key on handshake for authentication, then generates symmetric session keys, which are used to encode messages before transmission and to decode received messages,
For example, the cryptographic module can be realised in hardware or in software in the phone 10, or may be provided on an external smart card, or the phone 10 may also include a Wireless Identity Module (WIM) card, which is used to identify the subscriber.
In accordance with preferred embodiments of the present invention, the cryptographic module of the phone, and other features which are used to provide secure communication using the Wireless Application Protocol, also allow the phone 10 to be used as an authentication token for other communications .
In the case where the cryptographic module is embodied in hardware, the necessary information is provided on an integrated circuit in the device. Where the Wireless Public Key Infrastructure (WPKI) is used to distribute the parameters for WTLS, it can also be used to distribute the parameters required for use as an authentication token.
When communicating in the WAP environment, for example, authentication can take place at the WAP
Gateway 20 using the device 10 as an authentication token, and can also take place at the modem 15 and/or at the web server 52. Thus, the modem can have an associated authentication server 17, the WAP Gateway can have an associated authentication server 22, and a web server 52 can have an associated authentication server 54. The authentication server 54 associated with a web server 52 can be directly connected thereto, or (as shown in Figure 1) can be connected thereto over the internet.
Carrying out additional authentications in this way can provide additional security. In addition, using the device as an authentication token to carry out authentications at the WAP Gateway avoids the need for the user to enter a password, which increases the convenience for the user.
Figure 2 shows the operation of the device 10 as an authentication token in the WAP environment . This operation will be described here with reference to a situation in which the device 10 is authenticated to the authentication server 17 associated with the modem 15. However, as mentioned above, authentication can take place in a similar way at many points in the network. At step 70, the user starts the WAP browser software in the device 10, and attempts to communicate through the modem 15. In this case, the modem 15 requires authentication, and the device 10 detects this requirement at step 72. At step 74, the device verifies the identity of the user. As part of this procedure, the device gives a prompt to the user, asking the user to identify himself. One possibility is to require the user to enter a Personal Identification Number (PIN) . However, to provide an additional layer of security, the device 10 can also use a form of biometrics to provide user authentication. Thus, for example, the device 10 can include means for examining a physical feature which uniquely or nearly uniquely identifies a user, such as his fingerprints or voice recognition or another biometric technique, and allowing the user access to the system only if that physical feature is found to match the intended user.
Once the user has authenticated himself to the token, the token can authenticate itself to the modem 15, a . step 76. Thus, using a selected authentication protocol, the token performs the necessary calculations, and, at step 78, information is provided to the WAP browser software, for example allowing it to respond to challenges from the authentication server 17, or to generate a password based on offline information.
More details about an authentication protocol which may be used can be found in the document "Entity Authentication Using Public Key Cryptography", Federal Information Processing Standards Publication FIPS PUB 196 of February 1997.
Such an authentication procedure may be used in the WAP environment in many situations. For example, the user may use the device 10 to authenticate himself to a bank machine, or to a further device which controls access to a building or area.
In an alternative embodiment of the invention, the device 10 can be used as an authentication token when a user wishes to access the internet 50 using a personal computer 60.
As is well known, a personal computer has the advantage, compared with current mobile devices, that it has a wider range of input options (such as a full size keyboard and a mouse) , and has a larger display for retrieved data. Further, the personal computer 60 is provided with a wired broadband connection to the internet 50. Possible uses of a personal computer 60, in conjunction with the internet 50, include retrieving data from servers to which there is intended to be restricted access, and carrying out online transactions, which may include transmitting confidential user information to a third party computer. As described above, the third party computer, from which information is to be retrieved, or to which information is to be transmitted, has an associated authentication server 54.
Also, Figure 2 shows the PC connected to the internet 50 through a modem 56, which has an associated authentication server 58. The description below refers to authentication towards the authentication server, but the same procedure can be used to authenticate towards the authentication server 58.
Secure communications between the personal computer 60 and the authentication server 54 can then be achieved using an authentication token, as is generally known. In accordance with the invention, the authentication token can use the cryptographic components of a device, which also uses those components in, for example, WTLS communications.
Figure 3 shows the operation of the device 10 as an authentication token in conjunction with the PC 60. At step 80, the user starts the application which requires authentication, and the authentication functionality of the device 10 is started. At step 82, the device verifies the identity of the user. As described, with reference to Figure 2, the user may be required to enter a Personal Identification Number (PIN) , while, to provide an additional layer of security, the device 10 can also, use a form of biometrics to provide user authentication.
Once the user has authenticated himself to the token, the token can authenticate itself to the web server, at step 84. Using the selected authentication protocol, the token performs the necessary calculations to generate the required passwords, and, at step 86, information is sent to the authentication server 54.
Again,' a suitable authentication protocol is described in the document "Entity Authentication Using Public Key Cryptography", Federal Information
Processing Standards Publication FIPS PUB 196 of February 1997.
In outline, when the user first contacts the authentication server 54, the authentication server issues a challenge to the user. The authentication token encrypts the challenge with the user's private key, and returns it to the authentication server. The returned challenge is then decrypted by the authentication server with the user's public key, and the authentication server verifies that the decrypted challenge is the same as the original challenge.
Thus, there is no requirement for a user to enter a password to be able to access confidential information which is on the authentication server 54. The necessary password can in effect be generated automatically by the WAP-enabled device 10, using the public key infrastructure provided by the cryptographic module of the device, on the basis of the identity of the user confirmed by the wireless identity module in the device. In this way, the WAP-enabled device 10 can be used an authentication token for multiple authentication servers, including authentication servers from multiple manufacturers. All that is necessary is for an authentication server and the device 10 to be able to operate the same authentication protocols .
It will be appreciated that, for example with appropriate software in the device, it can use any suitable authentication algorithm. The cryptographic module in the device can be used in any suitable method for generating passwords and encrypting communications, although use of Wireless Public Key Infrastructure is preferred.
The WAP-enabled device allows the use of digital signatures, for the purposes of non-repudiation. This same functionality can also be re-used when the device is being used as an authentication token.
In the case where the device 10 is used as an authentication token for a personal computer, described above with reference to Figure 3, there is preferably a connection between the personal computer 60 and the WAP-enabled mobile phone 10. The connection may be wired, or, advantageously, communications between the personal computer 60 and mobile phone 10 can take place using the Bluetooth short-range radio transmission protocol .
When there is a connection between the personal computer 50 and the WAP-enabled mobile phone 10, whether this is wireless or wired, and the personal computer requires to use the phone 10 as an authentication token, this functionality of the phone must be started. This can be carried out automatically by means of a specific command sent from the personal computer to the phone, and may alternatively or additionally be carried out in response to a specific keypress on the keyboard of the phone .
When used with a personal computer in this way, commands may be transferred to and from the device using the AT protocol. Thus, for example, passwords which are generated in the mobile phone 10 acting a the authentication token are transferred to the personal computer 60, and can be automatically sent to the authentication server.
However, a manual operation is also possible, in which the necessary authentication calculations are carried out in the authentication token, and the required password or passwords are displayed on a screen of the device, and can be manually entered by the user through the keyboard of the personal computer, and can then be sent to the authentication server.
There is thus disclosed an authentication token which is readily available, since it re-uses functionality and infrastructure which already exist for WAP-enabled devices.

Claims

1. A method of authenticating communications, the method comprising: using a mobile communications device, which includes a cryptographic module 'for use in mobile communication, as an authentication token.
2. A method of authenticating communications as claimed in claim 1, wherein the mobile communications device is a WAP-enabled device.
3. A method of authenticating communications as claimed in claim 1 or 2, wherein the use of the mobile communications device as an authentication token includes using public key encryption of communications.
4. A method of authenticating communications as claimed in claim 1, 2 or 3, wherein the mobile communications device uses the cryptographic module for Wireless Transport Layer Security communications.
5. A method of authenticating communications as claimed in claim 1, 2, 3 or 4, wherein the mobile communications device is used as an authentication token for a computer, and authenticates communications between the computer and an authentication server.
6. A method of authenticating communications as claimed in claim 5, comprising providing a wired connection between the mobile communications device and the computer.
7. A method of authenticating communications as claimed in claim 5, comprising providing a wireless connection between the mobile communications device and the computer.
8. A mobile communications device, comprising a cryptographic module, the cryptographic module being usable:
(a) for encoding wireless communications from the device; (b) for authenticating a user of the device towards an authentication server.
9. A mobile communications device as claimed in claim 8, the cryptographic module being usable for authenticating a user of a separate computer towards the authentication server.
10. A mobile communications device as claimed in claim 9, having a short-range wireless communications transceiver, for sending signals to and receiving signals from the computer.
11. A mobile communications device as claimed in claim 10, wherein the short-range wireless communications transceiver uses Bluetooth wireless technology.
12. A mobile communications device as claimed in one of claims 8-11, wherein the cryptographic module is usable to support wireless communications using Wireless Transport Layer Security.
13. A mobile communications device as claimed in one of claims 8-12, having means for allowing biometric identification of a user.
14. A mobile communications device as claimed in one of claims 8-13, wherein the cryptographic module uses public key cryptography.
15. A mobile communications device as claimed in one of claims 8-14, comprising means for sending and transmitting data using WAP.
16. A mobile communications device as claimed in one of claims 8-15, wherein the cryptographic module is realised in hardware in the device.
17. A mobile communications device as claimed in one of claims 8-15, wherein the cryptographic module is realised in software in the device
18. A mobile communications device as claimed in one of claims 8-15, wherein the cryptographic module is provided on an external smart card.
19. A mobile communications device as claimed in one of claims 8-15, wherein the cryptographic module comprises a Wireless Identity Module (WIM) card.
20. A mobile communications device as claimed in claim 19, wherein the cryptographic module comprises a Wireless Identity Module (WIM) card which allows communications using Wireless Transport Layer Security.
21. A WAP-enabled mobile communications device, which is capable of use as an authentication token.
22. A communications network, comprising: at least one WAP gateway, which is enabled to encrypt communications on the basis of Wireless Transport Layer Security; at least one authentication server operable in a first authentication protocol; and a WAP-enabled client device, including a cryptographic module, the cryptographic module being usable for encrypting communications with the WAP gateway using Wireless Transport Layer Security, and the cryptographic module being further usable as an authentication token for authenticating a user of the device towards the authentication server, using the first authentication protocol .
23. A network as claimed in claim 22, wherein the cryptographic module is realised in hardware in the client device.
24. A network as claimed in claim 22 , wherein the cryptographic module is realised in software in the client device.
25. A network as claimed in claim 22, wherein the cryptographic module is provided on an external smart card.
26. A network as claimed in claim 22, wherein the cryptographic module comprises a Wireless Identity Module (WIM) card.
27. A network as claimed in any of claims 22-26, comprising a computer, the client device having a connection to the computer such that it acts as an authentication token therefor.
PCT/EP2001/008320 2000-08-15 2001-07-18 Network authentication by using a wap-enabled mobile phone WO2002015626A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP01962861A EP1323323A1 (en) 2000-08-15 2001-07-18 Network authentication by using a wap-enabled mobile phone
AU2001283949A AU2001283949A1 (en) 2000-08-15 2001-07-18 Network authentication by using a wap-enabled mobile phone

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB0020095.6 2000-08-15
GB0020095A GB2366139B (en) 2000-08-15 2000-08-15 Network authentication
US22689500P 2000-08-23 2000-08-23
US60/226,895 2000-08-23

Publications (1)

Publication Number Publication Date
WO2002015626A1 true WO2002015626A1 (en) 2002-02-21

Family

ID=26244841

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2001/008320 WO2002015626A1 (en) 2000-08-15 2001-07-18 Network authentication by using a wap-enabled mobile phone

Country Status (4)

Country Link
US (2) US20020034301A1 (en)
EP (1) EP1323323A1 (en)
AU (1) AU2001283949A1 (en)
WO (1) WO2002015626A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006045663A1 (en) * 2004-10-21 2006-05-04 Siemens Aktiengesellschaft Mobile communication terminal comprising an authentication device, network system encompassing such a terminal, and authentication method
WO2006065002A1 (en) * 2004-12-17 2006-06-22 Electronics And Telecommunications Research Institute User authentication method in another network using digital signature made by mobile terminal
WO2006085169A1 (en) * 2005-01-12 2006-08-17 Nokia Corporation Method and apparatus for using generic authentication architecture procedures in personal computers
WO2007073609A1 (en) 2005-12-29 2007-07-05 Axsionics Ag Security token and method for authentication of a user with the security token
WO2010101476A1 (en) * 2009-03-02 2010-09-10 Encap As Method and computer program for generation and verification of otp between server and mobile device using multiple channels
US20110154465A1 (en) * 2009-12-18 2011-06-23 Microsoft Corporation Techniques for accessing desktop applications using federated identity
US8639932B2 (en) 2008-10-27 2014-01-28 Qinetiq Limited Quantum key distribution
US8650401B2 (en) 2008-01-25 2014-02-11 Qinetiq Limited Network having quantum key distribution
US8654979B2 (en) 2008-05-19 2014-02-18 Qinetiq Limited Quantum key device
US8681982B2 (en) 2008-12-05 2014-03-25 Qinetiq Limited Method of establishing a quantum key for use between network nodes
US8683192B2 (en) 2009-09-29 2014-03-25 Qinetiq Methods and apparatus for use in quantum key distribution
US8749875B2 (en) 2008-12-08 2014-06-10 Qinetiq Limited Non-linear optical device
US8755525B2 (en) 2008-05-19 2014-06-17 Qinetiq Limited Quantum key distribution involving moveable key device
US8762728B2 (en) 2008-12-05 2014-06-24 Qinetiq Limited Method of performing authentication between network nodes
US8792791B2 (en) 2008-05-19 2014-07-29 Qinetiq Limited Multiplexed quantum key distribution
US8855316B2 (en) 2008-01-25 2014-10-07 Qinetiq Limited Quantum cryptography apparatus
US8885828B2 (en) 2008-01-25 2014-11-11 Qinetiq Limited Multi-community network with quantum key distribution
US9148225B2 (en) 2008-01-28 2015-09-29 Qinetiq Limited Optical transmitters and receivers for quantum key distribution
US9692595B2 (en) 2010-12-02 2017-06-27 Qinetiq Limited Quantum key distribution

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7146636B2 (en) * 2000-07-24 2006-12-05 Bluesocket, Inc. Method and system for enabling centralized control of wireless local area networks
US7260638B2 (en) * 2000-07-24 2007-08-21 Bluesocket, Inc. Method and system for enabling seamless roaming in a wireless network
US7373656B2 (en) * 2000-10-27 2008-05-13 Sandisk Il Ltd. Automatic configuration for portable devices
US7126937B2 (en) * 2000-12-26 2006-10-24 Bluesocket, Inc. Methods and systems for clock synchronization across wireless networks
US20020197979A1 (en) * 2001-05-22 2002-12-26 Vanderveen Michaela Catalina Authentication system for mobile entities
US20020194499A1 (en) * 2001-06-15 2002-12-19 Audebert Yves Louis Gabriel Method, system and apparatus for a portable transaction device
US9578022B2 (en) * 2001-08-21 2017-02-21 Bookit Oy Ajanvarauspalvelu Multi-factor authentication techniques
US7042988B2 (en) * 2001-09-28 2006-05-09 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
US20030131114A1 (en) * 2001-10-12 2003-07-10 Scheidt Edward M. Portable electronic authenticator cryptographic module
GB0127205D0 (en) * 2001-11-13 2002-01-02 Ibm Method and system for authentication of a user
US20030126271A1 (en) * 2001-12-27 2003-07-03 Mowry Kevin Curtis Method and apparatus for enabling an external function from a WAP environment
CA2513909A1 (en) * 2003-01-22 2004-08-05 Francotyp-Postalia Ag & Co. Kg Method and device for mobile data transmission
TW595195B (en) * 2003-04-04 2004-06-21 Benq Corp Network lock method and related apparatus by ciphered network lock and inerasable deciphering key
US7374079B2 (en) * 2003-06-24 2008-05-20 Lg Telecom, Ltd. Method for providing banking services by use of mobile communication system
EP1668448A2 (en) * 2003-09-12 2006-06-14 RSA Security Inc. System and method providing disconnected authentication
SE525104C2 (en) * 2004-02-24 2004-11-30 Tagmaster Ab Identity authentication method for providing access to e.g. computers, uses central computer to compare ID code sent to device via mobile terminal with code received from this device
JP2005323160A (en) * 2004-05-10 2005-11-17 Mitsubishi Electric Corp In-area public information system
EP1601154A1 (en) * 2004-05-28 2005-11-30 Sap Ag Client authentication using a challenge provider
EP1650923B1 (en) * 2004-10-22 2011-05-18 Software AG Authentication method and devices
WO2006049520A1 (en) * 2004-11-02 2006-05-11 Oracle International Corporation Systems and methods of user authentication
US8191161B2 (en) * 2005-12-13 2012-05-29 Microsoft Corporation Wireless authentication
FR2895186A1 (en) * 2005-12-20 2007-06-22 France Telecom METHOD AND SYSTEM FOR UPDATING ACCESS CONDITIONS OF A TELECOMMUNICATION DEVICE TO SERVICES ISSUED BY A TELECOMMUNICATION NETWORK
WO2007071009A1 (en) * 2005-12-23 2007-06-28 Bce Inc. Wireless device authentication between different networks
EP1832998A1 (en) * 2006-03-07 2007-09-12 Hitachi, Ltd. Method of interfacing between electronic devices, method of operating a portable storage device, electronic device and electronic system
US7739197B2 (en) * 2006-10-05 2010-06-15 International Business Machines Corporation Guest limited authorization for electronic financial transaction cards
US7940673B2 (en) 2007-06-06 2011-05-10 Veedims, Llc System for integrating a plurality of modules using a power/data backbone network
US8303337B2 (en) 2007-06-06 2012-11-06 Veedims, Llc Hybrid cable for conveying data and power
US8046596B2 (en) * 2007-06-21 2011-10-25 Emc Corporation Reset-tolerant authentication device
GB2453924A (en) * 2007-09-27 2009-04-29 Vodafone Plc Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network
US8111145B2 (en) 2008-03-07 2012-02-07 Veedims, Llc Starter control and indicator system
USD638033S1 (en) 2008-03-07 2011-05-17 Ballard Claudio R Air intake assembly
US7856158B2 (en) 2008-03-07 2010-12-21 Ballard Claudio R Virtual electronic switch system
US20090260071A1 (en) * 2008-04-14 2009-10-15 Microsoft Corporation Smart module provisioning of local network devices
CN102090059A (en) * 2008-05-23 2011-06-08 克劳迪奥·R·巴拉德 System for remote control using a WAP-enabled device
USD662869S1 (en) 2010-06-01 2012-07-03 Ballard Claudio R Automotive wheel center nut
US8976541B2 (en) 2011-08-31 2015-03-10 Potens Ip Holdings Llc Electrical power and data distribution apparatus
US20130138716A1 (en) * 2011-11-28 2013-05-30 At&T Intellectual Property I, Lp Apparatus and method for providing activity monitoring and analysis
US20130282400A1 (en) * 2012-04-20 2013-10-24 Woundmatrix, Inc. System and method for uploading and authenticating medical images
US9178880B1 (en) * 2012-06-30 2015-11-03 Emc Corporation Gateway mediated mobile device authentication
US9250660B2 (en) 2012-11-14 2016-02-02 Laserlock Technologies, Inc. “HOME” button with integrated user biometric sensing and verification system for mobile device
US9485236B2 (en) 2012-11-14 2016-11-01 Verifyme, Inc. System and method for verified social network profile
US9774576B2 (en) * 2014-03-18 2017-09-26 Em Microelectronic-Marin S.A. Authentication by use of symmetric and asymmetric cryptography
JP6620883B2 (en) 2016-03-29 2019-12-18 株式会社リコー Service providing system, service delivery system, service providing method, and program
JP6638808B2 (en) 2016-03-29 2020-01-29 株式会社リコー Service providing system, service giving / receiving system, service providing method, and program
EP3438838A4 (en) * 2016-03-29 2019-03-13 Ricoh Company, Ltd. Service providing system, serving receiving system, service providing method and program
US11777942B2 (en) * 2020-12-08 2023-10-03 Transmit Security Ltd. Transfer of trust between authentication devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US6061346A (en) 1997-01-17 2000-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Secure access method, and associated apparatus, for accessing a private IP network
WO2000056105A1 (en) * 1999-03-17 2000-09-21 Sonera Smarttrust Oy Arrangement for secure communication and key distribution in a telecommunication system
WO2001017310A1 (en) * 1999-08-31 2001-03-08 Telefonaktiebolaget L M Ericsson (Publ) Gsm security for packet data networks
WO2001022760A1 (en) * 1999-09-17 2001-03-29 Nokia Corporation Control system comprising means for setting up a short distance second data transmitting connection to a wireless communication device in order to send an identification message

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
WO1995016238A1 (en) * 1993-12-06 1995-06-15 Telequip Corporation Secure computer memory card
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US5907815A (en) * 1995-12-07 1999-05-25 Texas Instruments Incorporated Portable computer stored removable mobile telephone
US5943423A (en) * 1995-12-15 1999-08-24 Entegrity Solutions Corporation Smart token system for secure electronic transactions and identification
DE19630920C1 (en) * 1996-07-31 1997-10-16 Siemens Ag Subscriber authentication and/or data encryption method
US5784463A (en) * 1996-12-04 1998-07-21 V-One Corporation Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
US5771292A (en) * 1997-04-25 1998-06-23 Zunquan; Liu Device and method for data integrity and authentication
EP0898397A2 (en) 1997-08-22 1999-02-24 Nokia Mobile Phones Ltd. Method for sending a secure communication in a telecommunications system
GB9800443D0 (en) 1998-01-10 1998-03-04 Ncipher Corp Limited Cryptographic token
FI980427A (en) * 1998-02-25 1999-08-26 Ericsson Telefon Ab L M Procedure, arrangement and device for verification
FR2785119B1 (en) 1998-10-27 2000-12-08 Gemplus Card Int METHOD AND SYSTEM FOR MANAGING RISK IN A MOBILE TELEPHONY NETWORK
US20020124176A1 (en) 1998-12-14 2002-09-05 Michael Epstein Biometric identification mechanism that preserves the integrity of the biometric information
JP4651197B2 (en) 1999-01-29 2011-03-16 ジェネラル・インストルメント・コーポレーション Certificate self-generation using a secure microprocessor in devices that transfer digital information
US6463534B1 (en) 1999-03-26 2002-10-08 Motorola, Inc. Secure wireless electronic-commerce system with wireless network domain
GB9914262D0 (en) 1999-06-18 1999-08-18 Nokia Mobile Phones Ltd WIM Manufacture certificate
US6993658B1 (en) * 2000-03-06 2006-01-31 April System Design Ab Use of personal communication devices for user authentication
US7310734B2 (en) * 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US20020141586A1 (en) * 2001-03-29 2002-10-03 Aladdin Knowledge Systems Ltd. Authentication employing the bluetooth communication protocol
US20040203800A1 (en) * 2002-10-24 2004-10-14 John Myhre System and method for content delivery using alternate data paths in a wireless network
US20040123152A1 (en) * 2002-12-18 2004-06-24 Eric Le Saint Uniform framework for security tokens

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US6061346A (en) 1997-01-17 2000-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Secure access method, and associated apparatus, for accessing a private IP network
WO2000056105A1 (en) * 1999-03-17 2000-09-21 Sonera Smarttrust Oy Arrangement for secure communication and key distribution in a telecommunication system
WO2001017310A1 (en) * 1999-08-31 2001-03-08 Telefonaktiebolaget L M Ericsson (Publ) Gsm security for packet data networks
WO2001022760A1 (en) * 1999-09-17 2001-03-29 Nokia Corporation Control system comprising means for setting up a short distance second data transmitting connection to a wireless communication device in order to send an identification message

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1323323A1 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006045663A1 (en) * 2004-10-21 2006-05-04 Siemens Aktiengesellschaft Mobile communication terminal comprising an authentication device, network system encompassing such a terminal, and authentication method
WO2006065002A1 (en) * 2004-12-17 2006-06-22 Electronics And Telecommunications Research Institute User authentication method in another network using digital signature made by mobile terminal
WO2006085169A1 (en) * 2005-01-12 2006-08-17 Nokia Corporation Method and apparatus for using generic authentication architecture procedures in personal computers
US8543814B2 (en) 2005-01-12 2013-09-24 Rpx Corporation Method and apparatus for using generic authentication architecture procedures in personal computers
WO2007073609A1 (en) 2005-12-29 2007-07-05 Axsionics Ag Security token and method for authentication of a user with the security token
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
EA012094B1 (en) * 2005-12-29 2009-08-28 Акссионикс Аг Security token and method for authentication of a user with the security token
US8341714B2 (en) 2005-12-29 2012-12-25 Axsionics Ag Security token and method for authentication of a user with the security token
US8885828B2 (en) 2008-01-25 2014-11-11 Qinetiq Limited Multi-community network with quantum key distribution
US8855316B2 (en) 2008-01-25 2014-10-07 Qinetiq Limited Quantum cryptography apparatus
US8650401B2 (en) 2008-01-25 2014-02-11 Qinetiq Limited Network having quantum key distribution
US9148225B2 (en) 2008-01-28 2015-09-29 Qinetiq Limited Optical transmitters and receivers for quantum key distribution
US8792791B2 (en) 2008-05-19 2014-07-29 Qinetiq Limited Multiplexed quantum key distribution
US8755525B2 (en) 2008-05-19 2014-06-17 Qinetiq Limited Quantum key distribution involving moveable key device
US8654979B2 (en) 2008-05-19 2014-02-18 Qinetiq Limited Quantum key device
US8639932B2 (en) 2008-10-27 2014-01-28 Qinetiq Limited Quantum key distribution
US8681982B2 (en) 2008-12-05 2014-03-25 Qinetiq Limited Method of establishing a quantum key for use between network nodes
US8762728B2 (en) 2008-12-05 2014-06-24 Qinetiq Limited Method of performing authentication between network nodes
US8749875B2 (en) 2008-12-08 2014-06-10 Qinetiq Limited Non-linear optical device
WO2010101476A1 (en) * 2009-03-02 2010-09-10 Encap As Method and computer program for generation and verification of otp between server and mobile device using multiple channels
US8683192B2 (en) 2009-09-29 2014-03-25 Qinetiq Methods and apparatus for use in quantum key distribution
US8887250B2 (en) * 2009-12-18 2014-11-11 Microsoft Corporation Techniques for accessing desktop applications using federated identity
US20110154465A1 (en) * 2009-12-18 2011-06-23 Microsoft Corporation Techniques for accessing desktop applications using federated identity
US9692595B2 (en) 2010-12-02 2017-06-27 Qinetiq Limited Quantum key distribution

Also Published As

Publication number Publication date
AU2001283949A1 (en) 2002-02-25
EP1323323A1 (en) 2003-07-02
US8165299B2 (en) 2012-04-24
US20060053281A1 (en) 2006-03-09
US20020034301A1 (en) 2002-03-21

Similar Documents

Publication Publication Date Title
US8165299B2 (en) Network authentication
US20020056044A1 (en) Security system
EP1807966B1 (en) Authentication method
RU2313916C2 (en) Method for acoustic two-factor authentication
US6075860A (en) Apparatus and method for authentication and encryption of a remote terminal over a wireless link
EP1095492B1 (en) Secure session connection set up based on the Wireless Application Protocol
US7366904B2 (en) Method for modifying validity of a certificate using biometric information in public key infrastructure-based authentication system
EP2481230B1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
MXPA06006588A (en) System and method of seeure information transfer.
US20020181701A1 (en) Method for cryptographing information
JP2002215582A (en) Method and device for authentication
US7865719B2 (en) Method for establishing the authenticity of the identity of a service user and device for carrying out the method
JP2004529595A (en) Method, communication system and communication device for ensuring security of data transmission
US20030076961A1 (en) Method for issuing a certificate using biometric information in public key infrastructure-based authentication system
JP3927142B2 (en) Remote control system and relay device
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices
GB2408129A (en) User authentication via short range communication from a portable device (eg a mobile phone)
US20100257366A1 (en) Method of authenticating a user
CN112020716A (en) Remote biometric identification
KR100858146B1 (en) Method for personal authentication using mobile and subscriber identify module and device thereof
US20080026727A1 (en) Method and Apparatus for User Authentication Using Infrared Communication of a Mobile Terminal
KR20010079161A (en) The equipment authentication and communication encryption key distribution method in a wireless local area network environments
GB2366139A (en) Network authentication
WO2001011817A2 (en) Network user authentication protocol
JP2002077143A (en) Validation method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2001962861

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001962861

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP