WO2003032667A2 - Authentication of a wireless device using a personal identification number - Google Patents

Authentication of a wireless device using a personal identification number Download PDF

Info

Publication number
WO2003032667A2
WO2003032667A2 PCT/CA2002/001529 CA0201529W WO03032667A2 WO 2003032667 A2 WO2003032667 A2 WO 2003032667A2 CA 0201529 W CA0201529 W CA 0201529W WO 03032667 A2 WO03032667 A2 WO 03032667A2
Authority
WO
WIPO (PCT)
Prior art keywords
wireless device
digital wireless
secret information
register
authenticator
Prior art date
Application number
PCT/CA2002/001529
Other languages
French (fr)
Other versions
WO2003032667A3 (en
Inventor
Thomas J. Mullen
Michael L. Mah Poy
Original Assignee
Wmode Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wmode Inc. filed Critical Wmode Inc.
Priority to AU2002333081A priority Critical patent/AU2002333081A1/en
Publication of WO2003032667A2 publication Critical patent/WO2003032667A2/en
Publication of WO2003032667A3 publication Critical patent/WO2003032667A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications

Definitions

  • the present invention relates to authenticating a subscriber on a public network.
  • the present invention relates to a system for authenticating the identity of a user using a mobile device, such as a cellular phone, to log in to an application provider.
  • each wireless device is assigned a unique wireless device identifier, which is reported to the network upon initialisation of the phone.
  • the cellular phone service provider can check this wireless device identifier to ensure that the wireless device has not been reported stolen.
  • Digital cellular services are designed to handle digital communications. Voice calls on a digital cellular network are packetised prior to transmission, and are transmitted as a series of binary representative packets. This allows digital cellular devices to interact with computers without the need for a modem. It also allows digital cellular devices to serve as digital wireless data stations.
  • So called wireless web functionality wherein cellular devices allow a user to browse a subset of internet web sites through a proxy server or directly if the web site offers wireless mark-up language (WML) services, are already commonly implemented.
  • Application providers such as wireless application service providers (WASPs), offer numerous services from stock pricing to sports scores. Additionally interactive services, such as banking transactions and stock trading can also be offered to users. These services are typically accessed through a data network that relies upon the transmission of data as packets. In many implementations the data is transmitted in packets conforming to the standards of the transmission control protocol/internet protocol (TCP/IP) suite.
  • TCP/IP transmission control protocol/internet protocol
  • a gateway such as a wireless application protocol (WAP) gateway, may be employed.
  • WAP wireless application protocol
  • Each digital wireless device such as a digital cellular telephone
  • this identifier is an electronic serial number, though when the digital wireless device is communicating with data servers it is typically an identifier uniquely associated with the electronic serial number.
  • the wireless device identifier can be discerned by a WASP through inspection of an incoming data request, and can be falsified by a computer with access to the WASP over a network. The data sent, in reply, by the WASP, is directed to the data network address of the computer that transmitted the packet, and not to a specific digital cellular phone.
  • an individual can falsify a wireless device identifier field and attempt to interact with the WASP, using discerned identification information, without the WASP knowing that an unauthorised access had been performed.
  • a WASP can create a user database containing the wireless device identifier associated with each registered user.
  • This database can associate a personal identification number (PIN) with each client id, so that a user can be recognised by the client id and still prompted for confirmation of identity.
  • PIN personal identification number
  • this provides a degree of certainty as to the identity of a user of a digital cellular device, such databases are subject to a number of data integrity and security issues as they are accessible to users of the network. Additionally, this solution creates problems for users who must manage a number of PINs for each WASP they use. This often leads users to select a single PIN for numerous services, which increases security risks for the user.
  • banking institutions are content to carry out their own authentication and billing, other financial services, or services associated with personal information, lack the infrastructure to either bill a client on a fee-per-transaction.
  • a gaming service that allows wireless online gaming and requires the ability to bill small amounts of money to a carrier billing system per session.
  • a stock monitoring service where a user does not carry out a transaction, but does require authentication of the user to protect the privacy of a user's portfolio, that would benefit from the ability to offer the same levels of security as the basic network requires.
  • AP application provider
  • WASP WASP
  • AP application provider
  • Providing such a reliable authentication is essential if the AP wants to bill its subscribers through the cellular service provider's billing system.
  • the cellular service provider requires assurance that a valid user logged in to an AP prior to permitting the AP to submit billing requests. This assurance is needed to prevent fraudulent APs from submitting invalid requests. At the present time, no suitable method exists for providing such an assurance save for AP and cellular service provider integration.
  • the present invention provides a method of authenticating the user of a digital wireless device at an application provider connected to an authenticator by a data network.
  • the digital wireless device has both an associated client identifier and associated secret information.
  • the authenticator is connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device.
  • the method consists of receiving, from the application provider, a request for authentication of the user of a digital wireless device.
  • the user of the digital wireless device is then requested to provide the secret information associated with the digital wireless device.
  • the requested secret information is then compared to the secret information stored in the connected register. If the received secret information and the secret information stored in the connected register are equivalent, authentication of the user of the digital cellular device is provided to the application provider.
  • the secret information is a personal identification number.
  • the register is a home location register and the personal identification number is a home location register personal identification number, while in other embodiments the register is either a visiting location register or a RADIUS server.
  • the further step of receiving a request for service containing the client identifier associated with the digital wireless device at the application provider prior to the step of receiving a request for authentication.
  • Alternate embodiments include the steps of requesting the client identifier of the digital wireless device, and receiving the client identifier of the digital wireless device prior to the step of requesting that the user of the digital wireless device provide the secret information.
  • the request for authentication includes the client identifier of the digital wireless device.
  • the secret information request and comparison are repeated, if the received secret information is not equivalent to the copy of the secret information stored in the connected register.
  • the present invention provides a system for authenticating a user of a digital wireless device.
  • the digital wireless device has a client identifier, and is connected to a digital wireless network having a register for storing a secret information associated with the client identifier.
  • An application provider is connected to both the digital wireless device and a data network.
  • the data network includes an authenticator, connected to both the register and the application provider.
  • the authenticator includes means to receive a request for authentication of a provided client identifier from the application provider.
  • the authenticator includes means for generating a request for a secret information, such as the home location register personal identification number or other personal identification number, from the digital wireless device associated with the provided client identifier, and means for receiving a response from the digital wireless device that contains the requested secret information.
  • the authenticator includes means to compare the secret information to a copy of the secret information stored in the connected register.
  • the authenticator also includes means to transmit an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent.
  • the data network such as the Internet
  • the data network uses a data protocol such as the TCP/IP suite.
  • the digital wireless device is connected to the application provider by the digital wireless network and the data network.
  • the authenticator is connected to the application provider by the data network.
  • the authenticator is connected to the register by either the data network, a connection using standard telephony protocols, or a secure private network.
  • the register is one of a home location register, a visiting location register or a RADIUS server.
  • the authenticator includes means for redirecting the digital wireless device to connect to the authenticator using only the digital wireless network, and means for redirecting the digital wireless device to reconnect to the application provider.
  • a method of obtaining non- repudiable authorisation for a transaction from a digital wireless device, having both an associated client identifier and associated secret information by an application provider, at an authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device comprising the steps of receiving a request for a non-repudiable transaction from the application provider, receiving a response from the digital wireless device, including the associated secret information and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device.
  • the request for a non- repudiable transaction includes the terms of the transaction.
  • the response from the digital wireless device includes indication of the agreement to the terms of the transaction.
  • Another embodiment of the present aspect of the invention includes the step of providing a non-repudiable transaction verification to the digital wireless device upon receiving agreement to the transaction from the digital wireless device.
  • Fig. 1 is an illustration of a prior art network connecting a cellular device on a roaming network to the HLR of its home network;
  • FIG. 2 is an illustration of a system of the present invention
  • Fig. 3 is an illustration of a system of the present invention employing a redirected
  • the present invention provides a method and system for data based authentication of a user as the valid user of a digital cellular device.
  • HLR home location register
  • the HLR is accessible to other carriers with whom the digital cellular service provider has roaming agreements.
  • a digital cellular service provider offering roaming service to a digital wireless device can create a visiting location register (VLR) entry.
  • VLR visiting location register
  • the visiting location register entry is populated with data from the subscriber's home HLR.
  • the HLR's account information details subscribed services, information regarding call-forwarding status, and other information such as a personal identification number, hereinafter referred to as the HLRPIN.
  • the HLRPIN is commonly used to activate, or de- activate, such features as call forwarding and do not disturb, as well as to login to user voicemail and carrier billing systems.
  • the transmission of the HLRPIN is commonly performed via a signalling system 7 (SS7) out of band transmission.
  • SS7 signalling system 7
  • One of skill in the art will appreciate the integration of the HLR in a network supporting SS7 is beneficial to the development of a wireless intelligent network.
  • FIG 1 the current state of the art regarding transmission of the HLRPIN is shown.
  • a roaming user activates a supplementary feature or modifies a profile on a visiting network the request is transmitted by a digital cellular device 100 and is received by base station 102 in the roaming network 104 as an out of band SS7 transmission. This is performed out of band to minimise the bandwidth of the communication, as out of band transmission use fewer resources than an actual call based connection.
  • the base station connects to the HLR on the cellular device's home network through the mobile switching center 106 and the visiting location register 108, to transmit the modification or supplementary service request. Included in the request is a mobile device identifier.
  • the request is routed to the home network 110 of the digital cellular device 100.
  • the home network 100 routes the connection request to the HLR 112.
  • the HLR 112 Upon receiving the request and mobile device identifier the HLR 112 transmits to the cellular device 100 a request to provide a password, the HLRPIN.
  • the HLRPIN is a value chosen by the user, usually four digits in length.
  • the HLR 112 Upon providing a valid HLRPIN the supplementary feature is enabled, and the HLR 112 notifies the VLR 114 to update the VLR profile and also sends confirmation to the cellular device 100.
  • standard telephone protocols such as the ANSI-41 HLR standard.
  • An HLR storing the HLRPIN, that is accessible to an authenticator used to authenticate users in a data environment, can provide a means to authenticate a user of a digital wireless device through a data network. Additionally other secured and trusted sources of personal identification numbers can be substituted for the HLR while remaining within the intended scope of the present invention.
  • the present invention seeks to obviate the problem of ensuring that a handset is in the possession of the authorised user.
  • FIG. 2 illustrates an embodiment of the system of the present invention where the application provider is a trusted identity relative to the carrier.
  • a digital wireless device 120 such as a digital cellular phone or other wireless device capable of data transmission, is connected to a digital wireless network 122.
  • Digital wireless device 120 has a uniquely associated client identifier (client id).
  • client id client identifier
  • secret information such as a personal identification number (PIN)- k 1
  • PIN personal identification number
  • digital wireless network 122 is a digital cellular network designed to allow data transmissions to and from terminal nodes such as digital wireless device 120.
  • Digital wireless network 122 is connected to data network 124 so as to allow connections to a variety of servers including application provider 126.
  • the connection between digital wireless network 122 and application provider (AP) 126 uses a data packet based protocol such as a component of the TCP/IP suite of networking protocols.
  • the data network based upon TCP/IP, is the Internet.
  • AP 126 provides data based services to digital wireless device 120 through conventional wireless data protocols.
  • the authenticator and HLR are normally resident within the secure network of the carrier.
  • AP 126 is connected, through data network 124 to an authenticator 130.
  • Authenticator 130 is a series of software applications running on computer hardware designed to compare information provided by digital wireless device 120 to information stored in an attached register 138, such as an HLR in a presently preferred embodiment.
  • Register 138 is a database application, running on computer hardware, that stores client identifiers and the personal identification number associated with each. If register 138 is an HLR, the personal identification number is the HLRPIN.
  • Authenticator 130 can be provided with a PIN by the user of the digital wireless device, which can then be compared to a PIN associated with the client id of the digital wireless device that is stored in the register 138. If the two values are equivalent, authenticator 130 generates an authentication message that it transmits to AP 126 containing information that the user of digital wireless device 120 has been authenticated and that service to digital wireless device 120 should be started.
  • Figure 2 additionally illustrates the flow of data between elements to perform the authentication.
  • the register is assumed to be an HLR, and the PIN is assumed to be the HLRPIN, though it could be other registers holding personal information hosted by a digital wireless network provider, including by not limited to the visiting location register.
  • Digital wireless device 120 is initialised on digital cellular network 122 using conventional means. Digital wireless device 120 then initiates a data call by connecting to data network 124, and through data network 124 to AP 126. The connection to AP 126 is initialized with a request for service 128.
  • this request for service includes the client id associated with digital wireless device 120, but if it does not, AP 126 can request the client id from digital wireless device 120 and await a reply from digital wireless device 120 prior to proceeding with the rest of the connection. Alternately AP 126 can redirect the digital wireless device 120 to authenticator 130, and request authenticator 130 to provide a client id for the digital wireless device 120.
  • Other elements of digital wireless network 122 could be used in place of authenticator 130, so long as the element is accessible to AP 126 and is capable of identifying the client id of digital wireless device 120.
  • AP 126 Upon receiving the client id, typically upon receipt of the request for service 128, AP 126 connects to authenticator 130 through data network 124, and requests authentication of the digital wireless device based upon the provided client id 132. Authenticator 130 responds by transmitting an prompt for the HLRPIN 134 to AP 126. The AP 126 transmits the prompt 134 to the digital cellular device 120 through data network 124 and digital wireless device 122. In response to the prompt for the HLRPIN 134, the user of digital wireless device 120 inputs the requested HLRPIN. The HLRPIN forms the authentication response 136 which digital wireless device 120 transmits to AP 126 through digital wireless network 122 and data network 124. AP 126 transmits the received response 136 to authenticator 130. Authenticator 130 compares the received response 136, which contains the HLRPIN, to an HLRPIN provided by the HLR 138.
  • authenticator 130 After transmitting the authentication prompt to AP 126, authenticator 130 requests the HLRPIN 140 associated with the client id, from the HLR 138. The HLR 138 replies to the authenticator 130 with its copy of the shared the HLRPIN 144. Communications between the HLR 138 and the authenticator 130 can use standard telephony protocols, or in a presently preferred embodiment can use data communication protocols, such as TCP/IP.
  • the authenticator 130 compares the two copies of the HLRPIN. If the two copies are equivalent then a message is transmitted to the AP 126 containing information about the successful authentication 144. AP 126 then can begin service 146 to the digital wireless device 120. If an incorrect HLRPIN is supplied, the authenticator 130 can inform AP 126 that an invalid login was attempted, and service can be denied by AP 126. Alternatively, authenticator 130 can repeat the request for the HLRPIN.
  • Figure 3 illustrates a further embodiment of the present invention where the application provider is not a trusted entity to the carrier.
  • the secret information such as the HLRPIN
  • the secret information is provided by the user of digital wireless device 120 to authenticator 130 through digital wireless network 122, bypassing data network 124 and AP 126. This is done to prevent AP 126 from gaining access to the HLRPIN.
  • the method operates in a similar manner to that illustrated in Figure 2, but after authenticator 130 receives authentication request 132, redirection instructions for the digital wireless device 120 are transmitted.
  • Redirect 148 requests that digital wireless device 120 connect through digital wireless network 122 and directly into authenticator 130.
  • authenticator 130 issues a prompt for the HLRPIN 152.
  • Prompt 152 can be presented directly by authenticator 130, and can contain additional requests for personal information or other identifiers from the user, if desired.
  • Response 136 including the HLRPIN, is then transmitted to authenticator 136.
  • authenticator 130 redirects digital wireless device 120 to AP 126, as shown by flow 154.
  • Digital wireless device 120 reconnects to AP 126, as shown by flow 156, and the rest of the method of Figure 2 is used to authenticate the HLRPIN and report the results to AP 126.
  • Response 136 can be transmitted through an internal' secure network.
  • push technology can be used to redirect the digital wireless device 120 to the authenticator 130.
  • authenticator 130 Upon receiving a request to authenticate the digital wireless device 120 from AP 126, authenticator 130 pushes a prompt to the digital wireless device 120, and receives a reply, at which point it informs AP of the authentication results.
  • connection between digital wireless network 122 and authenticator 130 can use a direct link using standard telephony based data protocols, or can use a data packet protocol, or be managed directly through data network 124.
  • encryption methods can be used, and are fully contemplated by the present invention. These include encryption of the HLRPP to provide security against eavesdropping or detection of the HLRPIN by a third party or by AP 126.
  • a clearinghouse can be employed to connect a plurality of application providers to a plurality of authenticators, particularly where there are a number of application providers, and a number of digital wireless networks with associated authenticators.
  • a clearinghouse can be regarded as an element of the data network 124.
  • a NLR is populated with the account information for a roaming user that is traditionally stored in the HLR.
  • the user of a digital wireless device can be authenticated by the authenticator of the roaming network using the information in the NLR, instead of being authenticated by the authenticator of the home network using the HLR.
  • authentication can be redirected to the home network. Preferably, such redirection will occur over a secure inter-carrier network.
  • the register which in a presently preferred embodiment is an HLR, is fulfilling the role of an secure database used to store and protect user identification and password information.
  • an HLR is fulfilling the role of an secure database used to store and protect user identification and password information.
  • One such possible substitution would be to replace the register with a RADIUS server.
  • the present invention permits authentication of a digital wireless device in both the telephony domain, using dual tone multiple frequency (DTMF) signals and SS7 transmission standards, and the data networking domain, using data packets and such standard protocols as those in the TCP/IP suite, using a single HLRPIN.
  • the acceptance of the HLRPIN as a method of authenticating the user can allow application providers to authenticate the user of a digital wireless device with carrier grade security. Because carriers are unwilling to allow application providers to bill users through carrier billing systems without a sufficient level of security, carrier grade security in the authentication of the user can remove an obstacle to allowing carrier billing for application provider services on a fee per use basis.
  • the cost of implementation is limited to a one time modification of the manner in which pre-existing HLRs interact within the network, and the manner in which authenticators interact with external networks.
  • the present invention can also be used to provide non-repudiation for transactions.
  • a prompt can be provided to digital wireless device 120 when a transaction is initiated by AP 126.
  • the transaction can be approved by entering the HLRPIN, which is then authenticated by authenticator 130.
  • a payment prompt can be provided to authenticator 130 and the digital wireless device 120 can be redirected to connect to authenticator 130 directly, whereupon it receives the transaction prompt and reply with the HLRPIN as above.
  • the redirection of the authentication can be effected by means similar to those used for authentication as illustrated in Figure 3.
  • the present invention provides a method of authenticating the user of a digital wireless device 100 at an application provider 108, without requiring the application provider 108 to maintain a database of user identification and password information. Additionally it provides the user of a digital wireless device 100 with the ability to access the services of numerous application providers with the same secret information used to verify identity. Due to the use of the client id as a part of the authentication it is possible for AP 108 to associate digital wireless device 100 with a particular user by default, negating the need for the user of digital wireless device 100 to key in a difficult user identification sequence.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and system for authenticating the user of a digital wireless device, such as a cellular phone, by an application provider using the home location register personal identification number, is disclosed herein. The home location register personal identification number, or another trusted personal identification number, is accessed by an authenticator at the request of the application provider and is compared to a personal identification number supplied by the user. All communications between the application provider and the authenticator are facilitated by data networking protocols.

Description

METHOD AND SYSTEM FOR REMOTE AUTHENTICATION OF A DIGITAL WIRELESS DEVICE USING A PERSONAL IDENTIFICATION NUMBER
FIELD OF THE INVENTION
The present invention relates to authenticating a subscriber on a public network. In particular, the present invention relates to a system for authenticating the identity of a user using a mobile device, such as a cellular phone, to log in to an application provider.
BACKGROUND OF THE INVENTION
In the field of wireless telecommunications, authentication of a user's identity is of fundamental concern. Three of the most substantial concerns regarding identity relate to whether or not the wireless device is legitimately identifying itself instead of reporting a false identification sequence, whether or not the handset is in the possession of the authorised user and generating an audit trail for billing purposes.
To facilitate the solution to the second problem, and to allow user billing, each wireless device is assigned a unique wireless device identifier, which is reported to the network upon initialisation of the phone. The cellular phone service provider can check this wireless device identifier to ensure that the wireless device has not been reported stolen. Thus the assumption is made that unless reported stolen, a phone is in the hands of an authorised user, and that until reporting the phone missing the user is responsible for all charges incurred. Digital cellular services are designed to handle digital communications. Voice calls on a digital cellular network are packetised prior to transmission, and are transmitted as a series of binary representative packets. This allows digital cellular devices to interact with computers without the need for a modem. It also allows digital cellular devices to serve as digital wireless data stations. So called wireless web functionality, wherein cellular devices allow a user to browse a subset of internet web sites through a proxy server or directly if the web site offers wireless mark-up language (WML) services, are already commonly implemented. Application providers (AP), such as wireless application service providers (WASPs), offer numerous services from stock pricing to sports scores. Additionally interactive services, such as banking transactions and stock trading can also be offered to users. These services are typically accessed through a data network that relies upon the transmission of data as packets. In many implementations the data is transmitted in packets conforming to the standards of the transmission control protocol/internet protocol (TCP/IP) suite. To translate between the wireless protocols of the network and the wired protocols of data networks, such as the Internet, a gateway, such as a wireless application protocol (WAP) gateway, may be employed.
These wireless application service providers typically require some form of user or device identification to provide customised access and to select the corresponding account information. Each digital wireless device, such as a digital cellular telephone, can be provided a unique wireless device identifier that is used by the network to identify the device. In many instances this identifier is an electronic serial number, though when the digital wireless device is communicating with data servers it is typically an identifier uniquely associated with the electronic serial number. The wireless device identifier can be discerned by a WASP through inspection of an incoming data request, and can be falsified by a computer with access to the WASP over a network. The data sent, in reply, by the WASP, is directed to the data network address of the computer that transmitted the packet, and not to a specific digital cellular phone. Thus an individual can falsify a wireless device identifier field and attempt to interact with the WASP, using discerned identification information, without the WASP knowing that an unauthorised access had been performed.
A WASP, or other content provider, can create a user database containing the wireless device identifier associated with each registered user. This database can associate a personal identification number (PIN) with each client id, so that a user can be recognised by the client id and still prompted for confirmation of identity. Though this provides a degree of certainty as to the identity of a user of a digital cellular device, such databases are subject to a number of data integrity and security issues as they are accessible to users of the network. Additionally, this solution creates problems for users who must manage a number of PINs for each WASP they use. This often leads users to select a single PIN for numerous services, which increases security risks for the user. Because it is not possible for a WASP to ensure that the user using the service is the authorised user, forming fee per use billing arrangements with cellular service providers is difficult. Though banking institutions are content to carry out their own authentication and billing, other financial services, or services associated with personal information, lack the infrastructure to either bill a client on a fee-per-transaction. One such example is a gaming service that allows wireless online gaming and requires the ability to bill small amounts of money to a carrier billing system per session. Another example is a stock monitoring service, where a user does not carry out a transaction, but does require authentication of the user to protect the privacy of a user's portfolio, that would benefit from the ability to offer the same levels of security as the basic network requires.
One of the greatest challenges to an application provider (AP), such as a WASP, is obtaining a reliable authentication of the user to prove to a cellular service provider that a login was performed by a given user. Providing such a reliable authentication is essential if the AP wants to bill its subscribers through the cellular service provider's billing system.
In addition, the cellular service provider requires assurance that a valid user logged in to an AP prior to permitting the AP to submit billing requests. This assurance is needed to prevent fraudulent APs from submitting invalid requests. At the present time, no suitable method exists for providing such an assurance save for AP and cellular service provider integration.
It is, therefore, desirable to provide a method and system for a data based authentication of a user as the valid user of a digital cellular device through use of a single PIN for voice and data services.
SUMMARY OF THE INVENTION
It is an object of the present invention to obviate or mitigate at least one disadvantage of previous systems and methods for authenticating the user as the valid user of a digital wireless device.
In a first aspect, the present invention provides a method of authenticating the user of a digital wireless device at an application provider connected to an authenticator by a data network. The digital wireless device has both an associated client identifier and associated secret information. The authenticator is connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device. The method consists of receiving, from the application provider, a request for authentication of the user of a digital wireless device. The user of the digital wireless device is then requested to provide the secret information associated with the digital wireless device. The requested secret information is then compared to the secret information stored in the connected register. If the received secret information and the secret information stored in the connected register are equivalent, authentication of the user of the digital cellular device is provided to the application provider. In an embodiment of the first aspect of the present invention, the secret information is a personal identification number. In another embodiment of the first aspect of the present invention, the register is a home location register and the personal identification number is a home location register personal identification number, while in other embodiments the register is either a visiting location register or a RADIUS server. In a further embodiment of the present invention there is included the further step of receiving a request for service containing the client identifier associated with the digital wireless device at the application provider prior to the step of receiving a request for authentication. Alternate embodiments include the steps of requesting the client identifier of the digital wireless device, and receiving the client identifier of the digital wireless device prior to the step of requesting that the user of the digital wireless device provide the secret information. In another embodiment of the present invention the request for authentication includes the client identifier of the digital wireless device. In a further embodiment of the present invention, the secret information request and comparison are repeated, if the received secret information is not equivalent to the copy of the secret information stored in the connected register.
In a further aspect, the present invention provides a system for authenticating a user of a digital wireless device. The digital wireless device has a client identifier, and is connected to a digital wireless network having a register for storing a secret information associated with the client identifier. An application provider is connected to both the digital wireless device and a data network. The data network includes an authenticator, connected to both the register and the application provider. The authenticator includes means to receive a request for authentication of a provided client identifier from the application provider. The authenticator includes means for generating a request for a secret information, such as the home location register personal identification number or other personal identification number, from the digital wireless device associated with the provided client identifier, and means for receiving a response from the digital wireless device that contains the requested secret information. The authenticator includes means to compare the secret information to a copy of the secret information stored in the connected register. The authenticator also includes means to transmit an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent. In embodiments of the system of the present invention, the data network, such as the Internet, uses a data protocol such as the TCP/IP suite. In further embodiments of this aspect of the present invention, the digital wireless device is connected to the application provider by the digital wireless network and the data network. In another embodiment of the present invention the authenticator is connected to the application provider by the data network. In alternate embodiments, the authenticator is connected to the register by either the data network, a connection using standard telephony protocols, or a secure private network. In yet another embodiment, the register is one of a home location register, a visiting location register or a RADIUS server. In an alternate embodiment the authenticator includes means for redirecting the digital wireless device to connect to the authenticator using only the digital wireless network, and means for redirecting the digital wireless device to reconnect to the application provider.
In a third aspect of the present invention there is provided a method of obtaining non- repudiable authorisation for a transaction from a digital wireless device, having both an associated client identifier and associated secret information by an application provider, at an authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of receiving a request for a non-repudiable transaction from the application provider, receiving a response from the digital wireless device, including the associated secret information and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device. In an embodiment of the third aspect of the present invention, the request for a non- repudiable transaction includes the terms of the transaction. In another embodiment of the third aspect of the present invention the response from the digital wireless device includes indication of the agreement to the terms of the transaction. Another embodiment of the present aspect of the invention includes the step of providing a non-repudiable transaction verification to the digital wireless device upon receiving agreement to the transaction from the digital wireless device. Upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures, other aspects and features of the present invention will become apparent to those of skill in the art.
BRIEF DESCRIPTION OF THE DRAWINGS Embodiments of the present invention will now be described, by way of example only, with reference to the attached Figures, wherein:
Fig. 1 is an illustration of a prior art network connecting a cellular device on a roaming network to the HLR of its home network;
Fig. 2 is an illustration of a system of the present invention; and Fig. 3 is an illustration of a system of the present invention employing a redirected
HLRPIN transmission.
DETAILED DESCRIPTION
Generally, the present invention provides a method and system for data based authentication of a user as the valid user of a digital cellular device. Currently all digital cellular service providers provide support for a home location register (HLR). The HLR is accessible to other carriers with whom the digital cellular service provider has roaming agreements. To facilitate modifying services, or sharing of accounting information for a user account, a digital cellular service provider offering roaming service to a digital wireless device can create a visiting location register (VLR) entry. Typically the visiting location register entry is populated with data from the subscriber's home HLR.
The HLR's account information details subscribed services, information regarding call-forwarding status, and other information such as a personal identification number, hereinafter referred to as the HLRPIN. The HLRPIN is commonly used to activate, or de- activate, such features as call forwarding and do not disturb, as well as to login to user voicemail and carrier billing systems.
The transmission of the HLRPIN is commonly performed via a signalling system 7 (SS7) out of band transmission. One of skill in the art will appreciate the integration of the HLR in a network supporting SS7 is beneficial to the development of a wireless intelligent network. Referring to Figure 1, the current state of the art regarding transmission of the HLRPIN is shown. When a roaming user activates a supplementary feature or modifies a profile on a visiting network the request is transmitted by a digital cellular device 100 and is received by base station 102 in the roaming network 104 as an out of band SS7 transmission. This is performed out of band to minimise the bandwidth of the communication, as out of band transmission use fewer resources than an actual call based connection. The base station connects to the HLR on the cellular device's home network through the mobile switching center 106 and the visiting location register 108, to transmit the modification or supplementary service request. Included in the request is a mobile device identifier. The request is routed to the home network 110 of the digital cellular device 100. The home network 100 routes the connection request to the HLR 112. Upon receiving the request and mobile device identifier the HLR 112 transmits to the cellular device 100 a request to provide a password, the HLRPIN. Typically the HLRPIN is a value chosen by the user, usually four digits in length. Upon providing a valid HLRPIN the supplementary feature is enabled, and the HLR 112 notifies the VLR 114 to update the VLR profile and also sends confirmation to the cellular device 100.
All communication, between the base station 102 and the cellular device 100, is performed in an encrypted out of band channel, while all other communication is performed using standard telephone protocols such as the ANSI-41 HLR standard. Thus, carriers have established the HLR 112 as valid proof of identity when simple possession of digital cellular device 100 is insufficient.
Carriers already recognize the HLRPIN as a method of authenticating the user of the digital wireless device, while other means are employed to authenticate the actual digital wireless device. An HLR, storing the HLRPIN, that is accessible to an authenticator used to authenticate users in a data environment, can provide a means to authenticate a user of a digital wireless device through a data network. Additionally other secured and trusted sources of personal identification numbers can be substituted for the HLR while remaining within the intended scope of the present invention. Of the aforementioned three substantial concerns, the present invention seeks to obviate the problem of ensuring that a handset is in the possession of the authorised user.
Figure 2 illustrates an embodiment of the system of the present invention where the application provider is a trusted identity relative to the carrier. A digital wireless device 120, such as a digital cellular phone or other wireless device capable of data transmission, is connected to a digital wireless network 122. Digital wireless device 120 has a uniquely associated client identifier (client id). Associated with the client id is secret information such as a personal identification number (PIN)- k1 a presently preferred embodiment the secret information is the HLRPIN. Typically, digital wireless network 122 is a digital cellular network designed to allow data transmissions to and from terminal nodes such as digital wireless device 120. Digital wireless network 122 is connected to data network 124 so as to allow connections to a variety of servers including application provider 126. The connection between digital wireless network 122 and application provider (AP) 126 uses a data packet based protocol such as a component of the TCP/IP suite of networking protocols. In one embodiment the data network, based upon TCP/IP, is the Internet. AP 126 provides data based services to digital wireless device 120 through conventional wireless data protocols. The authenticator and HLR are normally resident within the secure network of the carrier. In order to authenticate the user of digital wireless device 120, AP 126 is connected, through data network 124 to an authenticator 130. Authenticator 130 is a series of software applications running on computer hardware designed to compare information provided by digital wireless device 120 to information stored in an attached register 138, such as an HLR in a presently preferred embodiment. Register 138 is a database application, running on computer hardware, that stores client identifiers and the personal identification number associated with each. If register 138 is an HLR, the personal identification number is the HLRPIN. Authenticator 130 can be provided with a PIN by the user of the digital wireless device, which can then be compared to a PIN associated with the client id of the digital wireless device that is stored in the register 138. If the two values are equivalent, authenticator 130 generates an authentication message that it transmits to AP 126 containing information that the user of digital wireless device 120 has been authenticated and that service to digital wireless device 120 should be started.
Figure 2 additionally illustrates the flow of data between elements to perform the authentication. For the purpose of the following example, the register is assumed to be an HLR, and the PIN is assumed to be the HLRPIN, though it could be other registers holding personal information hosted by a digital wireless network provider, including by not limited to the visiting location register. Digital wireless device 120 is initialised on digital cellular network 122 using conventional means. Digital wireless device 120 then initiates a data call by connecting to data network 124, and through data network 124 to AP 126. The connection to AP 126 is initialized with a request for service 128. Typically this request for service includes the client id associated with digital wireless device 120, but if it does not, AP 126 can request the client id from digital wireless device 120 and await a reply from digital wireless device 120 prior to proceeding with the rest of the connection. Alternately AP 126 can redirect the digital wireless device 120 to authenticator 130, and request authenticator 130 to provide a client id for the digital wireless device 120. Other elements of digital wireless network 122 could be used in place of authenticator 130, so long as the element is accessible to AP 126 and is capable of identifying the client id of digital wireless device 120.
Upon receiving the client id, typically upon receipt of the request for service 128, AP 126 connects to authenticator 130 through data network 124, and requests authentication of the digital wireless device based upon the provided client id 132. Authenticator 130 responds by transmitting an prompt for the HLRPIN 134 to AP 126. The AP 126 transmits the prompt 134 to the digital cellular device 120 through data network 124 and digital wireless device 122. In response to the prompt for the HLRPIN 134, the user of digital wireless device 120 inputs the requested HLRPIN. The HLRPIN forms the authentication response 136 which digital wireless device 120 transmits to AP 126 through digital wireless network 122 and data network 124. AP 126 transmits the received response 136 to authenticator 130. Authenticator 130 compares the received response 136, which contains the HLRPIN, to an HLRPIN provided by the HLR 138.
After transmitting the authentication prompt to AP 126, authenticator 130 requests the HLRPIN 140 associated with the client id, from the HLR 138. The HLR 138 replies to the authenticator 130 with its copy of the shared the HLRPIN 144. Communications between the HLR 138 and the authenticator 130 can use standard telephony protocols, or in a presently preferred embodiment can use data communication protocols, such as TCP/IP. When the response 136, containing the user input HLRPIN, arrives from digital wireless device 120, the authenticator 130 compares the two copies of the HLRPIN. If the two copies are equivalent then a message is transmitted to the AP 126 containing information about the successful authentication 144. AP 126 then can begin service 146 to the digital wireless device 120. If an incorrect HLRPIN is supplied, the authenticator 130 can inform AP 126 that an invalid login was attempted, and service can be denied by AP 126. Alternatively, authenticator 130 can repeat the request for the HLRPIN.
Figure 3 illustrates a further embodiment of the present invention where the application provider is not a trusted entity to the carrier. The secret information, such as the HLRPIN, is provided by the user of digital wireless device 120 to authenticator 130 through digital wireless network 122, bypassing data network 124 and AP 126. This is done to prevent AP 126 from gaining access to the HLRPIN. The method operates in a similar manner to that illustrated in Figure 2, but after authenticator 130 receives authentication request 132, redirection instructions for the digital wireless device 120 are transmitted. Redirect 148 requests that digital wireless device 120 connect through digital wireless network 122 and directly into authenticator 130. Upon receiving a connection from digital wireless device 120 authenticator 130 issues a prompt for the HLRPIN 152. Prompt 152 can be presented directly by authenticator 130, and can contain additional requests for personal information or other identifiers from the user, if desired. Response 136, including the HLRPIN, is then transmitted to authenticator 136. Upon receiving response 136, authenticator 130 redirects digital wireless device 120 to AP 126, as shown by flow 154. Digital wireless device 120 reconnects to AP 126, as shown by flow 156, and the rest of the method of Figure 2 is used to authenticate the HLRPIN and report the results to AP 126. Response 136 can be transmitted through an internal' secure network. In an alternate embodiment, push technology can be used to redirect the digital wireless device 120 to the authenticator 130. Upon receiving a request to authenticate the digital wireless device 120 from AP 126, authenticator 130 pushes a prompt to the digital wireless device 120, and receives a reply, at which point it informs AP of the authentication results. It will be apparent to one of skill in the art that the connection between digital wireless network 122 and authenticator 130 can use a direct link using standard telephony based data protocols, or can use a data packet protocol, or be managed directly through data network 124. Those of skill in the art will appreciate that a variety of encryption methods can be used, and are fully contemplated by the present invention. These include encryption of the HLRPP to provide security against eavesdropping or detection of the HLRPIN by a third party or by AP 126.
Additionally a clearinghouse can be employed to connect a plurality of application providers to a plurality of authenticators, particularly where there are a number of application providers, and a number of digital wireless networks with associated authenticators. Such a clearinghouse, not shown, can be regarded as an element of the data network 124. In present wireless infrastructures, a NLR is populated with the account information for a roaming user that is traditionally stored in the HLR. Thus, while roaming, the user of a digital wireless device can be authenticated by the authenticator of the roaming network using the information in the NLR, instead of being authenticated by the authenticator of the home network using the HLR. In embodiments with clearinghouses as elements of data network 124, authentication can be redirected to the home network. Preferably, such redirection will occur over a secure inter-carrier network.
It will be evident to one of skill in the art that the register, which in a presently preferred embodiment is an HLR, is fulfilling the role of an secure database used to store and protect user identification and password information. As a result it would be possible to substitute a number of similar systems in the place of the register without departing from the scope of the present invention. One such possible substitution would be to replace the register with a RADIUS server.
The present invention permits authentication of a digital wireless device in both the telephony domain, using dual tone multiple frequency (DTMF) signals and SS7 transmission standards, and the data networking domain, using data packets and such standard protocols as those in the TCP/IP suite, using a single HLRPIN. The acceptance of the HLRPIN as a method of authenticating the user can allow application providers to authenticate the user of a digital wireless device with carrier grade security. Because carriers are unwilling to allow application providers to bill users through carrier billing systems without a sufficient level of security, carrier grade security in the authentication of the user can remove an obstacle to allowing carrier billing for application provider services on a fee per use basis. The cost of implementation is limited to a one time modification of the manner in which pre-existing HLRs interact within the network, and the manner in which authenticators interact with external networks. The present invention can also be used to provide non-repudiation for transactions.
A prompt can be provided to digital wireless device 120 when a transaction is initiated by AP 126. The transaction can be approved by entering the HLRPIN, which is then authenticated by authenticator 130. Alternatively, a payment prompt can be provided to authenticator 130 and the digital wireless device 120 can be redirected to connect to authenticator 130 directly, whereupon it receives the transaction prompt and reply with the HLRPIN as above. The redirection of the authentication can be effected by means similar to those used for authentication as illustrated in Figure 3.
The system and method described above, require no drastic changes to current digital wireless network topology, and as such provide an affordable and incremental solution. Additionally the present invention provides a method of authenticating the user of a digital wireless device 100 at an application provider 108, without requiring the application provider 108 to maintain a database of user identification and password information. Additionally it provides the user of a digital wireless device 100 with the ability to access the services of numerous application providers with the same secret information used to verify identity. Due to the use of the client id as a part of the authentication it is possible for AP 108 to associate digital wireless device 100 with a particular user by default, negating the need for the user of digital wireless device 100 to key in a difficult user identification sequence.
The above-described embodiments of the present invention are intended to be examples only. Alterations, modifications and variations may be effected to the particular embodiments by those of skill in the art without departing from the scope of the invention, which is defined solely by the claims appended hereto.

Claims

What is claimed is:
1. A method of authenticating the user of a digital wireless device, having both an associated client identifier and associated secret information, at an application provider connected to an authenticator by a data network, said authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of: receiving, from the application provider, a request for authentication of the user of a digital wireless device; requesting that the user of the digital wireless device provide the secret information associated with the digital wireless device; receiving, from the digital wireless device, the requested secret information; comparing the received secret information to the copy of the secret information stored in the connected register; and providing authentication of the user of the digital cellular device to the application provider when the received secret information and the secret information stored in the connected register are equivalent.
2. The method, as in claim 1, wherein the secret information is a personal identification number.
3. The method, as in claim 1, wherein the register is a home location register.
4. The method, as in claim 3, wherein the secret information is a home location register personal identification number.
5. The method, as in claim 1, wherein the register is a visiting location register.
6. The method, as in claim 1, wherein the register is a RADIUS server.
7. The method, as in claim 1, further including the step of receiving a request for service containing the client identifier associated with the digital wireless device at the application provider prior to the step of receiving a request for authentication.
8. The method, as in claim 1, wherein the request for authentication includes the client identifier of the digital wireless device.
9. The method, as in claim 1, further including the steps of requesting the client identifier of the digital wireless device, and receiving the client identifier of the digital wireless device prior to the step of requesting that the user of the digital wireless device provide the secret information.
10. The method, as in claim 1, wherein the steps of requesting the secret information, receiving the requested secret information and comparing the received secret information to the copy of the secret information stored in the connected register are repeated if the received secret information is not equivalent to the copy of the secret information stored in the connected register.
11. The method, as in claim 1, further including the step of requesting that the digital wireless device be redirected to connect to the authenticator using only the digital wireless network following to the step of receiving a request for authentication of the user of the digital wireless device.
12. The method, as in claim 11, further including the step of requesting that the digital wireless device reconnect to the application provider following the step of receiving the requested secret information.
13. A system for authenticating a user of a digital wireless device having a client identifier, the digital wireless device connected to a digital wireless network having a register for storing secret information associated with the client identifier, at an application provider connected to the digital wireless device and connected to a data network, comprising: an authenticator, connected to the register, and connected to the application provider, for receiving from the application provider a request for authentication of a provided client identifier, for generating a request for the secret information for the digital wireless device associated with the provided client identifier, for receiving from the digital wireless device a response containing the secret information, for comparing the received secret information to the secret information stored in the connected register, and for transmitting an authentication message to the application provider if the provided secret information and the stored copy of the secret information are equivalent.
14. The system, as in claim 13, wherein the data network is the Internet.
15. The system, as in claim 13, wherein the secret information is a personal identification number.
16. The system, as in claim 13, wherein the data network uses a protocol from the transmission control protocol/internet protocol suite.
17. The system, as in claim 13, wherein the digital wireless device is connected to the application provider by the digital wireless network and the data network.
18. The system, as in claim 13, wherein the application provider is connected to the authenticator by the data network.
19. The system, as in claim 13, wherein the authenticator is connected to the register by the data network.
20. The system, as in claim 13, wherein the authenticator is connected to the register by a connection using standard telephony protocols.
21. The system, as in claim 13, wherein the authenticator is connected to the register by a secure private network.
22. The system, as in claim 13, wherein the register is a home location register.
23. The system, as in claim 13, wherein the register is a visiting location register.
24. The system, as in claim 13, wherein the register is a RADIUS server.
25. The system, as in claim 13, wherein the authenticator includes means for redirecting the digital wireless device to connect to the authenticator using only the digital wireless network, and means for redirecting the digital wireless device to reconnect to the application provider.
26. The system, as in claim 13, wherein the authenticator includes means for pushing the generated request to the digital wireless device using only the digital wireless network.
27. A method of obtaining non-repudiable authorisation for a transaction from a digital wireless device, having both an associated client identifier and associated secret information by an application provider, at an authenticator connected to a register having a copy of the secret information associated with both the client identifier and the digital wireless device, comprising the steps of receiving a request for a non-repudiable transaction from the application provider; receiving a response from the digital wireless device, including the associated secret information; and providing a non-repudiable transaction verification to the application provider upon receiving agreement to the transaction from the digital wireless device.
28. The method, as in claim 27, wherein the request for a non-repudiable transaction includes the terms of the transaction.
29. The method, as in claim 27, wherein the response from the digital wireless device includes indication of the agreement to the terms of the transaction.
30. The method, as in claim 27, further including the step of providing a non- repudiable transaction verification to the digital wireless device upon receiving agreement to the transaction from the digital wireless device.
PCT/CA2002/001529 2001-10-12 2002-10-11 Authentication of a wireless device using a personal identification number WO2003032667A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002333081A AU2002333081A1 (en) 2001-10-12 2002-10-11 Authentication of a wireless device using a personal identification number

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CA002358732A CA2358732A1 (en) 2001-10-12 2001-10-12 Method and system for remote authentication of a digital wireless device using a personal identification number
CA2,358,732 2001-10-12

Publications (2)

Publication Number Publication Date
WO2003032667A2 true WO2003032667A2 (en) 2003-04-17
WO2003032667A3 WO2003032667A3 (en) 2003-09-04

Family

ID=4170228

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2002/001529 WO2003032667A2 (en) 2001-10-12 2002-10-11 Authentication of a wireless device using a personal identification number

Country Status (3)

Country Link
AU (1) AU2002333081A1 (en)
CA (1) CA2358732A1 (en)
WO (1) WO2003032667A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011008140A1 (en) * 2009-07-14 2011-01-20 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for verification of a telephone number

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000002406A2 (en) * 1998-07-07 2000-01-13 Nokia Networks Oy System and method for authentication in a mobile communications system
WO2000067446A1 (en) * 1999-05-03 2000-11-09 Nokia Corporation SIM BASED AUTHENTICATION MECHANISM FOR DHCRv4/v6 MESSAGES
WO2001041470A2 (en) * 1999-12-03 2001-06-07 Qualcomm Incorporated Method and apparatus for authentication in a wireless telecommunications system
WO2001054438A1 (en) * 2000-01-18 2001-07-26 Microinspection, Inc. Authentication method using cellular phone in internet
WO2001076134A1 (en) * 2000-03-31 2001-10-11 Nokia Corporation Authentication in a packet data network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000002406A2 (en) * 1998-07-07 2000-01-13 Nokia Networks Oy System and method for authentication in a mobile communications system
WO2000067446A1 (en) * 1999-05-03 2000-11-09 Nokia Corporation SIM BASED AUTHENTICATION MECHANISM FOR DHCRv4/v6 MESSAGES
WO2001041470A2 (en) * 1999-12-03 2001-06-07 Qualcomm Incorporated Method and apparatus for authentication in a wireless telecommunications system
WO2001054438A1 (en) * 2000-01-18 2001-07-26 Microinspection, Inc. Authentication method using cellular phone in internet
WO2001076134A1 (en) * 2000-03-31 2001-10-11 Nokia Corporation Authentication in a packet data network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011008140A1 (en) * 2009-07-14 2011-01-20 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for verification of a telephone number
US8655313B2 (en) 2009-07-14 2014-02-18 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for verification of a telephone number
US8874110B2 (en) 2009-07-14 2014-10-28 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for verification of a telephone number

Also Published As

Publication number Publication date
AU2002333081A1 (en) 2003-04-22
WO2003032667A3 (en) 2003-09-04
CA2358732A1 (en) 2003-04-12

Similar Documents

Publication Publication Date Title
US8315593B2 (en) Method for billing in a telecommunications network
CA2530891C (en) Apparatus and method for a single sign-on authentication through a non-trusted access network
US7860800B2 (en) Policy control and billing support for call transfer in a session initiation protocol (SIP) network
CN101069402B (en) Method and system for transparently authenticating a mobile user to access web services
US7865173B2 (en) Method and arrangement for authentication procedures in a communication network
US20090282467A1 (en) Method and system for controlling access to networks
KR20000071518A (en) Method and System Facilitating Web Based Provisioning of Two-way Mobile Communications Devices
US20050120202A1 (en) Use of a public key key pair in the terminal for authentication and authorization of the telecommunication user with the network operator and business partners
KR20100038990A (en) Apparatus and method of secrity authenticate in network authenticate system
US20130183934A1 (en) Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device
WO2000044130A1 (en) A method, system and arrangement for providing services on the internet
RU2253187C2 (en) System and method for local provision of meeting specified regulations for internet service providers
EP1320236A1 (en) Access control for network services for authenticating a user via separate link
EP1961149B1 (en) Method for securely associating data with http and https sessions
US20020042820A1 (en) Method of establishing access from a terminal to a server
KR20060094453A (en) Authentication method for pay-per-use service using eap and system thereof
WO2003032667A2 (en) Authentication of a wireless device using a personal identification number
FI115284B (en) Method and arrangement for terminal authentication
CA2358801A1 (en) Authentication and non-repudiation of a subscriber on a public network through redirection
KR20050077976A (en) A method for providing session information for wireless data service and a system for enabling the method
WO2024100677A1 (en) A system for lora based lightweight blockchain financial network for offline payments and method thereof
KR20030039033A (en) Wireless internet fee service billing method
AU2002250388A1 (en) A method for billing in a telecommunications network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CH CN CO CR CU CZ DE DK DZ EC EE ES FI GB GD GE GH GM HR ID IL IN IS JP KE KG KP KR KZ LC LK LS LT LU LV MA MD MG MK MN MW MZ NO NZ OM PH PL PT RO RU SD SE SI SK SL TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP