WO2007114710A2 - A method and device for sim based authentification in ip networks - Google Patents

A method and device for sim based authentification in ip networks Download PDF

Info

Publication number
WO2007114710A2
WO2007114710A2 PCT/NO2007/000124 NO2007000124W WO2007114710A2 WO 2007114710 A2 WO2007114710 A2 WO 2007114710A2 NO 2007000124 W NO2007000124 W NO 2007000124W WO 2007114710 A2 WO2007114710 A2 WO 2007114710A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
service
gateway
sim card
Prior art date
Application number
PCT/NO2007/000124
Other languages
French (fr)
Other versions
WO2007114710A3 (en
Inventor
Thanh Van Do
Ivar JØRSTAD
Original Assignee
Telenor Asa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telenor Asa filed Critical Telenor Asa
Publication of WO2007114710A2 publication Critical patent/WO2007114710A2/en
Publication of WO2007114710A3 publication Critical patent/WO2007114710A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation

Definitions

  • the present invention relates to the use of Internet services, and in particular an improved method for authenticating users when logging in to Internet services.
  • Figure 1 illustrates the primary problem area.
  • a user accesses several services provided by different service providers through different terminals (e.g. a cellular phone, a PDA, a laptop computer or a stationary PC).
  • terminals e.g. a cellular phone, a PDA, a laptop computer or a stationary PC.
  • the user is required to authenticate himself towards most services, i.e., to provide proofs that he really is who he claims to be.
  • PKI Public Key Infrastructure
  • OTP One-Time Password
  • Smart Card authentication can be based on both PKI and OTP.
  • the strength is increased by introducing a physical token.
  • the username/password solution can be sufficient for many types of services, but there are several problems with it:
  • This invention alleviates all the challenges with known authentication solutions discussed above.
  • Fig. 1 is a schematic diagram showing a user accessing several services on the Internet
  • Fig. 2 is a diagram showing the overall architecture of the inventive system
  • Fig. 3 is a sequence diagram illustrating an authentication process according to the present invention
  • This invention relates to authenticating users towards Internet services, using their SIM card as an authentication token, and reusing the existing authentication infrastructure of GSM networks.
  • the innovation lies in the method that allows the authentication of subscribers from different GSM operators through a centralized authentication point towards their home network, thus maximizing the potential user base of the authentication service, which is crucial for the adoption of the authentication service by service providers.
  • This invention enables strong authentication of users for Internet services using the GSM [2] authentication mechanism, and it can be used for users having subscription at different GSM operators.
  • a user that wants to access Internet services from a terminal (such as a cellular phone, PDA, laptop PC or stationary PC), to authenticate using a cellular phone (or another SIM reader) to authenticate towards his home GSM operator, no matter where in the world the user is currently located. For example, when travelling and surfing the Web on an Internet cafe, it will still be possible for a user to authenticate towards services using his cellular phone, even if there is no GSM network coverage in the current location. The authentication will proceed all the way towards the Home Location Register (HLR) of the home GSM operator.
  • HLR Home Location Register
  • a mobile network gateway which acts as a Visitor Location Register (VLR), and forwards, based on the user identity, IMSI (International Mobile Subscriber Identity) authentication requests towards the appropriate HLR.
  • VLR Visitor Location Register
  • GSM phones already include a SIM (Subscriber Identity Module) card such a terminal can be used in the authentication process. Services can either be delivered directly to the cellular phone, or the cellular phone can be used to authenticate services accessed through a second terminal. The second terminal will then communicate further towards the authentication mechanisms implemented as a distributed function in the Internet.
  • SIM Subscriber Identity Module
  • a SIM card in a specialised Smart Card reader, i.e., a SIM reader, connected to the terminal either using USB or PCCARD. It is also possible to use a 3G PCMCIA datacard, which already embeds a SIM, in the authentication process.
  • the terminal is a device with an Internet connection (wired or wireless), and it can be either a cellular phone, PDA, laptop PC or stationary PC or any other terminal with such connection.
  • the Authenticator has service level agreement with Service Providers, and may be responsible for carrying out the authentication procedure on behalf of the users and the service providers (the authentication process may be outsourced to the Authenticator).
  • the Authenticator can communicate with the MAP GW, which again communicates towards the GSM operators.
  • a service provider is an entity that can provide services, and which requires the users to authenticate prior to access to these services.
  • This component can receive authentication requests and forward them to any HLR, as long as a roaming agreement for authentication exists.
  • the component supports the EAP-SIM/EAP-AKA over RADIUS protocol on one side and SS7 up to the MTP3 layer on the other side.
  • the mobile network gateway may be a combined RADIUS server/MAP gateway.
  • This is a standard GSM Home Location Register, which in turn is connected to an Authentication Centre (AuC).
  • AuC Authentication Centre
  • FIG. 3 shows the authentication process. Some message exchanges are left out for clarity. Messages 4, 5, 8, 9, 12, 13, 14 and 15 are embedded in the EAP-SIM protocol. Messages 5, 8, 13 and 14 can in addition be embedded in the RADIUS protocol, but this is optional.
  • the message exchanges in the process are detailed below:
  • invokeServiceQ UserA tries to access a service using a terminal, which can be a cellular phone, PDA, laptop PC, stationary PC, etc.
  • invokeServiceQ Software on the terminal requests a service from a service provider (e.g. through a WWW browser) authenticateQ: The service provider requires the user to authenticate himself before providing the requested service and send the authentication request to the authenticator
  • the Authenticator communicates with a software component on the terminal which again communicates with the SIM card to get the user identity (IMSI)
  • authRequest The Authenticator requests authentication from a RADIUS server/MAP gateway .
  • IMSI authRequest
  • authRequestRes ⁇ onse (TRIPLET): The HLR responds with triplets (RAND, XRES, Kc)
  • authRequestResponse(RAND) The RADIUS/MAP GW responds to the Authenticator with the random challenge from a triplet
  • authRequestResponse(RAND) The Authenticator responds to the software component on the terminal with the random challenge
  • the terminal initiates the A3 algorithm on the SIM card, using the random challenge as input (the A3 algorithm also uses a secret key, Ki stored on the SIM)
  • authRequest(SRES) Software on the terminal returns the signed response, received from the SIM, to the Authenticator
  • authRequest(SRES) The Authenticator returns the signed response to the RADIUS server
  • authRequestResponse (Success): The RADIUS indicates whether authentication was successiveful or not to the Authenticator ⁇
  • authRequestResponse(AuthenticationToken) If authentication was successful, the Authenticator returns a token to the software on the terminal as a confirmation of the authentication
  • provideServiceQ By verifiying the authentication token, the service provider provides the originally requested service to the terminal software
  • the invention supports strong authentication of users who subscribe to different GSM operators. This means that a large number of users will be able to use the simplified, strong authentication towards Internet services
  • the invention provides strong authentication to Internet services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This invention relates to authenticating users towards Internet services, using their SIM card as an authentication token, and reusing the existing authentication infrastructure of GSM networks. The method allows the authentication of subscribers from different GSM operators through a centralized authentication point towards their home network.

Description

A METHOD AND DEVICE FOR AUTHENTICATING USERS
Field of the invention
The present invention relates to the use of Internet services, and in particular an improved method for authenticating users when logging in to Internet services.
Technical Background
The main problem area
Figure 1 illustrates the primary problem area. A user accesses several services provided by different service providers through different terminals (e.g. a cellular phone, a PDA, a laptop computer or a stationary PC). However, the user is required to authenticate himself towards most services, i.e., to provide proofs that he really is who he claims to be.
For most Internet services today, the user must create a user account, and select a username and password, which are later used to authenticate him.
Known solutions
Username/password based Authentication
Username/password based authentication is the most common method in the Internet today and is used in services like:
Web shops
Web mail
Member sites/discussion forums
Etc.
PKI Authentication
Public Key Infrastructure (PKI) [1] relies on a pair of keys for each user; a public and a private key. The public key can be freely distributed to anyone, whereas the private key must be kept secret by the owner. To use PKI for authentication, the distribution of keys _
is crucial. It must be ensured that nobody else than the rightful owner has the private key, and it must also be ensured that the public key is distributed correctly, i.e., that the ones that receive the public key really gets the key of the person they believe to get the key of (and not an imposter).
OTP Authentication
One-Time Password (OTP) authentication is a solution where the system guarantees a new password on every authentication. There are several possible solutions for OTP, but the system usually relies on a hash algorithm which is used to calculate a response based on a challenge provided by an OTP server. This way, it doesn't help an attacker to steal the OTP response in transit, since the challenge is different each time.
Mostly used by Internet banking services
Smart Card Authentication
Smart Card authentication can be based on both PKI and OTP. The strength is increased by introducing a physical token.
Used by e.g. Norsk Tipping for online betting
Used for company authentication to VPN, etc.
Problems with known solutions
Strength
The username/password solution can be sufficient for many types of services, but there are several problems with it:
Users tend to use the same username/password combination for several accounts with different service providers
Users tend to choose simple usernames and passwords, which are easy to remember. These are then easy to guess by potential attackers
Users often write down usernames and passwords; most people cannot remember an unlimited amount of username/password combinations Usemames/passwords are often sent in cleartext, which can then be intercepted by an eavesdropper and used in replay attacks
Deployment and Administrative Issues
Common to the solutions discussed above is the deployment and administrative issues. Each of these solutions requires that the user obtains an artifact which is used to authenticate the user, e.g. public/private keys, certificates, OTP calculator and/or Smart Card with Smart Card reader.
Brief summary of the invention
This invention alleviates all the challenges with known authentication solutions discussed above.
The scope of the invention appears from the appended claims.
Description of the drawings
The invention will now be described in detail with reference to the appended drawings, in which:
Fig. 1 is a schematic diagram showing a user accessing several services on the Internet,
Fig. 2 is a diagram showing the overall architecture of the inventive system,
Fig. 3 is a sequence diagram illustrating an authentication process according to the present invention
Detailed description of the invention
This invention relates to authenticating users towards Internet services, using their SIM card as an authentication token, and reusing the existing authentication infrastructure of GSM networks. The innovation lies in the method that allows the authentication of subscribers from different GSM operators through a centralized authentication point towards their home network, thus maximizing the potential user base of the authentication service, which is crucial for the adoption of the authentication service by service providers. This invention enables strong authentication of users for Internet services using the GSM [2] authentication mechanism, and it can be used for users having subscription at different GSM operators. More specifically, it allows a user that wants to access Internet services from a terminal (such as a cellular phone, PDA, laptop PC or stationary PC), to authenticate using a cellular phone (or another SIM reader) to authenticate towards his home GSM operator, no matter where in the world the user is currently located. For example, when travelling and surfing the Web on an Internet cafe, it will still be possible for a user to authenticate towards services using his cellular phone, even if there is no GSM network coverage in the current location. The authentication will proceed all the way towards the Home Location Register (HLR) of the home GSM operator. This is solved by a mobile network gateway which acts as a Visitor Location Register (VLR), and forwards, based on the user identity, IMSI (International Mobile Subscriber Identity) authentication requests towards the appropriate HLR.
The system components
Cellular phone
Since GSM phones already include a SIM (Subscriber Identity Module) card, such a terminal can be used in the authentication process. Services can either be delivered directly to the cellular phone, or the cellular phone can be used to authenticate services accessed through a second terminal. The second terminal will then communicate further towards the authentication mechanisms implemented as a distributed function in the Internet.
SIM Reader
An option to using the cellular phone directly, it is possible to embed a SIM card in a specialised Smart Card reader, i.e., a SIM reader, connected to the terminal either using USB or PCCARD. It is also possible to use a 3G PCMCIA datacard, which already embeds a SIM, in the authentication process.
Terminal
Services may be accessed either through the cellular phone, or a through a second terminal. The terminal is a device with an Internet connection (wired or wireless), and it can be either a cellular phone, PDA, laptop PC or stationary PC or any other terminal with such connection. Authenticator
The Authenticator has service level agreement with Service Providers, and may be responsible for carrying out the authentication procedure on behalf of the users and the service providers (the authentication process may be outsourced to the Authenticator). The Authenticator can communicate with the MAP GW, which again communicates towards the GSM operators.
Service Provider
A service provider is an entity that can provide services, and which requires the users to authenticate prior to access to these services.
Mobile network gateway
This component can receive authentication requests and forward them to any HLR, as long as a roaming agreement for authentication exists. The component supports the EAP-SIM/EAP-AKA over RADIUS protocol on one side and SS7 up to the MTP3 layer on the other side. The mobile network gateway may be a combined RADIUS server/MAP gateway.
HLR
This is a standard GSM Home Location Register, which in turn is connected to an Authentication Centre (AuC).
The authentication process
Figure 3 shows the authentication process. Some message exchanges are left out for clarity. Messages 4, 5, 8, 9, 12, 13, 14 and 15 are embedded in the EAP-SIM protocol. Messages 5, 8, 13 and 14 can in addition be embedded in the RADIUS protocol, but this is optional. The message exchanges in the process are detailed below:
invokeServiceQ: UserA tries to access a service using a terminal, which can be a cellular phone, PDA, laptop PC, stationary PC, etc.
invokeServiceQ: Software on the terminal requests a service from a service provider (e.g. through a WWW browser) authenticateQ: The service provider requires the user to authenticate himself before providing the requested service and send the authentication request to the authenticator
getlMSIQ The Authenticator communicates with a software component on the terminal which again communicates with the SIM card to get the user identity (IMSI)
authRequest (IMSI): The Authenticator requests authentication from a RADIUS server/MAP gateway .
authRequest (IMSI): Using the IMSI which contains the operator code, the RADIUS server/MAP gateway deducts the correct HLR and route the authentication request to the correct HLR. The operator code usually consists of IMSI digits 4-5 (in Europe) or IMSI digits 4-6 (in North America).
authRequestResρonse(TRIPLET): The HLR responds with triplets (RAND, XRES, Kc)
authRequestResponse(RAND): The RADIUS/MAP GW responds to the Authenticator with the random challenge from a triplet
authRequestResponse(RAND): The Authenticator responds to the software component on the terminal with the random challenge
rurιA3(RAND): The terminal initiates the A3 algorithm on the SIM card, using the random challenge as input (the A3 algorithm also uses a secret key, Ki stored on the SIM)
runA3 Response (SRES): The SIM responds with a signed response (SRES = A3(RAND, Ki))
authRequest(SRES): Software on the terminal returns the signed response, received from the SIM, to the Authenticator
authRequest(SRES): The Authenticator returns the signed response to the RADIUS server
authRequestResponse (Success): The RADIUS indicates whether authentication was succesful or not to the Authenticator η
authRequestResponse(AuthenticationToken): If authentication was successful, the Authenticator returns a token to the software on the terminal as a confirmation of the authentication
invokeService(AuthenticationToken): The software on the terminal (e.g. WWW browser) re-invokes the service, and provides the authentication token as a proof of the successful authentication
provideServiceQ: By verifiying the authentication token, the service provider provides the originally requested service to the terminal software
18. provideService(): Finally, the software on the terminal will provide the user with the requested service
This invention alleviates all the challenges with known authentication solutions discussed in the introduction. In particular:
The invention supports strong authentication of users who subscribe to different GSM operators. This means that a large number of users will be able to use the simplified, strong authentication towards Internet services
The invention provides strong authentication to Internet services
There are no additional administrative or deployment issues; the users already have a SIM card and a subscription at the GSM operator
However, while the invention has been described in relation to Internet services, it may as well find applications in any network where users want to gain access to a service. The invention is in fact applicable in all circumstances where a user is asked to identify himself. Large service providers may also possess their own Authenticator servers or services. The invention is neither limited to GSM networks, as corresponding functionality for authentication is present in other mobile networks as well.

Claims

gClaims
1. A method for authenticating a user attempting to access a service on an IP based network, said service being provided by a service provider, the method being c h a r a c t e r i z e d i n : retrieving an International Mobile Service Identity for the user from a SIM card possessed by the user, deducting which mobile network Home Location Register the user belongs to from said identity information, sending an authentication request to said Home Location Register, receiving authentication data from the Home Location Register, performing authentication towards the SIM card obtaining an authentication result, providing said authentication result to the service provider with a request of access to the service.
2. A method as claimed in claim 1, wherein the Home Location Register responding to the authentication request with a random challenge, processing said random challenge using said SIM card, The SIM card providing a response, controlling the correctness of the response in order to obtain said authentication result.
3. A method as claimed in claim 1 , wherein the method is initiated by a user terminal sending a service request to the service provider, the service provider sending an authentication request to an Authenticator server, said step of retrieving the International Mobile Service Identity including the
Authenticator server retrieving said International Mobile Service Identity of the user from said SIM card and providing said International Mobile Service Identity to a mobile network gateway, said step of deducting which mobile network Home Location register the user belongs to including the mobile network gateway deducting the Home Location Register of the user from said International Mobile Service Identity, said step of providing authentication data including the mobile network gateway sending the random challenge message to the Authenticator server, the Authenticator server sending the random challenge message to the user terminal, said step of performing authentication including processing said message by the user terminal initiating an A3 algorithm on the SIM card using the random challenge message as input,
The user terminal returning the response from the SIM card to the Authenticator server, the Authenticator server sending the response to the mobile network gateway, the mobile network gateway controlling the response and indicating whether the authentication was successful or not to the Authenticator server, if the authentication was successful, the Authenticator server providing an authentication token to the user terminal, said step of providing said result to the service provider including the user terminal re- invoking the service providing said authentication token as a proof of successful authentication.
4. A method as claimed in claim 3, wherein said mobile network gateway being a RADIUS server/MAP gateway.
5. A method as claimed in claim 4, wherein said RADIUS server/MAP gateway has an interface to a Signalling number 7 network.
6. A method as claimed in claim 1, wherein the identity information is retrieved from a SIM card enclosed either in a SIM enabled device embedded in the terminal, or in a SIM card reader or a cellular phone connected with said user terminal.
7. A method as claimed in claim 4, wherein the RADIUS server/MAP gateway supports EAP-AKA over RADIUS protocol on one side and Signalling number 7 protocol from MTPl layer to MTP3 layer on another side.
8. A method as claimed in claim 3, wherein said user terminal is a cellular phone, or a PDA, or a laptop PC, or a stationary PC.
9. A device for authenticating a user attempting to access one or more services on an IP based network, said service(s) being provided by at least one service provider, c h a r a c t e r i z e d i n that said device is connected to said at least one service provider, and being adapted to receive authentication requests from said service provider(s), said authentication requests relating to users using user terminals and requesting services from said service provider(s), ( said device being connected to said user terminals and being adapted to retrieve user identification data from SIM cards in or connected to said user terminals, and said device being connected to at least one mobile network gateway and being adapted to provide said user identification data to said gateway and receive user authentication services from said gateway.
10. A device as claimed in claim 9, wherein said mobile network gateway is a
RADIUS server/MAP gateway.
PCT/NO2007/000124 2006-04-04 2007-04-02 A method and device for sim based authentification in ip networks WO2007114710A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20061520 2006-04-04
NO20061520A NO20061520L (en) 2006-04-04 2006-04-04 Method and device for authentication of users

Publications (2)

Publication Number Publication Date
WO2007114710A2 true WO2007114710A2 (en) 2007-10-11
WO2007114710A3 WO2007114710A3 (en) 2007-12-27

Family

ID=38564094

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2007/000124 WO2007114710A2 (en) 2006-04-04 2007-04-02 A method and device for sim based authentification in ip networks

Country Status (2)

Country Link
NO (1) NO20061520L (en)
WO (1) WO2007114710A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2372958A1 (en) * 2010-03-30 2011-10-05 Société Française du Radiotéléphone-SFR Method for authenticating a terminal connecting with an internet server access
EP2445242A1 (en) * 2009-08-11 2012-04-25 Huawei Device Co., Ltd. Method, system, server, and terminal for authentication in wireless local area network
EP2741567A1 (en) * 2011-08-03 2014-06-11 ZTE Corporation Access method system and mobile intelligent access point
WO2014146679A1 (en) * 2013-03-18 2014-09-25 Telefonaktiebolaget L M Ericsson (Publ) A node for use by a network, a system for interconnecting multiple networks and methods of operating the node and system
DE102017000768A1 (en) 2017-01-27 2018-08-02 Giesecke+Devrient Mobile Security Gmbh Method for performing two-factor authentication

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003094438A1 (en) * 2002-05-01 2003-11-13 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for sim-based authentication and encryption in wireless local area network access

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003094438A1 (en) * 2002-05-01 2003-11-13 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for sim-based authentication and encryption in wireless local area network access

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"CISCO ITP MAP Gateway for Public WLAN SIM Authentication and Authorization" CISCO WHITE PAPER, 15 May 2003 (2003-05-15), pages 1-13, XP002271510 *
"Universal Mobile Telecommunications System (UMTS); 3G security; Wireless Local Area Network (WLAN) interworking security (3GPP TS 33.234 version 6.3.0 Release 6); ETSI TS 133 234" ETSI STANDARDS, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE, SOPHIA-ANTIPO, FR, vol. 3-SA3, no. V630, December 2004 (2004-12), XP014028226 ISSN: 0000-0001 *
HAVERINEN H ET AL: "CELLULAR ACCESS CONTROL AND CHARGING FOR MOBILE OPERATOR WIRELESS LOCAL AREA NETWORKS" IEEE WIRELESS COMMUNICATIONS, IEEE SERVICE CENTER, PISCATAWAY, NJ, US, vol. 9, no. 6, December 2002 (2002-12), pages 52-60, XP001143468 ISSN: 1536-1284 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2445242A1 (en) * 2009-08-11 2012-04-25 Huawei Device Co., Ltd. Method, system, server, and terminal for authentication in wireless local area network
EP2445242A4 (en) * 2009-08-11 2012-05-23 Huawei Device Co Ltd Method, system, server, and terminal for authentication in wireless local area network
US8589675B2 (en) 2009-08-11 2013-11-19 Huawei Device Co., Ltd. WLAN authentication method by a subscriber identifier sent by a WLAN terminal
FR2958428A1 (en) * 2010-03-30 2011-10-07 Radiotelephone Sfr METHOD OF EXECUTING A FIRST SERVICE WHILE A SECOND SERVICE IS IN PROGRESS, USING A COMPUTER TERMINAL EQUIPPED WITH AN INTEGRATED CIRCUIT BOARD.
EP2372958A1 (en) * 2010-03-30 2011-10-05 Société Française du Radiotéléphone-SFR Method for authenticating a terminal connecting with an internet server access
US9167430B2 (en) 2011-08-03 2015-10-20 Zte Corporation Access method and system, and mobile intelligent access point
EP2741567A1 (en) * 2011-08-03 2014-06-11 ZTE Corporation Access method system and mobile intelligent access point
EP2741567A4 (en) * 2011-08-03 2015-03-18 Zte Corp Access method system and mobile intelligent access point
WO2014146679A1 (en) * 2013-03-18 2014-09-25 Telefonaktiebolaget L M Ericsson (Publ) A node for use by a network, a system for interconnecting multiple networks and methods of operating the node and system
US9961061B2 (en) 2013-03-18 2018-05-01 Telefonaktiebolaget Lm Ericsson (Publ) Node for use by a network, a system for interconnecting multiple networks and methods of operating the node and system
DE102017000768A1 (en) 2017-01-27 2018-08-02 Giesecke+Devrient Mobile Security Gmbh Method for performing two-factor authentication
US11184343B2 (en) 2017-01-27 2021-11-23 Giesecke+Devrient Mobile Security Gmbh Method for carrying out an authentication
US11258777B2 (en) 2017-01-27 2022-02-22 Giesecke+Devrient Mobile Security Gmbh Method for carrying out a two-factor authentication

Also Published As

Publication number Publication date
WO2007114710A3 (en) 2007-12-27
NO20061520L (en) 2007-10-05

Similar Documents

Publication Publication Date Title
KR101401190B1 (en) Method and system for controlling access to networks
US8261078B2 (en) Access to services in a telecommunications network
US8806596B2 (en) Authentication to an identity provider
FI114953B (en) The method of identifying the user on the terminal, the identification system, the terminal and the authentication device
KR101116806B1 (en) Method And System For The Authentication Of A User Of A Data Processing System
US7231203B2 (en) Method and software program product for mutual authentication in a communications network
EP2039050B1 (en) Method and arrangement for authentication procedures in a communication network
US20070178885A1 (en) Two-phase SIM authentication
KR101068424B1 (en) Inter-working function for a communication system
US20030061503A1 (en) Authentication for remote connections
CA2468599C (en) Use of a public key key pair in the terminal for authentication and authorization of the telecommunication subscriber in respect of the network operator and business partners
CN101621801A (en) Method, system, server and terminal for authenticating wireless local area network
US20020169958A1 (en) Authentication in data communication
WO2007114710A2 (en) A method and device for sim based authentification in ip networks
EP2961208A1 (en) Method for accessing a service and corresponding application server, device and system
Pashalidis et al. Using GSM/UMTS for single sign-on
van Do et al. Better user protection with mobile identity
Latze et al. Strong mutual authentication in a user-friendly way in eap-tls
van Thanhe et al. Strong authentication for web services with mobile universal identity
EP1580936B1 (en) Subscriber authentication
Schuba et al. Internet id-flexible re-use of mobile phone authentication security for service access
Jønvik et al. Strong authentication using dual SIM
Bountakas Mobile connect authentication with EAP-AKA
Wiederkehr Approaches for simplified hotspot logins with Wi-Fi devices
Asokan et al. Man-in-the-middle in tunnelled authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07747585

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07747585

Country of ref document: EP

Kind code of ref document: A2