WO2010000298A1 - Appareil, procédé et programme pour une authentification intégrée - Google Patents

Appareil, procédé et programme pour une authentification intégrée Download PDF

Info

Publication number
WO2010000298A1
WO2010000298A1 PCT/EP2008/058384 EP2008058384W WO2010000298A1 WO 2010000298 A1 WO2010000298 A1 WO 2010000298A1 EP 2008058384 W EP2008058384 W EP 2008058384W WO 2010000298 A1 WO2010000298 A1 WO 2010000298A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity
user
item
provider
authentication
Prior art date
Application number
PCT/EP2008/058384
Other languages
English (en)
Inventor
Uwe Föll
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/EP2008/058384 priority Critical patent/WO2010000298A1/fr
Publication of WO2010000298A1 publication Critical patent/WO2010000298A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Definitions

  • a gap between network and application level authentication is bridged, e.g. by extracting a user identity, user ID, for e.g. a valid IP data session.
  • the user identity may for example be extracted from that network element that can resolve a mapping between the IP address and a primary identity, ID, (e.g. MSIDN or mobile station international data number, MSISDN, international mobile subscriber identity, IMSI, international mobile equipment identity, IMEI, a globally or at least locally unique identity, and/or permanent identity, or the like) of a user.
  • ID e.g. MSIDN or mobile station international data number, MSISDN, international mobile subscriber identity, IMSI, international mobile equipment identity, IMEI, a globally or at least locally unique identity, and/or permanent identity, or the like
  • the user identity information may e.g. be retrieved from an authentication server but may also come from a policy and charging rules function, or from a bootstrapping server function, or from any other source, etc.
  • the server 5 checks the authorization of the entity indicated by the IP address or other identification indicated in message 10, and returns an authentication response message 11 to the identity provider 7, the authentication response message 11 indicating an identity or primary identity of the user or terminal 1 such as MSISDN or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Au moins un ou plusieurs modes de réalisation de l'invention portent sur un procédé et sur un appareil pour un mécanisme de fédération dans un environnement de serveur d'authentification, autorisation et comptabilité/gestion d'identité.
PCT/EP2008/058384 2008-06-30 2008-06-30 Appareil, procédé et programme pour une authentification intégrée WO2010000298A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/058384 WO2010000298A1 (fr) 2008-06-30 2008-06-30 Appareil, procédé et programme pour une authentification intégrée

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/058384 WO2010000298A1 (fr) 2008-06-30 2008-06-30 Appareil, procédé et programme pour une authentification intégrée

Publications (1)

Publication Number Publication Date
WO2010000298A1 true WO2010000298A1 (fr) 2010-01-07

Family

ID=40395883

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/058384 WO2010000298A1 (fr) 2008-06-30 2008-06-30 Appareil, procédé et programme pour une authentification intégrée

Country Status (1)

Country Link
WO (1) WO2010000298A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110296518A1 (en) * 2010-05-28 2011-12-01 Igor Faynberg Application layer authentication in packet networks
US20120079569A1 (en) * 2010-09-24 2012-03-29 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
CN101789864B (zh) * 2010-02-05 2012-10-10 中国工商银行股份有限公司 一种网上银行后台身份认证方法、装置及系统
WO2013002886A1 (fr) * 2011-06-30 2013-01-03 Cisco Technology, Inc. Identité de réseau pour authentification de logiciel comme service
CN103139181A (zh) * 2011-12-01 2013-06-05 华为技术有限公司 一种开放式认证的授权方法、装置和系统
WO2013149650A1 (fr) * 2012-04-03 2013-10-10 Telefonaktiebolaget L M Ericsson (Publ) Procédés et appareil de fourniture d'une identité d'abonné
US8949938B2 (en) 2011-10-27 2015-02-03 Cisco Technology, Inc. Mechanisms to use network session identifiers for software-as-a-service authentication
US9152781B2 (en) 2012-08-09 2015-10-06 Cisco Technology, Inc. Secure mobile client with assertions for access to service provider applications
CN106295394A (zh) * 2016-07-22 2017-01-04 飞天诚信科技股份有限公司 资源授权方法及系统和授权服务器及工作方法
US11495749B2 (en) 2015-04-06 2022-11-08 Universal Display Corporation Organic electroluminescent materials and devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003073783A1 (fr) * 2002-02-28 2003-09-04 Telefonaktiebolaget L M Ericsson Systeme, procede et appareil pour services d'identification unique federes
WO2006045402A1 (fr) * 2004-10-26 2006-05-04 Telecom Italia S.P.A. Procede et systeme permettant d'authentifier de maniere transparente un utilisateur mobile pour acceder a des services web

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003073783A1 (fr) * 2002-02-28 2003-09-04 Telefonaktiebolaget L M Ericsson Systeme, procede et appareil pour services d'identification unique federes
WO2006045402A1 (fr) * 2004-10-26 2006-05-04 Telecom Italia S.P.A. Procede et systeme permettant d'authentifier de maniere transparente un utilisateur mobile pour acceder a des services web

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Liberty Alliance and 3GPP security interworking; Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Archi", 1 October 2007, ETSI STANDARDS, LIS, SOPHIA ANTIPOLIS CEDEX, FRANCE, ISSN: 0000-0001, XP014039738 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789864B (zh) * 2010-02-05 2012-10-10 中国工商银行股份有限公司 一种网上银行后台身份认证方法、装置及系统
WO2011149704A1 (fr) * 2010-05-28 2011-12-01 Alcatel-Lucent Usa Inc. Authentification de couche d'application dans des réseaux à commutation de paquets
US8973125B2 (en) 2010-05-28 2015-03-03 Alcatel Lucent Application layer authentication in packet networks
US20110296518A1 (en) * 2010-05-28 2011-12-01 Igor Faynberg Application layer authentication in packet networks
US8881247B2 (en) 2010-09-24 2014-11-04 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
US20120079569A1 (en) * 2010-09-24 2012-03-29 Microsoft Corporation Federated mobile authentication using a network operator infrastructure
WO2013002886A1 (fr) * 2011-06-30 2013-01-03 Cisco Technology, Inc. Identité de réseau pour authentification de logiciel comme service
US8949938B2 (en) 2011-10-27 2015-02-03 Cisco Technology, Inc. Mechanisms to use network session identifiers for software-as-a-service authentication
US9356928B2 (en) 2011-10-27 2016-05-31 Cisco Technology, Inc. Mechanisms to use network session identifiers for software-as-a-service authentication
CN103139181A (zh) * 2011-12-01 2013-06-05 华为技术有限公司 一种开放式认证的授权方法、装置和系统
CN103139181B (zh) * 2011-12-01 2016-03-30 华为技术有限公司 一种开放式认证的授权方法、装置和系统
WO2013149650A1 (fr) * 2012-04-03 2013-10-10 Telefonaktiebolaget L M Ericsson (Publ) Procédés et appareil de fourniture d'une identité d'abonné
US20150043430A1 (en) * 2012-04-03 2015-02-12 Telefonaktiebolaget L M Ericsson (Publ) Methods and apparatus for providing a subscriber identity
US9503885B2 (en) 2012-04-03 2016-11-22 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus for providing a subscriber identity
US9152781B2 (en) 2012-08-09 2015-10-06 Cisco Technology, Inc. Secure mobile client with assertions for access to service provider applications
US9876799B2 (en) 2012-08-09 2018-01-23 Cisco Technology, Inc. Secure mobile client with assertions for access to service provider applications
US11495749B2 (en) 2015-04-06 2022-11-08 Universal Display Corporation Organic electroluminescent materials and devices
CN106295394A (zh) * 2016-07-22 2017-01-04 飞天诚信科技股份有限公司 资源授权方法及系统和授权服务器及工作方法

Similar Documents

Publication Publication Date Title
WO2010000298A1 (fr) Appareil, procédé et programme pour une authentification intégrée
CN111385100B (zh) 用于访问资源的方法、计算机可读介质以及移动设备
EP3251324B1 (fr) Accès sécurisé à des services basés sur le nuage
US8472388B2 (en) Gateway apparatus, authentication server, control method thereof and computer program
EP3120591B1 (fr) Dispositif sur la base d'un identifiant d'utilisateur, système de gestion d'identité et d'activité
JP4782139B2 (ja) モバイルユーザーをトランスペアレントに認証してウェブサービスにアクセスする方法及びシステム
US8166129B2 (en) Method and system for providing media content to a user
EP2572527B1 (fr) Utilisation d'une architecture de démarrage générique avec des applications web et des pages web
EP1871065A1 (fr) Procédés, dispositif et système pour le contrôle d'accès à un réseau
US20120204231A1 (en) User identity management for permitting interworking of a bootstrapping architecture and a shared identity service
EP3395037A1 (fr) Authentification de signature automatique par le biais d'un navigateur pour une application client
KR20130004598A (ko) 패킷 네트워크들에서 애플리케이션 층 인증
US10812536B2 (en) Method and apparatus for providing quality of service for web-based real-time communication
CN105721479A (zh) 一种网址过滤方法及装置
CN107040389B (zh) 用于认证、授权和计费协议的结果报告
WO2004075512A1 (fr) Decouverte d'un serveur d'application dans un reseau ip
US8274985B2 (en) Control of cellular data access
CN103023856A (zh) 单点登录的方法、系统和信息处理方法、系统
CN112087412B (zh) 一种基于唯一令牌的服务访问处理方法及装置
US9326141B2 (en) Internet protocol multimedia subsystem (IMS) authentication for non-IMS subscribers
US11490255B2 (en) RCS authentication
US11405764B2 (en) Multiple parallel WebRTC accesses to IMS
US20160234685A1 (en) Methods and Devices for Processing Identification Information
US20160183083A1 (en) User equipment and method for dynamic internet protocol multimedia subsystem (ims) registration
CN114339760A (zh) 通信网络中的授权

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08774537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08774537

Country of ref document: EP

Kind code of ref document: A1