WO2016001032A1 - Authentification d'utilisateur et gestion de ressources dans un réseau cellulaire - Google Patents

Authentification d'utilisateur et gestion de ressources dans un réseau cellulaire Download PDF

Info

Publication number
WO2016001032A1
WO2016001032A1 PCT/EP2015/064226 EP2015064226W WO2016001032A1 WO 2016001032 A1 WO2016001032 A1 WO 2016001032A1 EP 2015064226 W EP2015064226 W EP 2015064226W WO 2016001032 A1 WO2016001032 A1 WO 2016001032A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
cellular network
authentication
user device
service
Prior art date
Application number
PCT/EP2015/064226
Other languages
English (en)
Inventor
Dale Taylor
Original Assignee
Vodafone Ip Licensing Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Ip Licensing Limited filed Critical Vodafone Ip Licensing Limited
Publication of WO2016001032A1 publication Critical patent/WO2016001032A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the invention relates to a method of user authentication for accessing a service provided over a cellular network, a user device for communication with a cellular network, an authentication device comprising an interface for providing a communications link with a user device and a network entity of a cellular network.
  • the Third Generation Partnership Project (3GPP) has been developing enhancements to cellular systems to allow their operation for public safety or emergency services (ES) communications. These are especially intended to work with the Long Term Evolution (LTE) architecture.
  • the service may be overlaid on the cellular network's existing infrastructure, for example as a distinct packet-switched service using one or more specific applications operating on the user device.
  • Other services of the cellular network may be provided to the user device at the same time as the ES service and potentially independently.
  • Aims of this approach may include: reduced cost; improved functionality; and increased flexibility in comparison with existing public safety communication infrastructure, such as the Terrestrial Trunked Radio (TETRA) network.
  • TETRA Terrestrial Trunked Radio
  • Such systems are desirably secure and, to effect this, employ user-specific security keys and profiles as part of the communication between a user device and the network or between multiple user devices.
  • Existing TETRA technology stores the security keys and profile within the user device.
  • the TEA2 (security) algorithm utilised requires the user device to be brought into a secure
  • One advantage in the use of a cellular network for providing such services is that devices may be interchangeable between users, which will be lost using this approach.
  • SIM Subscriber Identity Module
  • a SIM card is at least partially embedded within the device, such that the user would need to change the SIM card whenever they wish to use a different device.
  • SIM Subscriber Identity Module
  • a user may change devices more often than that of conventional cellular network users. This may be partly because devices can become damaged or run out of power more often (especially where smart devices are utilised). Replacing the battery or switching the device and physically moving the SIM card may then be the only solutions to such problems, which may not be acceptable.
  • NFC Near Field Communication
  • the user is provided with an NFC device that is separate to the User Equipment (UE) employed for accessing the cellular network.
  • the NFC device can act as a processing engine and/or utilised as storage. This may allow the NFC device to store a security credential common to the cellular network and/or service provider, but unknown to the user or UE.
  • the NFC device processes a challenge from the service provider using the common security credential and a user-specific credential input by the user to the UE, such as a PIN, to provide an authentication code.
  • the authentication code is sent back to the service provider, which verifies it.
  • the use of at least one unique identifier associated with the cellular network (such as an IMSI and/or IMEI) in setting the authentication code is particularly advantageous.
  • a device-specific and/or subscriber-specific identifier allows the authentication of the user to be traced directly to an individual user device (such as a UE) and/or a specific subscriber and may provide a constantly changing encryption system.
  • the use of an authentication device separate from the user device provides security, so that the authentication code may be generated on the basis of information unknown to the user device, together with the ability to interchange user devices, since a specific user device need not be required to access the service.
  • this may be seen as the combination of device-specific and/or subscriber-specific identifier with a service credential that is unknown to the user device to provide multi-factor authentication.
  • this improvement in security may allow the security requirements inherent to the user device to be relaxed to the extent that, as far as at least security is concerned, the user device may essentially be a dumb terminal.
  • the authentication device communicates with the user device using a secondary communication link (preferably, separate from the link between the user device and the cellular network, such as a short-range communication link), so that the two devices require no fixed integration and allow the authentication device to be used in conjunction with a variety of user devices.
  • a secondary communication link preferably, separate from the link between the user device and the cellular network, such as a short-range communication link
  • the authentication code may allow access to the cellular network or at least a specific service provided by the cellular network.
  • the authentication code may be a one-time access key.
  • Public Key Infrastructure (PKI) in the cellular network may then determine what the authentication code allow the user device to access within a secure infrastructure.
  • PKI Public Key Infrastructure
  • the authentication code that is generated by placing the authentication device with the user device to create an authentication session may give the user device access to the network for a specified amount of time, until the session expires. Then the data may be inaccessible until the user creates another authentication session with the authentication device.
  • a user profile may be stored with within the authentication device (such as an NFC card). If the user device is changed or lost, the profile information is therefore retained.
  • the authentication device such as an NFC card
  • a specific lifetime can be applied to the access provided to the service.
  • this enables control of access lifetime on a per-device and/or per-subscriber basis. This may further increase security of the access in case of device loss or change, for instance.
  • Figure 1 illustrates a schematic diagram of a system in accordance with an embodiment of the invention.
  • Figure 2 shows a schematic depiction of an operation of the system of Figure 1 .
  • a User Equipment (UE) 10 a User Equipment (UE) 10
  • user input 20 a Near Field Communication (NFC) device 30, which may be considered an authentication device
  • NFC Near Field Communication
  • the UE 10 has a Subscriber Identity Module (SIM) part 1 1 , which may be a SIM card or SIM application embodied in a different form (for example, integrated with the UE 10).
  • SIM Subscriber Identity Module
  • An application 15 operates on the UE 10 and is particularly used for interfacing with the cellular network 40, for providing a particular service. For example, this may be provided by a service provider that could be logically or physically separate from the cellular network operator.
  • the service may be an ES service or another service desiring secure authentication of the user.
  • the service may include a communications service provided by the cellular network 40.
  • the authentication of the user operates in the following way.
  • the user 20 loads the application 15 on the UE 10.
  • the application 15 requests a security credential, such as a PIN code, from the user 20.
  • a security credential such as a PIN code
  • the user 20 brings the NFC device 30 into proximity with the UE 10 (which has an NFC reader), allowing communication between them and handshake occurs to set this up.
  • the UE 10 provides security information to the NFC device 30. This is shown as a two-way interaction, but it may be one way only.
  • the security information comprises a unique identifier for the UE 10 on the cellular network 40.
  • this may be an identifier associated with the UE 10 itself, such as an International Mobile Station Equipment Identity (IMEI) and/or an identifier associated with the subscription (that is, SIM 1 1 ), such as an International Mobile Subscriber Identity (IMSI) or a Mobile Subscriber Integrated Services Digital Network-Number (MSISDN). Both the IMSI and MSI DSN could also be used.
  • the security information also comprises the security credential from the user 20 (as discussed in steps 1 10 and 120).
  • the NFC device 30 checks the security credential against a predetermined value stored on its internal memory (not shown). If the security credential does not match the stored value, the NFC device 30 informs the UE 10 that the security credential is rejected and does nothing more. Otherwise, the NFC device 30 determines an authentication code based on the security information, in particular the identifier associated with the UE 10 or SIM 1 1 .
  • authentication code can also be based on other parts of the security information, such as the security credential (such as the PIN code, for instance of 4, 6 or more digits) and/or information stored in the NFC device 30 that is unknown to the UE 10 (and SIM 1 1 and/or user 20), but known to the cellular network 40, such as an encrypted logon key.
  • the cellular network can include the service provider (not shown), even though these may be logically or even physically separate.
  • the authentication code which will be specific to the UE 10 and/or SIM 1 1 is then communicated to the application 15 at the UE 10 over the NFC link (for example, by the application 15 accessing it within the NFC device 30) and the application 15 communicates the authentication code to the cellular network 40, for authentication. All user-specific service information, such as information on talk groups, users, contacts is stored securely on the NFC device 30 and this may only be accessed if the correct security credential is provided by the user 20.
  • the authentication code may be used to generate a one-time key that is used for the UE 10 and valid for a specific time period, such as 24 hours. This may stop lost devices requiring stunning to take them off the network, as the key will expire after an amount of time.
  • the access key and/or the user data could then be provisioned to the UE 10.
  • the access key is subsequently used by the UE 10 (and more specifically the application 15) to register or access a secure network, such as an emergency services network.
  • This embodiment therefore differs from existing security configurations for ES services, which are personal issue, so all programming information is stored on the device when the device is provisioned, including all security information.
  • This approach does not require personal issue devices and indeed, a user may authenticate onto any device that supports the technology.
  • it may enable a two or three-factor authentication mechanism, where the authentication device 30 is presented to the UE 10, the authentication device 30 is accessed via a security credential, which then allows the UE 10 to read the personalisation information from the authentication device 30 and generate an authentication code (such as a security key). This allows access from this specified device to the network service for at least (or no more than) a defined period of time.
  • Role-based authentication may also be used, based on a user's authentication device 30, so that different service functionalities may be activated and/or disabled, based on the user's permissions. If a user changes role, their authentication device 30 may be "upgraded” to update their status.
  • the authentication device 30 may be provided in the form of an ID, card allowing them to have one device that can access buildings, log onto infrastructure and access the secure communications network.
  • the user device is shown as UE 10, it will be understood that any type of user communication device may be used and this need not be a UE as understood in the conventional sense of a cellular network (which would include a mobile telephone or other portable or fixed communications device, in any case).
  • the SIM part 1 1 is equally optional.
  • the NFC device 30 may be replaced by any other type of authentication device that is separate from the user device, but which can communicate with the user device over a secondary communications link.
  • the secondary communications link may be a fixed or (preferably) wireless link, which will be discussed further below.
  • steps 1 10 and 120 can also be understood as optional and the passing of this to the NFC device 30, where it is checked, would then be omitted.
  • network enablement may be employed.
  • the network may recognise that the MSISDN associated with the SIM 1 1 is attached to a virtual profile or number associated with the user 20 and then redirects the communication to the service provider, initiating authentication.
  • the application 15 may continuously or periodically check if the NFC device 30 is in the proximity, if not then automatically disable the service. This check could be carried out only when the service is in active use, for example when a call or message is made or received. Other changes may be made.
  • This embodiment can be understood as a method of user authentication for accessing a service provided over a cellular network. It uses a user device for communication with the cellular network and that has at least one unique identifier associated with the cellular network. The method comprises
  • a cellular network in this context may include a service provider, that may be separate from and/or external to the cellular network.
  • the secondary communications link is beneficially separate from the cellular link, especially in terms of the link interface or technology, and may use a fixed (wired) link or it may use wireless and/or a short range communication technology, such as one or more of: optical communication technology; NFC technology; wireless Local Area Network (LAN) technology; and Personal Area Network technology, including Bluetooth.
  • the user device may configured for communication with a second (cellular) network, as well as the cellular network and secondary communication link.
  • the method further comprises receiving a user-specific credential as an input to the user device from the user.
  • the security information may be further based on the received user-specific credential.
  • the user-specific credential (such as a PIN code) may then be passed to the authentication device.
  • the user-specific credential may be unknown to the user device.
  • the method preferably further comprises checking the user-specific credential against a predetermined value stored on the authentication device. The authentication code only being provided if the user-specific credential matches the predetermined value. Additionally or alternatively, the authentication code is further based on the received user-specific credential. This may increase security further.
  • the authentication code is further based on a service credential stored on the authentication device and/or unknown to or not stored on the user device.
  • the service credential is specific to the user and this may allow the cellular network or service provider to confirm the user.
  • the method preferably further comprises communicating the
  • the method may further comprise receiving access information (such as an access key) at the user device from the cellular network in response to communication of the authentication code.
  • the access information may allow the user device to access the service.
  • the access information optionally allows the user device to access the service for only predetermined time period, which may be a specific duration or a set or range of specific times.
  • the method may further comprise detecting the authentication device at the user device, preferably by communication between the authentication device and the user device over the secondary communications link. This may be carried out prior to the step of communicating security information (to confirm that the authentication device is present or even prompt the user device to request the security credential or send the security information). Additionally or alternatively, this may be carried out one time or a plurality of times when the user device is being provided the service by the cellular network. This may allow regular confirmation that the authentication device and user device are still in the possession of the user, so that loss of one or the other can be indicated. The regular confirmation may be achieved by detecting the authentication device at a plurality of times separated by regular or irregular intervals or prompted by an external event, such as an incoming or outgoing call or other type of
  • the method may further comprise preventing the user device from accessing the service provided over the cellular network in response to the step of detecting the authentication device resulting in a failure.
  • the user device can optionally still access other services over the cellular network. Alternatively, the user device may not access any service over the cellular network in such a case.
  • the method may further comprise transferring user- specific data between the user device and the authentication device.
  • the user- specific data may relate to the service being provided over the cellular network (such as a user profile).
  • the step of transferring user-specific data may be based on the step of checking the user-specific credential.
  • the user-specific data is downloaded from the authentication device to the user device.
  • User-specific data may additionally or alternatively be transferred from the user device to the authentication device.
  • the application 15 may add, change or replace profile information in the NFC device 30, thereby reducing the amount of information coming over the network.
  • the service may be one that is provided by the cellular network 40 and not another service provider.
  • the authentication device 30 may store at least one user-specific credential for accessing a service provided by the cellular network 40.
  • the user device (UE 10) may provide the authentication device 30 with an identifier specific to the cellular network, such as an IMEI and this may then be used together with the at least one user-specific credential stored on the authentication device 30.
  • the authentication code may allow the UE 10 to interact with an "on air" profile management system, for example using Open Mobile Alliance (OMA) Device Management (DM) or a similar protocol. This interaction may allow the UE 10 to download a phone identity specific to the at least one user-specific credential encoded within the authentication code.
  • OMA Open Mobile Alliance
  • DM Device Management
  • the UE 10 and/or a subscription associated with it may therefore be provisioned for operation on the cellular network 40 accordingly.
  • the subscription identity is stored on the authentication device 30 in this case and the UE 10 need not have a SIM part 1 1 as a result.
  • the authentication device 30 may store a SIM profile corresponding with the at least one user-specific credential. This may allow the UE 10 to download the SIM profile from the authentication device 30 (for example, to attach an IMSI and/or MSISDN associated with the authentication device 30 to the UE 10).
  • the UE 10 can download user-specific data for the UE 10 from a cloud service, via the cellular network 40. This may include UE-configuration data, contact information, stored data (such as message information) or other similar UE-specific data.
  • a computer program (such as application 15), configured when operated by a processor to carry out the method as described herein may also be provided.
  • a user device for communication with a cellular network and having at least one unique identifier associated with the cellular network and/or an authentication device comprising an interface for providing a communications link with a user device, either or both of which may have features configured to implement the method described herein may also be provided.
  • a system combining the user device and the authentication device configured for communication with one another is also conceived.
  • a network entity of the cellular network configured to receive and check the authentication code and further configured to communicate access information to the user device in response the authentication code being validated may also be included. The access information may allow the user device to access the service.
  • FIG. 2 there is shown a schematic depiction of an operation of the system of Figure 1 , especially with reference to the cellular network.
  • the user 20 provides the authentication device 30 (in the form of an NFC card) and a PIN code.
  • the key stored on the authentication device 30 and PIN code are combined and hashed against both the IMEI and IMSI of the UE 10 to generate a user authentication key which is sent to the cellular network 40 in step 150.
  • a PDP context is set up between the UE 10 and the cellular network 40 for communication of the user authentication key and this is verified by an authentication server 45 at the cellular network 40.
  • This allows access to the secure services cloud 50, as shown. Lost devices can be immediately switched off by blocking the service key on the back end infrastructure, at the services cloud.
  • the skilled person will understand that the cellular network architecture and mechanisms for transferring data and/or authenticating the user may vary, though.
  • the method comprises: receiving an authentication code for accessing the service at the cellular network from a user device, the user device having at least one unique identifier associated with the cellular network and the authentication code being based on the at least one unique identifier of the user device associated with the cellular network and a service credential that is unknown to the user device; and checking the received authentication code at the cellular network on the basis of the at least one unique identifier of the user device associated with the cellular network and a service credential that is unknown to the user device.
  • a service credential that is unknown to the user device which may a (user-specific) security credential and/or security data (such as a key) that may be stored on a separate authentication device.
  • the service credential is preferably specific to a user.
  • the method may further comprise receiving a user identification in association with the authentication code.
  • the step of checking the received authentication code may be further based on the user identification.
  • the authentication code is optionally further based on a user-specific credential that is provided to the user device.
  • the step of checking the received authentication code at the cellular network may be further carried out on the basis of the user-specific credential.
  • the method may further comprise communicating access information from the cellular network to the user device in response to the step of checking the received authentication code resulting in the authentication code being validated.
  • the access information may allow the user device to access the service.
  • the method further comprises providing the user device with the service over the cellular network in response to the step of checking the received authentication code resulting in the authentication code being validated.
  • the service may be a first service and the method may further comprise providing the user device with a second service over the cellular network irrespective of a result of the step of checking the authentication code.
  • the second service may be distinct from the first service.
  • the method further comprises identifying at the cellular network that the user device may access the service on the basis of the at least one unique identifier associated with the cellular network. Then, the method may further comprise communicating a request for an authentication code from the cellular network to the user device, in response to the step of identifying.
  • the authentication system may allow access to different applications on the basis of the provided key or keys. This can be understood more generally as permitting access to one or some of a plurality of applications or services dependent on an indication within the received authentication code.
  • Another functionality may allow new information to be sent to the NFC device 30 over the air through the UE 10 to deprecate key information, for instance. More generally, this can be seen as communicating user-specific information from the cellular network to the user device for transferring from the user device to an authentication device interfaced with the user device.
  • the approach shown may be adapted and/or varied to implement Over the air' UE and/or subscription provisioning as discussed above. This may allow interaction between the authentication server 45 and a provisioning server (not shown). In some embodiments, the authentication server 45 and the provisioning server may be combined. Optional features as disclosed herein with respect to any other aspect (for example the method carried out at the user device and/or authentication device discussed above) may be used together with this aspect.
  • the embodiment shown in Figure 2 should also be understood as an example, and the skilled person will appreciate that variations and modifications may be possible.
  • a computer program configured when operated by a processor to carry out the method as described herein may also be provided.
  • a network entity of a cellular network configured to operate in accordance with the method as described herein.

Abstract

La présente invention concerne une authentification d'utilisateur afin d'accéder à un service fourni via un réseau cellulaire. Un dispositif d'utilisateur destiné à la communication avec le réseau cellulaire a au moins un identifiant unique associé au réseau cellulaire. Un code d'authentification est utilisé pour accéder au service via le réseau cellulaire, le code d'authentification étant basé sur des informations de sécurité qui sont basées sur le ou les identifiants uniques et pouvant également se baser sur un justificatif d'identité de service qui n'est pas connu du dispositif d'utilisateur. Les informations de sécurité peuvent être communiquées du dispositif d'utilisateur à un dispositif d'authentification séparé du dispositif d'utilisateur via une liaison de communication secondaire. Le code d'authentification peut être généré dans le dispositif d'authentification.
PCT/EP2015/064226 2014-07-03 2015-06-24 Authentification d'utilisateur et gestion de ressources dans un réseau cellulaire WO2016001032A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1411923.4A GB2527831B (en) 2014-07-03 2014-07-03 Security authentication
GB1411923.4 2014-07-03

Publications (1)

Publication Number Publication Date
WO2016001032A1 true WO2016001032A1 (fr) 2016-01-07

Family

ID=51410621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/064226 WO2016001032A1 (fr) 2014-07-03 2015-06-24 Authentification d'utilisateur et gestion de ressources dans un réseau cellulaire

Country Status (2)

Country Link
GB (1) GB2527831B (fr)
WO (1) WO2016001032A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IT201600115265A1 (it) * 2016-11-15 2018-05-15 Seecod S R L Procedimento e sistema informatico di identificazione ed autenticazione dell'identità digitale di un soggetto in possesso di un dispositivo di telecomunicazione personale.

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (fr) * 1999-10-29 2001-05-03 Nokia Corporation Procede et dispositif d'identification fiable d'un utilisateur dans un systeme informatique
US20100304670A1 (en) * 2009-05-26 2010-12-02 Shuo Jeffrey Portable personal sim card
EP2530631A1 (fr) * 2011-05-31 2012-12-05 Gemalto SA Procédé pour accéder à au moins un service, appareil communicant et système correspondants
US20130331063A1 (en) * 2012-06-11 2013-12-12 Research In Motion Limited Enabling multiple authentication applications
WO2014089576A1 (fr) * 2012-12-07 2014-06-12 Chamtech Technologies Incorporated Techniques d'authentification biométrique d'un utilisateur de dispositif mobile

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE602005001555T2 (de) * 2005-05-13 2008-03-13 Research In Motion Ltd., Waterloo Vorrichtung und Verfahren zur optischen Übertragung mittels LCD optische Sendern und Empfängern
US8365249B1 (en) * 2007-01-30 2013-01-29 Sprint Communications Company L.P. Proxy registration and authentication for personal electronic devices
KR101597849B1 (ko) * 2011-04-12 2016-03-08 엘에스산전 주식회사 이동단말 인증 시스템 및 방법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (fr) * 1999-10-29 2001-05-03 Nokia Corporation Procede et dispositif d'identification fiable d'un utilisateur dans un systeme informatique
US20100304670A1 (en) * 2009-05-26 2010-12-02 Shuo Jeffrey Portable personal sim card
EP2530631A1 (fr) * 2011-05-31 2012-12-05 Gemalto SA Procédé pour accéder à au moins un service, appareil communicant et système correspondants
US20130331063A1 (en) * 2012-06-11 2013-12-12 Research In Motion Limited Enabling multiple authentication applications
WO2014089576A1 (fr) * 2012-12-07 2014-06-12 Chamtech Technologies Incorporated Techniques d'authentification biométrique d'un utilisateur de dispositif mobile

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IT201600115265A1 (it) * 2016-11-15 2018-05-15 Seecod S R L Procedimento e sistema informatico di identificazione ed autenticazione dell'identità digitale di un soggetto in possesso di un dispositivo di telecomunicazione personale.

Also Published As

Publication number Publication date
GB2527831B (en) 2021-08-11
GB2527831A (en) 2016-01-06
GB201411923D0 (en) 2014-08-20

Similar Documents

Publication Publication Date Title
CN111107543B (zh) 蜂窝服务账户转移和认证
US10516540B2 (en) Management of profiles in an embedded universal integrated circuit card (eUICC)
US10917790B2 (en) Server trust evaluation based authentication
CN106211122B (zh) 用于管理sim模块中的多个简档的方法、sim模块以及计算机可读介质
KR101904338B1 (ko) 모바일 디바이스에서의 사용자 인증 및 인간 의도 검증을 위한 방법 및 장치
CN110798833B (zh) 一种鉴权过程中验证用户设备标识的方法及装置
KR102040231B1 (ko) 이동 통신에서 가입 사업자 변경 제한 정책을 지원하는 정책 적용 방법 및 장치
KR101692171B1 (ko) 장치간의 통신 세션을 확립하기 위한 방법
US20180192264A1 (en) Open Access Points for Emergency Calls
CN107835204B (zh) 配置文件策略规则的安全控制
KR20160114620A (ko) 동적 네트워크 액세스 관리를 위한 방법들, 디바이스들 및 시스템들
KR20130089651A (ko) 로밍 네트워크 내의 액세스 단말 아이덴티티의 인증
CN101248644A (zh) 用户数据的管理
JP2014524073A (ja) サービスアクセス認証方法およびシステム
KR20160143333A (ko) 이중 채널을 이용한 이중 인증 방법
US8989380B1 (en) Controlling communication of a wireless communication device
EP3306969B1 (fr) Procédé et dispositif d'authentification de terminal
CN107659935B (zh) 一种认证方法、认证服务器、网管系统及认证系统
US9747432B1 (en) Remotely enabling a disabled user interface of a wireless communication device
WO2016001035A1 (fr) Authentification de sécurité
EP3105900B1 (fr) Procédé et système pour déterminer qu'une carte sim et un client sip sont co-implantés dans le même équipement mobile
WO2016001032A1 (fr) Authentification d'utilisateur et gestion de ressources dans un réseau cellulaire
KR102185215B1 (ko) 인증 장치의 동작 방법, 네트워크 접속 및 인증 시스템, 종단단말의 동작 방법 및 접속단말의 동작 방법
EP3219066B1 (fr) Système de sécurité matériel pour dispositif radio pour utilisation en spectre sans fil
KR20190044104A (ko) 적어도 하나의 디바이스에 데이터를 송신하기 위한 방법, 데이터 송신 제어 서버, 저장 서버, 처리 서버 및 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15730815

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15730815

Country of ref document: EP

Kind code of ref document: A1