US20090217048A1 - Wireless device authentication between different networks - Google Patents
Wireless device authentication between different networks Download PDFInfo
- Publication number
- US20090217048A1 US20090217048A1 US11/571,206 US57120605A US2009217048A1 US 20090217048 A1 US20090217048 A1 US 20090217048A1 US 57120605 A US57120605 A US 57120605A US 2009217048 A1 US2009217048 A1 US 2009217048A1
- Authority
- US
- United States
- Prior art keywords
- token
- network
- mobile communication
- communication device
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Definitions
- the present invention relates generally to wireless communication systems. More particularly, the present invention relates to authentication of wireless devices for access to different wireless networks.
- Wi-Fi hotspots or IEEE 802.11 WLANs (Wireless Local Area Networks)
- Mobile communication devices such as cellular telephones, personal digital assistants, and wireless-enabled laptop computers, are now becoming available with interfaces for multiple wireless networks, such as CDMA (Code Division Multiple Access) 1 ⁇ RTT (1 ⁇ Radio Transmission Technology), CDMA EVDO (Evolution-Data Optimized) networks, and Wi-Fi networks.
- CDMA Code Division Multiple Access
- RTT Radio Transmission Technology
- CDMA EVDO Evolution-Data Optimized
- CHAP Challenge-Handshake Authentication Protocol
- MD5 Message-Digest 5
- the authentication server checks the response against its own calculation of the expected hash value, using the same shared secret. If the values match, the authentication is acknowledged; otherwise the connection is terminated.
- the authentication to the second network can pose security risks. It is well recognized that some wireless networks are more secure and trusted than other wireless networks. For example, a CDMA 1 ⁇ RTT network is generally considered to be more secure than an IEEE 802.11-based Wi-Fi network, due to the broader spectrum availability, and established security practices and policies. In less-secure environments, the known vulnerabilities in conventional authentication protocols, such as CHAP, may be exploited by rogue parties to intercept private information.
- Certificate-based techniques using IPSec VPNs (Internet Protocol Security Virtual Private Networks), to support transparent and more secure roaming have been proposed.
- a disadvantage of such techniques is that the user must be issued the necessary certificates, such as public and private key certificates, over a separately established secure channel, such as an https (HyperText Transfer Protocol Secure sockets) channel, prior to roaming.
- the use of temporary authentication identities, such as a Temporary Mobile Subscriber Identity (TMSI) have also been proposed to facilitate roaming to pre-authorized Wi-Fi access points within a cell. While such techniques would permit relatively seamless roaming, they require that the TMSI be provided in advance to each authorized access point.
- TMSI Temporary Mobile Subscriber Identity
- the present invention provides an authentication system.
- the authentication system comprises a token generation module to provide a token to a mobile communication device over a first network; and an authenticator to receive the token from the mobile communication device over a second network, to verify a token contents, and to grant the mobile communication device access to the second network based on the verification of the token contents.
- the present invention provides a communication system, comprising: a mobile communication device; a first network to which the mobile communication is authenticated; and an authentication system having a token generation module to provide a token to a mobile communication device over the first network; and an authenticator to receive the token from the mobile communication device over a separate network, to verify a token contents, and to grant the mobile communication device access to the separate network based on the verification of the token contents.
- FIG. 1 is a diagram of a heterogeneous wireless communication environment according to some embodiments of the present invention.
- FIG. 3 is a flow chart of a method for authentication and handoff according to the first embodiment
- FIG. 5 is a flow chart of a method for authentication according to the second embodiment
- FIG. 6 shows a system including a primary authentication system and a secondary authentication server according to an embodiment of the present invention
- FIG. 7 is a flow chart of a method for authentication using the system of FIG. 6 ;
- FIG. 8 shows a system in which a secondary authentication server includes an authenticator according to the present invention.
- FIG. 9 shows a system in which a secondary authentication server includes an authenticator and a token generation module according to the present invention.
- the present invention provides a method and system for authenticating a mobile communication device on a first network, and providing the device with a token that can be used to sign on to a second network without requiring conventional re-authentication over the second network.
- the token used to sign on to the second network can be a single use token.
- FIG. 1 shows a heterogeneous wireless communication environment according to some embodiments of the present invention where a mobile communication device 10 initially authenticates over a first network 12 , for example, operating under a first wireless protocol, and roams to a second network 14 , for example, operating under a different wireless protocol.
- the first network 12 is generally a trusted and secure network, operating under such protocols as CDMA2000 1 ⁇ RTT, W-CDMA (Wireless CDMA), EDGE, CDMA EVDO, or GSM (Global System for Mobile Communications).
- the second network 14 can be any network different from the first network 12 .
- the second network 14 can be operating under a different protocol than the first, can offer different services, such as voice or data communications, or can be operated by a different service provider.
- the authentication functions can be distributed across several servers or applications, and can be wholly or partially operated by third parties distinct from the network service provider.
- the access point 15 and base station 16 communicate with conventional network elements (not shown), such as switches and routers, to transmit data or voice communications over the first and second networks 12 , 14 , as appropriate.
- network elements not shown
- access points, or transceivers such as access point 15
- Each access point can serve multiple mobile devices within a defined network area. As mobile devices move beyond the range of one access point, they are automatically handed over to the next one.
- a small WLAN may only require a single access point, and the number required increases as a function of the number of mobile devices and the physical size of the WLAN.
- base station 16 is accessible within a defined area, and can be in communication with other radio towers, and with the Internet and conventional wired networks to provide data and telephony services.
- the AAA server including authentication system 18 , is a server application that handles user requests for access to computer resources and provides AAA services.
- the authentication system 18 includes a token generation module 19 and an authenticator 21 .
- the AAA server interacts with network access and gateway servers, home and visitor location registers, and databases and directories containing user information, user profiles, billing rates, etc.
- Common standards by which devices or applications communicate with an AAA server include the Remote Authentication Dial-In User Service (RADIUS), and RADIUS2 or DIAMETER.
- RADIUS Remote Authentication Dial-In User Service
- RADIUS2 DIAMETER
- RADIUS is an AAA protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
- the mobile device 10 When connecting to a network, the mobile device 10 creates an ACCESS-REQUEST message, typically including a username and password, and passes the ACCESS-REQUEST to a network access server device (not shown) over Point-to-Point Protocol (PPP), then to the authentication system 18 .
- PPP Point-to-Point Protocol
- the authentication system 18 receives the ACCESS-REQUEST message and verifies that the server possesses a shared secret for the user.
- authentication system 18 If the authentication system 18 does not possess a shared secret for the user, the request is silently dropped; otherwise, authentication system 18 then authenticates the mobile device 10 using an authentication protocol, such as Password Authentication Protocol (PAP), CHAP, Extensible Authentication Protocol (EAP) or EAPOW (EAP over wireless). If authentication is successful, the authentication system 18 generates an ACCESS-ACCEPT message and transmits it to the mobile device 10 and to the network 12 , allowing the device to access network services in accordance with the user's profile, and to initiate voice or data communications.
- the AAA server is notified when the session starts and stops, so that the user can be billed accordingly; or the usage data can be used for statistical purposes. In some embodiments of the present invention the AAA server also stores information, accessible to, or stored directly within, the authentication system 18 , regarding other networks, such as second network 14 , to which the mobile subscriber can connect.
- FIGS. 2 and 3 illustrate a first embodiment of a system and method for providing authentication to the second network 14 through the first network 12 .
- the authentication to the second network 14 can be followed by a handoff to the second network 14 .
- FIG. 2 , and subsequent system figures are simplified representations showing the data flow between the mobile device 10 , the first and second networks 12 , 14 , and the authentication system 18 .
- Network elements such as access point 15 and base station 16 , are not shown. However, as will be understood by those of skill in the art, communications between the authentication system 18 and the mobile device 10 are physically transmitted between elements appropriate to the given network, as exemplified above.
- the method commences after the mobile device 10 is authenticated in a conventional manner, as described above, to the first network 12 , and desires to access the second network 14 .
- the decision to access the second network 14 can be based on many factors, including location, signal strength, availability, cost, a desire to access services not provided by the first network, etc., as will be understood by those of skill in the art.
- the mobile device 10 sends ( 100 ) a request 20 to the authentication system 18 , requesting credentials for logging in to the second network 14 .
- the token generation module 19 of the authentication system 18 generates ( 102 ) a token 24 , that includes the credentials required to authenticate the mobile device 10 to the second network 14 , and sends ( 104 ) a response 22 , including the token 24 , back to the mobile device 10 , over the first network 12 .
- the token 24 is then stored ( 106 ) in the mobile device 10 .
- the mobile device 10 can request credentials for access to the second network 14 at the time it desires to access the network, or can request the credentials in advance, and store the token for future use.
- the second network 14 can be any network, and does not need to be the next network that the device 10 desires to access.
- the authentication system 18 can generate and transmit the token 24 to the mobile device 10 automatically at initialization once the device 10 is authenticated, or at any other time during the device's connection to the first network 12 , obviating the need for request 20 .
- the mobile device 10 is authenticated, and the authentication system 18 sends ( 116 ) an ACCESS-ACCEPT message 30 back through network 14 to the mobile device 10 , thereby granting access ( 118 ) to the second network 14 and completing the authentication. If the token fails to generate an ACCESS-ACCEPT message, mobile device 10 can proceed to authenticate to the second network using conventional authentication methods such as CHAP, PAP, EAP or EAPOW.
- the user can be handed off to the second network 14 and terminate his connection to the first network 12 , or can remain logged into two or more networks to, for example, access different services, such as voice and data services. Connection to multiple networks is, for example, enabled under the IPv6 communication protocol.
- each token will include a username, password and protocol identification. To provide adequate security and avoid third party interception, some, or all, of this information can be encrypted or hashed, using any appropriate encryption scheme based on public and/or private key infrastructures, or hash functions, such as MD5, and SHA (Secure Hash Algorithm), with a key known to the authentication system 18 .
- the token can also include, or be associated to, encryption keys necessary for establishing and ensuring a secure communication channel between the mobile device and the second network.
- the token can be a single use token, or can be used multiple times, or a predetermined number of times, by the mobile communication device to access the second network.
- the token can also be set to expire at a predetermined time, such as to avoid its use by any party outside a given window, or based on time paid for on the first and/or second networks, as in a pay per use telephone.
- Token expiry can also be based on number of uses of the token, or the number of times the user has accessed the second network.
- the security key associated to the token can be systematically changed.
- the token 24 also includes, for example in its header, address information for the authentication system 18 , to permit the second network 14 to identify authentication system 18 . As will be noted, token 24 is not opened, decrypted or verified until it is received at the authentication system 18 , and is merely passed through mobile device 10 and second network 14 .
- the mobile device When the mobile device associates ( 136 ) with the second network 14 , it sends ( 138 ) a message 42 , including identification information and one of the tokens 36 , 37 , 38 , such as token 36 , requesting access to the second network 14 .
- the choice of the appropriate token to send can be based on, for example, the identity of network 14 , the current time, the services available on the network, such as voice or data services, the amount of time paid for on the network, the number of times the network has been previously accessed by the mobile communications device 10 , or a predefined network access order.
- the tokens 36 , 37 , 38 can be used in order.
- the second network 14 sends a message 44 to the authentication system 18 , requesting ( 140 ) authentication of the mobile device 10 .
- Message 44 includes the token 36 , and will also typically include the mobile device identification information and information identifying the second network.
- the authentication system 18 verifies ( 142 ) the information contained in the token 36 , based on the content of message 44 , and a shared secret or other key known to the authentication system 18 . If the verification is successful, the mobile device 10 is authenticated, and the authentication system 18 sends ( 144 ) an ACCESS-ACCEPT message 46 to the mobile device 10 granting access ( 146 ) to the second network 14 and completing the authentication process.
- a subsequent token can be used to authenticate to that network, without going back to the authentication system 18 for a new token.
- Subsequent tokens can also be used if a token expires and the user wants to continue accessing second network 14 , or if the user wishes to re-authenticate to the first network 12 . In the later embodiment the user may wish to re-authenticate to the first network 12 to obtain further tokens for future use.
- a first token fails to generate an ACCESS-ACCEPT message, a second token can be tried. If all tokens fail, the mobile device can fall back to standard authentication through an authentication protocol such as CHAP.
- FIGS. 6 and 7 illustrate a further embodiment in which a primary authentication system 50 services the first network 12 , while a secondary authentication server 52 provides authentication functions for the second network 14 .
- the method commences after the mobile device 10 is authenticated in a conventional manner to the first network 12 .
- the mobile device 10 sends ( 150 ) a request 60 to the primary authentication system 50 , requesting credentials for logging in to the second network 14 .
- the token generation module 19 of the primary authentication system 50 generates ( 152 ) a token 64 , that includes the credentials required to authenticate the mobile device 10 to the second network 14 , and sends ( 154 ) a response 62 , including the token 64 , back to the mobile device 10 , over the first network 12 .
- the second network 14 sends a message 68 to the secondary authentication server 52 , requesting ( 162 ) authentication of the mobile device 10 .
- Message 68 includes the token 64 , and will also typically include the mobile device identification information.
- the secondary authentication server 52 contacts the primary authentication system 50 , and sends it ( 164 ) a message 70 containing the token 64 and a request for verification.
- the secondary authentication server 52 can have independent knowledge of the contact information for the authentication system 18 , or the contact information can be included in the token 64 , such as in its header.
- the authentication system 18 verifies ( 166 ) the information contained in the token 64 , based on a shared secret or other key known to the primary authentication system 50 .
- primary authentication system 50 returns ( 168 ) a successful verification message 72 to the secondary authentication server 52 .
- the secondary authentication server 52 then authorizes the mobile device 10 for access to the second network, and sends ( 170 ) an ACCESS-ACCEPT message 74 , to the mobile device 10 , granting access ( 172 ) to the second network 14 and completing the authentication process.
- the secondary authentication server can include an authenticator, or can include a fully enabled authentication system, as described above. In such cases, the authentication functions of the present invention can be distributed.
- the secondary authentication server 80 includes at least an authenticator 81 .
- the mobile device 10 requests credentials, and receives a token 82 , from the primary authentication system 50 .
- the primary authentication system 82 also provides the token 82 , or the encryption key associated with the token, to the secondary authentication server 80 .
- the mobile device 10 requests access to the secondary network 14 and provides the token 82 .
- the authenticator 81 of the secondary authentication server 80 then verifies the token, as described above, and authorizes the mobile device 10 for access to the second network 14 .
- the embodiments described above are not intended to, in any way, limit the scope of the present invention.
- the token generation module functions and the authenticator functions can be distributed between the primary and secondary authentication systems, or other server, in any manner consistent with generating tokens for passing over a first network and receiving the tokens for authentication over a second network. It is contemplated that the generation of tokens, and their authentication, can occur on any server, or servers, associated with the first and/or the second networks.
- the tokens can be single use, or can be used for multiple access. One or more tokens can be provided to the mobile device, on demand or at any other time. Multiple tokens can be generated, for access to different networks, valid at different times, or otherwise differentiated.
- the application software embodying the mobile device token handling functions and the AAA and network server functionality can be stored on any suitable computer-useable medium for execution by a microprocessor in the mobile communication device or server, such as CD-ROM, hard disk, read-only memory, random access memory, flash memory, Subscriber Identity Module (SIM) card.
- the application software can be written in any suitable programming language, such as C++.
Abstract
A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, providing the device with a single-use token that can be used to sign-on to a second network without requiring conventional re-authentication over the second network. The method and system allows a token or set of tokens to be sent to a mobile device over a secure and trusted channel. The token can then be sent over another network, operating over a different protocol to an authentication system where its contents are verified and authorization to access the new network is generated such that the token does not need to be processed by the new network. Hence the mobile device does not need to re-authenticate to the new network.
Description
- The present invention relates generally to wireless communication systems. More particularly, the present invention relates to authentication of wireless devices for access to different wireless networks.
- With the widespread adoption of wireless communication devices, and the proliferation of Wi-Fi hotspots, or IEEE 802.11 WLANs (Wireless Local Area Networks), there is a growing demand for hybrid mobile communication devices that are capable of operating across networks implementing varied wireless technologies. Mobile communication devices, such as cellular telephones, personal digital assistants, and wireless-enabled laptop computers, are now becoming available with interfaces for multiple wireless networks, such as CDMA (Code Division Multiple Access) 1×RTT (1× Radio Transmission Technology), CDMA EVDO (Evolution-Data Optimized) networks, and Wi-Fi networks.
- Generally, a mobile device user must be authenticated to a network prior to gaining access to the network services. Challenge-Handshake Authentication Protocol (CHAP) is a common authentication protocol used to effect such authentication. CHAP uses a three-way handshake to verify the identity of the client or user upon initial link establishment. After the link is established, the authentication server sends a challenge message to the mobile device. Using a shared secret, such as a password, the user device responds with a value calculated using a one-way hash function, such as MD5 (Message-Digest 5). The authentication server checks the response against its own calculation of the expected hash value, using the same shared secret. If the values match, the authentication is acknowledged; otherwise the connection is terminated.
- When moving between networks, a handoff must occur, requiring an authentication to the new network. In current hybrid architectures, full authentication is repeated, often requiring the user to re-enter username and password information. Even in systems where the login information is passed directly to the new network, the challenge-based authentication can result in slow handoffs, which may be undesirable from a performance perspective. For example, in voice communications, latencies of greater than about 150 ms are considered unacceptable and may be perceptible to the user.
- In addition to the speed of the handoff, the authentication to the second network can pose security risks. It is well recognized that some wireless networks are more secure and trusted than other wireless networks. For example, a
CDMA 1×RTT network is generally considered to be more secure than an IEEE 802.11-based Wi-Fi network, due to the broader spectrum availability, and established security practices and policies. In less-secure environments, the known vulnerabilities in conventional authentication protocols, such as CHAP, may be exploited by rogue parties to intercept private information. - Certificate-based techniques, using IPSec VPNs (Internet Protocol Security Virtual Private Networks), to support transparent and more secure roaming have been proposed. A disadvantage of such techniques is that the user must be issued the necessary certificates, such as public and private key certificates, over a separately established secure channel, such as an https (HyperText Transfer Protocol Secure sockets) channel, prior to roaming. The use of temporary authentication identities, such as a Temporary Mobile Subscriber Identity (TMSI), have also been proposed to facilitate roaming to pre-authorized Wi-Fi access points within a cell. While such techniques would permit relatively seamless roaming, they require that the TMSI be provided in advance to each authorized access point.
- It is, therefore, desirable to provide a method and system for quickly and securely authenticating to a new network, such as when roaming with a mobile communication device.
- In a first aspect, the present invention provides a method of performing authentication of a wireless mobile communication device on a network. The method comprises providing a token to the mobile communication device over a first network; receiving the token from the mobile communication device over a second network; and authenticating the mobile communication device for access to the second network by verifying the token.
- In a second aspect, the present invention provides an authentication system. The authentication system comprises a token generation module to provide a token to a mobile communication device over a first network; and an authenticator to receive the token from the mobile communication device over a second network, to verify a token contents, and to grant the mobile communication device access to the second network based on the verification of the token contents.
- In a further aspect, the present invention provides a method for authenticating to a heterogeneous network, comprising: receiving a token over a first network to which a mobile communication device is authenticated; sending the token to an authenticator over a second heterogeneous network; and receiving authorization to access the second network from the authenticator based on a verification of contents of the token.
- The present invention also provides a mobile communication device, comprising: means to receive a token over a first network, the token containing credentials for authentication to a second network; and means to forward the token over the second network for authentication.
- In yet another aspect, the present invention provides a communications network having authentication functions; comprising: an authentication system having a token generation module to provide a token to a mobile communication device over the communications network; and an authenticator to receive the token from the mobile communication device over a separate network, to verify a token contents, and to grant the mobile communication device access to the separate network based on the verification of the token contents.
- In yet another aspect, the present invention provides a communication system, comprising: a mobile communication device; a first network to which the mobile communication is authenticated; and an authentication system having a token generation module to provide a token to a mobile communication device over the first network; and an authenticator to receive the token from the mobile communication device over a separate network, to verify a token contents, and to grant the mobile communication device access to the separate network based on the verification of the token contents.
- Other aspects and features of the present invention will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.
- Embodiments of the present invention will now be described, by way of example only, with reference to the attached Figures, wherein:
-
FIG. 1 is a diagram of a heterogeneous wireless communication environment according to some embodiments of the present invention; -
FIG. 2 shows a system for effecting handoff between wireless networks, according to a first embodiment; -
FIG. 3 is a flow chart of a method for authentication and handoff according to the first embodiment; -
FIG. 4 shows a system for effecting handoff between wireless networks, according to a second embodiment; -
FIG. 5 is a flow chart of a method for authentication according to the second embodiment; -
FIG. 6 shows a system including a primary authentication system and a secondary authentication server according to an embodiment of the present invention; -
FIG. 7 is a flow chart of a method for authentication using the system ofFIG. 6 ; -
FIG. 8 shows a system in which a secondary authentication server includes an authenticator according to the present invention; and -
FIG. 9 shows a system in which a secondary authentication server includes an authenticator and a token generation module according to the present invention. - Generally, the present invention provides a method and system for authenticating a mobile communication device on a first network, and providing the device with a token that can be used to sign on to a second network without requiring conventional re-authentication over the second network. In some embodiments, the token used to sign on to the second network can be a single use token.
-
FIG. 1 shows a heterogeneous wireless communication environment according to some embodiments of the present invention where amobile communication device 10 initially authenticates over afirst network 12, for example, operating under a first wireless protocol, and roams to asecond network 14, for example, operating under a different wireless protocol. Thefirst network 12 is generally a trusted and secure network, operating under such protocols asCDMA2000 1×RTT, W-CDMA (Wireless CDMA), EDGE, CDMA EVDO, or GSM (Global System for Mobile Communications). Thesecond network 14 can be any network different from thefirst network 12. For example, thesecond network 14 can be operating under a different protocol than the first, can offer different services, such as voice or data communications, or can be operated by a different service provider. For the purposes of the present description, thesecond network 14 is a less secure network than the first network. For example, the second network can be a broadband wireless network, such as a WLAN operating under a protocol such as IEEE 802.11, 802.15, 802.16, 802.20 and their variants, a cellular network, or any other network that is different than thefirst network 12. - The environment depicted in
FIG. 1 includes an access point to a broadband wireless network, such as a Wi-Fi access point 15 as the wireless access to thesecond network 14, abase station 16 as the wireless access to thecellular network 12, and anauthentication system 18, which can be included in, for example, an authentication, authorization and accounting (AAA) server. While the following description will illustrate the invention with reference to an AAA server and AAA protocols, any authentication system that includes authentication functions to issue tokens and authenticate a wireless device to a network is encompassed by the present invention. The authentication system need not include accounting features, nor does it need to provide any management functions other than authentication. In addition, the authentication system does not need to be provided in a single server. The authentication functions can be distributed across several servers or applications, and can be wholly or partially operated by third parties distinct from the network service provider. Theaccess point 15 andbase station 16 communicate with conventional network elements (not shown), such as switches and routers, to transmit data or voice communications over the first andsecond networks access point 15, connect mobile devices within the WLAN and also can serve as the point of interconnection between the WLAN, the Internet and a wired network. Each access point can serve multiple mobile devices within a defined network area. As mobile devices move beyond the range of one access point, they are automatically handed over to the next one. A small WLAN may only require a single access point, and the number required increases as a function of the number of mobile devices and the physical size of the WLAN. Similarly,base station 16 is accessible within a defined area, and can be in communication with other radio towers, and with the Internet and conventional wired networks to provide data and telephony services. - Registration, or initialization, of the
mobile device 10 to thefirst network 12 typically involves authentication, authorization and accounting. The AAA server, includingauthentication system 18, is a server application that handles user requests for access to computer resources and provides AAA services. Theauthentication system 18 includes atoken generation module 19 and anauthenticator 21. The AAA server interacts with network access and gateway servers, home and visitor location registers, and databases and directories containing user information, user profiles, billing rates, etc. Common standards by which devices or applications communicate with an AAA server include the Remote Authentication Dial-In User Service (RADIUS), and RADIUS2 or DIAMETER. - RADIUS is an AAA protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations. When connecting to a network, the
mobile device 10 creates an ACCESS-REQUEST message, typically including a username and password, and passes the ACCESS-REQUEST to a network access server device (not shown) over Point-to-Point Protocol (PPP), then to theauthentication system 18. Theauthentication system 18 receives the ACCESS-REQUEST message and verifies that the server possesses a shared secret for the user. If theauthentication system 18 does not possess a shared secret for the user, the request is silently dropped; otherwise,authentication system 18 then authenticates themobile device 10 using an authentication protocol, such as Password Authentication Protocol (PAP), CHAP, Extensible Authentication Protocol (EAP) or EAPOW (EAP over wireless). If authentication is successful, theauthentication system 18 generates an ACCESS-ACCEPT message and transmits it to themobile device 10 and to thenetwork 12, allowing the device to access network services in accordance with the user's profile, and to initiate voice or data communications. The AAA server is notified when the session starts and stops, so that the user can be billed accordingly; or the usage data can be used for statistical purposes. In some embodiments of the present invention the AAA server also stores information, accessible to, or stored directly within, theauthentication system 18, regarding other networks, such assecond network 14, to which the mobile subscriber can connect. - When the
mobile device 10 moves into an area served by thesecond network 14, it needs to authenticate to theauthenticator 21 over the new network in order to maintain the voice or data communication.FIGS. 2 and 3 illustrate a first embodiment of a system and method for providing authentication to thesecond network 14 through thefirst network 12. The authentication to thesecond network 14 can be followed by a handoff to thesecond network 14.FIG. 2 , and subsequent system figures, are simplified representations showing the data flow between themobile device 10, the first andsecond networks authentication system 18. Network elements, such asaccess point 15 andbase station 16, are not shown. However, as will be understood by those of skill in the art, communications between theauthentication system 18 and themobile device 10 are physically transmitted between elements appropriate to the given network, as exemplified above. - Referring to
FIGS. 2 and 3 , the method commences after themobile device 10 is authenticated in a conventional manner, as described above, to thefirst network 12, and desires to access thesecond network 14. The decision to access thesecond network 14 can be based on many factors, including location, signal strength, availability, cost, a desire to access services not provided by the first network, etc., as will be understood by those of skill in the art. In one embodiment, themobile device 10 sends (100) arequest 20 to theauthentication system 18, requesting credentials for logging in to thesecond network 14. Thetoken generation module 19 of theauthentication system 18 generates (102) a token 24, that includes the credentials required to authenticate themobile device 10 to thesecond network 14, and sends (104) aresponse 22, including the token 24, back to themobile device 10, over thefirst network 12. The token 24 is then stored (106) in themobile device 10. Themobile device 10 can request credentials for access to thesecond network 14 at the time it desires to access the network, or can request the credentials in advance, and store the token for future use. Thesecond network 14 can be any network, and does not need to be the next network that thedevice 10 desires to access. In a further embodiment, theauthentication system 18 can generate and transmit the token 24 to themobile device 10 automatically at initialization once thedevice 10 is authenticated, or at any other time during the device's connection to thefirst network 12, obviating the need forrequest 20. - When the mobile device associates (108) with the
second network 14, it sends (110) amessage 26, including identification information and the token 24, requesting access to thesecond network 14. Thesecond network 14 sends amessage 28 to theauthenticator 21 of theauthentication system 18, requesting (112) authentication of themobile device 10.Message 28 includes the token 24, and will also typically include the mobile device identification information and information identifying the second network. Theauthentication system 18 verifies (114) the information contained in the token 24, based on the content ofmessage 28, and a shared secret or other key known to theauthentication system 18. If the verification is successful, themobile device 10 is authenticated, and theauthentication system 18 sends (116) an ACCESS-ACCEPTmessage 30 back throughnetwork 14 to themobile device 10, thereby granting access (118) to thesecond network 14 and completing the authentication. If the token fails to generate an ACCESS-ACCEPT message,mobile device 10 can proceed to authenticate to the second network using conventional authentication methods such as CHAP, PAP, EAP or EAPOW. - Once access to the
second network 14 has been granted, the user can be handed off to thesecond network 14 and terminate his connection to thefirst network 12, or can remain logged into two or more networks to, for example, access different services, such as voice and data services. Connection to multiple networks is, for example, enabled under the IPv6 communication protocol. - The content of
token 24 depends on the network to be accessed and the relevant protocols in operation on the first and second networks. Typically, each token will include a username, password and protocol identification. To provide adequate security and avoid third party interception, some, or all, of this information can be encrypted or hashed, using any appropriate encryption scheme based on public and/or private key infrastructures, or hash functions, such as MD5, and SHA (Secure Hash Algorithm), with a key known to theauthentication system 18. The token can also include, or be associated to, encryption keys necessary for establishing and ensuring a secure communication channel between the mobile device and the second network. The token can be a single use token, or can be used multiple times, or a predetermined number of times, by the mobile communication device to access the second network. To provide additional security, the token can also be set to expire at a predetermined time, such as to avoid its use by any party outside a given window, or based on time paid for on the first and/or second networks, as in a pay per use telephone. Token expiry can also be based on number of uses of the token, or the number of times the user has accessed the second network. In this case, the security key associated to the token can be systematically changed. The token 24 also includes, for example in its header, address information for theauthentication system 18, to permit thesecond network 14 to identifyauthentication system 18. As will be noted, token 24 is not opened, decrypted or verified until it is received at theauthentication system 18, and is merely passed throughmobile device 10 andsecond network 14. -
FIGS. 4 and 5 illustrate a second embodiment in which multiple tokens are provided to themobile device 10. The method again commences after themobile device 10 is authenticated in a conventional manner to thefirst network 12. A set oftokens authentication system 18, and transmitted (132) to themobile device 10, either at the request of the mobile device or automatically upon initialization. The number of tokens can be any number, but for the purposes of illustration a set of three tokens is shown. Thetokens tokens mobile device 10 for use during the current communication session. Supplying a set of tokens avoids the need for multiple requests by the mobile device and multiple token generation steps by the AAA server. - When the mobile device associates (136) with the
second network 14, it sends (138) amessage 42, including identification information and one of thetokens token 36, requesting access to thesecond network 14. The choice of the appropriate token to send can be based on, for example, the identity ofnetwork 14, the current time, the services available on the network, such as voice or data services, the amount of time paid for on the network, the number of times the network has been previously accessed by themobile communications device 10, or a predefined network access order. Alternately, thetokens second network 14 sends amessage 44 to theauthentication system 18, requesting (140) authentication of themobile device 10.Message 44 includes the token 36, and will also typically include the mobile device identification information and information identifying the second network. As before, theauthentication system 18 verifies (142) the information contained in the token 36, based on the content ofmessage 44, and a shared secret or other key known to theauthentication system 18. If the verification is successful, themobile device 10 is authenticated, and theauthentication system 18 sends (144) an ACCESS-ACCEPTmessage 46 to themobile device 10 granting access (146) to thesecond network 14 and completing the authentication process. - If the mobile device enters into an area served by another recognized network, a subsequent token can be used to authenticate to that network, without going back to the
authentication system 18 for a new token. Subsequent tokens can also be used if a token expires and the user wants to continue accessingsecond network 14, or if the user wishes to re-authenticate to thefirst network 12. In the later embodiment the user may wish to re-authenticate to thefirst network 12 to obtain further tokens for future use. Similarly, if a first token fails to generate an ACCESS-ACCEPT message, a second token can be tried. If all tokens fail, the mobile device can fall back to standard authentication through an authentication protocol such as CHAP. -
FIGS. 6 and 7 illustrate a further embodiment in which aprimary authentication system 50 services thefirst network 12, while asecondary authentication server 52 provides authentication functions for thesecond network 14. The method commences after themobile device 10 is authenticated in a conventional manner to thefirst network 12. Themobile device 10 sends (150) arequest 60 to theprimary authentication system 50, requesting credentials for logging in to thesecond network 14. Thetoken generation module 19 of theprimary authentication system 50 generates (152) a token 64, that includes the credentials required to authenticate themobile device 10 to thesecond network 14, and sends (154) aresponse 62, including the token 64, back to themobile device 10, over thefirst network 12. The token 64 is then stored (156) in themobile device 10. When the mobile device associates (158) with thesecond network 14, it sends (160) amessage 66, including identification information and the token 64, requesting access to thesecond network 14. - The
second network 14 sends amessage 68 to thesecondary authentication server 52, requesting (162) authentication of themobile device 10.Message 68 includes the token 64, and will also typically include the mobile device identification information. Thesecondary authentication server 52 contacts theprimary authentication system 50, and sends it (164) amessage 70 containing the token 64 and a request for verification. Thesecondary authentication server 52 can have independent knowledge of the contact information for theauthentication system 18, or the contact information can be included in the token 64, such as in its header. Theauthentication system 18 verifies (166) the information contained in the token 64, based on a shared secret or other key known to theprimary authentication system 50. If the verification is successful,primary authentication system 50 returns (168) asuccessful verification message 72 to thesecondary authentication server 52. Thesecondary authentication server 52 then authorizes themobile device 10 for access to the second network, and sends (170) an ACCESS-ACCEPTmessage 74, to themobile device 10, granting access (172) to thesecond network 14 and completing the authentication process. - In further embodiments, shown in
FIGS. 8 and 9 , the secondary authentication server can include an authenticator, or can include a fully enabled authentication system, as described above. In such cases, the authentication functions of the present invention can be distributed. InFIG. 8 , thesecondary authentication server 80 includes at least anauthenticator 81. Themobile device 10 requests credentials, and receives a token 82, from theprimary authentication system 50. Theprimary authentication system 82 also provides the token 82, or the encryption key associated with the token, to thesecondary authentication server 80. Themobile device 10 then requests access to thesecondary network 14 and provides the token 82. Theauthenticator 81 of thesecondary authentication server 80 then verifies the token, as described above, and authorizes themobile device 10 for access to thesecond network 14. - In the embodiment of
FIG. 9 , thesecondary authentication server 92 includes both atoken generation module 91 and anauthenticator 93 in accordance with the present invention. Themobile device 10 requests credentials from theprimary authentication system 90. Theprimary authentication system 90 then contacts thesecondary authentication server 92. Thetoken generation module 91 generates a token 94, and sends it to theprimary authentication system 90 in amessage 96. Theprimary authentication system 90 transmits the token 94 to themobile device 10, where it is stored. When the mobile device associates to thesecond network 14, it sends the token 94 to thesecondary authentication server 92, which verifies the token at itsauthenticator 93, and grants themobile device 10 access to thesecond network 14. - The embodiments described above are not intended to, in any way, limit the scope of the present invention. The token generation module functions and the authenticator functions can be distributed between the primary and secondary authentication systems, or other server, in any manner consistent with generating tokens for passing over a first network and receiving the tokens for authentication over a second network. It is contemplated that the generation of tokens, and their authentication, can occur on any server, or servers, associated with the first and/or the second networks. The tokens can be single use, or can be used for multiple access. One or more tokens can be provided to the mobile device, on demand or at any other time. Multiple tokens can be generated, for access to different networks, valid at different times, or otherwise differentiated.
- The application software embodying the mobile device token handling functions and the AAA and network server functionality can be stored on any suitable computer-useable medium for execution by a microprocessor in the mobile communication device or server, such as CD-ROM, hard disk, read-only memory, random access memory, flash memory, Subscriber Identity Module (SIM) card. The application software can be written in any suitable programming language, such as C++.
- As will be appreciated by those of skill in the art, the described methods and systems allow a token, or set of tokens, to be sent to a mobile device over a secure and trusted channel. A token can then be sent over another network, operating under a different protocol, to an authentication system, where its contents are verified and authorization to access the new network is generated. Except for transfer to the authentication system, the token does not need to be processed by the second network, and messaging back and forth between the new network and the AAA server or the mobile device is significantly reduced, in contrast to conventional authentication protocols, particularly challenge protocols, such as CHAP.
- Effectively, the mobile device does not need to re-authenticate to the new network, saving significant time and complexity in signing on to the new network. Such savings are particularly advantageous for services, such as Voice over IP (VoIP), where lengthy authentication to the new service is clearly undesirable, and may adversely affect the quality of service and user's perception of the service. In addition, since the tokens provide the necessary information to transparently generate an ACCESS-ACCEPT message without requiring the user to re-authenticate to the new network, the user is not required to manage multiple usernames and passwords.
- Since the token contents, including usernames and passwords, are encrypted, the present invention permits rapid authentication to a new network, and can permit rapid handoff between a more trusted and a less trusted network. The present invention also provides enhanced security by limiting the amount of vulnerable authentication messaging between the authentication system and any less trusted network. This means service providers can integrate inexpensive IEEE 802.11 access points into their systems, rather than investing in costly cellular infrastructure, without unduly compromising the security of information sent over the less secure link.
- The above-described embodiments of the present invention are intended to be examples only. Alterations, modifications and variations may be effected to the particular embodiments by those of skill in the art without departing from the scope of the invention, which is defined solely by the claims appended hereto.
Claims (62)
1. A method of performing authentication of a wireless mobile communication device on a network, comprising:
providing a token to the mobile communication device over a first network;
receiving the token from the mobile communication device over a second network; and
authenticating the mobile communication device for access to the second network by verifying the token.
2. The method of claim 1 , wherein providing the token to the mobile communication device comprises providing a username and password for access to the second network.
3. The method of claim 1 , further including providing encryption keys for establishing a secure channel between the mobile communication device and the second network.
4. The method of claim 3 , wherein providing the encryption keys comprises providing the encryption keys with the token.
5. The method of claim 1 , wherein providing the token to the mobile communication device comprises generating the token at the request of the mobile communication device.
6. The method of claim 1 , wherein the token comprises a header and a token content and wherein providing the token to the mobile communication device further comprises encrypting the token contents.
7. The method of claim 6 , wherein encrypting the token contents comprises employing a PKI method.
8. The method of claim 6 , wherein authenticating the mobile communication device for access to the second network by verifying the token comprises decrypting the token contents.
9. The method of claim 6 , wherein encrypting the token contents comprises applying a hash function to the token contents.
10. The method of claim 9 , wherein the hash function is MD5 or SHA.
11. The method of claim 1 , wherein providing a token to the mobile communication device comprises providing a plurality of tokens to the mobile communication device.
12. The method of claim 11 , wherein providing the plurality of tokens to the mobile communication device comprises providing a plurality of tokens having different expiry times.
13. The method of claim 11 , wherein providing the plurality of tokens to the mobile communication device comprises providing a plurality of tokens, each of which provides authentication to a different second network.
14. The method of claim 1 , wherein authenticating the mobile communication device comprises transmitting an ACCESS-ACCEPT message to the second network and the mobile communication device.
15. The method of claim 1 , wherein providing the token to the mobile communication device comprises providing the token over a secure channel.
16. The method of claim 1 , wherein the first network operates under a CDMA 1×RTT, W-CDMA, CDMA EVDO, or GSM protocol.
17. The method of claim 1 , wherein the second network operates under an IEEE 802.11, IEEE 802.15, IEEE 802.16, or IEEE 802.20 protocol.
18. The method of claim 1 , further comprising having the mobile communication device remain authenticated to both the first and second network.
19. The method of claim 18 , wherein having the mobile communication device remain authenticated to both the first and second networks is enabled by a communication according to the IPv6 protocol.
20. The method of claim 1 , wherein authenticating the mobile communication device for access to the second network further comprises authenticating under an authentication protocol, if verification of the token is unsuccessful.
21. The method of claim 20 , wherein authenticating under an authentication protocol comprises authenticating under CHAP, PAP, EAP or EAPOW protocols.
22. An authentication system, comprising:
a token generation module to provide a token to a mobile communication device over a first network;
an authenticator to receive the token from the mobile communication device over a second network, to verify a token contents, and to grant the mobile communication device access to the second network based on the verification of the token contents.
23. The system of claim 22 , wherein the token contents comprises a username and password for access to the second network.
24. The system of claim 22 , wherein the token expires after a predetermined expiry time.
25. The system of claim 22 , wherein the token generation module is further operable to receive a request from the mobile communication device.
26. The system of claim 22 , wherein the token generation module is further operable to encrypt the token contents.
27. The system of claim 26 , wherein to encrypt the token contents, the token generation module is operable to employ a PKI method.
28. The system of claim 26 , wherein the authenticator is further operable to decrypt the token.
29. The system of claim 26 , wherein the token generation module is further operable to apply a hash function to the token contents.
30. The system of claim 29 , wherein the hash function is MD5 or SHA.
31. The system of claim 22 , wherein the token generation module provides a plurality of tokens to the mobile communication device.
32. The system of claim 31 , wherein the plurality of tokens have different expiry times.
33. The system of claim 31 , wherein each of the plurality of tokens are for authentication to a different second network.
34. The system of claim 22 is included in a RADIUS server.
35. The system of claim 22 is included in a DIAMETER server.
36. The system of claim 34 , wherein the authenticator transmits an ACCESS-ACCEPT message to the second network and the mobile communication device.
37. The system of claim 22 , wherein the token is provided over a secure channel.
38. The system of claim 22 , wherein the first network operates under a CDMA 1×RTT, W-CDMA, CDMA EVDO, or GSM protocol.
39. The system of claim 22 , wherein the second network operates under an IEEE 802.11, IEEE 802.15, IEEE 802.16, or IEEE 802.20 protocol.
40. The system of claim 22 , wherein, if verification of the token contents is unsuccessful, the authenticator switches to an authentication protocol.
41. The system of claim 40 , wherein the authentication protocol is CHAP, PAP, EAP or EAPOW.
42. The system of claim 22 , wherein the token generation module is associated to the first network.
43. The system of claim 22 , wherein the token generation module is associated to the second network.
44. The system of claim 22 , wherein the authenticator is associated to the first network.
45. The system of claim 22 , wherein the authenticator is associated to the second network.
46. A method for authenticating to a heterogeneous network, comprising:
receiving a token over a first network to which a mobile communication device is authenticated;
sending the token to an authenticator over a second heterogeneous network;
receiving authorization to access the second network from the authenticator based on a verification of contents of the token.
47. The method of claim 46 , wherein the token contents include a username and password for access to the second network.
48. The method of claim 46 , wherein the token expires at a predetermined expiry time.
49. The method of claim 46 , wherein receiving the token is preceded by initiating a request for a token.
50. The method of claim 46 , wherein a plurality of tokens are received.
51. The method of claim 50 , wherein the plurality of tokens are each for access to a different network.
52. The method of claim 50 , wherein the plurality of tokens each expire at different times.
53. The method of claim 50 , wherein sending the token includes selecting one of the plurality of tokens.
54. The method of claim 46 , wherein receiving authorization includes receiving an ACCESS-ACCEPT message.
55. The method of claim 46 , wherein the token is provided over a secure channel.
56. The method of claim 46 , wherein the first network operates under a CDMA 1×RTT, W-CDMA, CDMA EVDO, or GSM protocol.
57. The method of claim 46 , wherein the second network operates under an IEEE 802.11, IEEE 802.15, IEEE 802.16, or IEEE 802.20 protocol.
58. The method of claim 46 , wherein, if verification of the token contents is unsuccessful, authentication of the mobile communication device to the second network proceeds under an authentication protocol.
59. The method of claim 58 , wherein the authentication protocol is CHAP, PAP, EAP or EAPOW.
60. A mobile communication device, comprising:
means to receive a token over a first network, the token containing credentials for authentication to a second network; and
means to forward the token over the second network for authentication.
61. A communications network having authentication functions; comprising:
an authentication system having a token generation module to provide a token to a mobile communication device over the communications network; and an authenticator to receive the token from the mobile communication device over a separate network, to verify a token contents, and to grant the mobile communication device access to the separate network based on the verification of the token contents.
62. A communication system, comprising:
a mobile communication device;
a first network to which the mobile communication is authenticated; and
an authentication system having a token generation module to provide a token to a mobile communication device over the first network; and an authenticator to receive the token from the mobile communication device over a separate network, to verify a token contents, and to grant the mobile communication device access to the separate network based on the verification of the token contents.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/630,771 US8959598B2 (en) | 2005-12-23 | 2012-09-28 | Wireless device authentication between different networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2005/001971 WO2007071009A1 (en) | 2005-12-23 | 2005-12-23 | Wireless device authentication between different networks |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2005/001971 A-371-Of-International WO2007071009A1 (en) | 2005-12-23 | 2005-12-23 | Wireless device authentication between different networks |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/630,771 Continuation US8959598B2 (en) | 2005-12-23 | 2012-09-28 | Wireless device authentication between different networks |
Publications (1)
Publication Number | Publication Date |
---|---|
US20090217048A1 true US20090217048A1 (en) | 2009-08-27 |
Family
ID=38175483
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/571,206 Abandoned US20090217048A1 (en) | 2005-12-23 | 2005-12-23 | Wireless device authentication between different networks |
US13/630,771 Active US8959598B2 (en) | 2005-12-23 | 2012-09-28 | Wireless device authentication between different networks |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/630,771 Active US8959598B2 (en) | 2005-12-23 | 2012-09-28 | Wireless device authentication between different networks |
Country Status (4)
Country | Link |
---|---|
US (2) | US20090217048A1 (en) |
EP (1) | EP1969761A4 (en) |
CA (1) | CA2571255C (en) |
WO (1) | WO2007071009A1 (en) |
Cited By (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080195863A1 (en) * | 2007-02-09 | 2008-08-14 | Microsoft Corporation | Securing wireless communications between devices |
US20090109925A1 (en) * | 2007-10-26 | 2009-04-30 | Hitomi Nakamura | Communication system and gateway apparatus |
US20100167732A1 (en) * | 2008-12-30 | 2010-07-01 | Motorola, Inc. | Providing over-the-top services on femto cells of an ip edge convergence server system |
US20100235657A1 (en) * | 2009-03-16 | 2010-09-16 | Samsung Electronics Co., Ltd. | Method of and apparatus for controlling system according to power feeding of terminal |
US20110110334A1 (en) * | 2007-06-27 | 2011-05-12 | Panasonic Corporation | Communication system, communication processing device and authentication processing device |
US20110219428A1 (en) * | 2010-03-03 | 2011-09-08 | Kabushiki Kaisha Toshiba | Electronic apparatus and terminal |
KR101095481B1 (en) | 2010-03-18 | 2011-12-19 | 주식회사 엘지유플러스 | Fixed mobile convergence service providing system and providing method thereof |
US20120022968A1 (en) * | 2009-10-09 | 2012-01-26 | Tajinder Manku | Using a first network to control access to a second network |
US20120116886A1 (en) * | 2009-10-09 | 2012-05-10 | Pravala Inc. | Using a first network to control access to a second network |
US20120120933A1 (en) * | 2010-11-12 | 2012-05-17 | Deutsche Telekom Ag | Method for enhanced radio resource management in a public land mobile network |
US20120148043A1 (en) * | 2010-12-10 | 2012-06-14 | At&T Intellectual Property 1 Lp | Network Access Via Telephony Services |
US20120167185A1 (en) * | 2010-12-23 | 2012-06-28 | Microsoft Corporation | Registration and network access control |
US20120171996A1 (en) * | 2010-12-30 | 2012-07-05 | Sierra Wireless, Inc. | Method for enabling operation of a wireless modem |
US20120198539A1 (en) * | 2009-08-31 | 2012-08-02 | China Mobile Communications Corporation | Service Access Method, System and Device Based on WLAN Access Authentication |
US20120272057A1 (en) * | 2008-03-31 | 2012-10-25 | Jasmeet Chhabra | Method and Apparatus for Secured Embedded Device Communication |
US20130133044A1 (en) * | 2011-11-18 | 2013-05-23 | Lockheed Martin Corporation | Self-propelled harvesting vehicle including a thermochemical reactor for carbonizing harvested crop material |
US20130150000A1 (en) * | 2010-02-12 | 2013-06-13 | Alexander Hoi WONG | Seamless mobile subscriber identification |
US20130269008A1 (en) * | 2012-04-04 | 2013-10-10 | Ming-Jye Sheu | Key assignment for a brand |
US20140105007A1 (en) * | 2011-01-17 | 2014-04-17 | Agency For Science, Technology And Research | Method and Device for Mobile Data Offload |
US20140122869A1 (en) * | 2012-10-26 | 2014-05-01 | Cloudpath Networks, Inc. | System and method for providing a certificate for network access |
US20140136208A1 (en) * | 2012-11-14 | 2014-05-15 | Intermec Ip Corp. | Secure multi-mode communication between agents |
US20140153722A1 (en) * | 2012-12-03 | 2014-06-05 | Semyon Mizikovsky | Restricting use of mobile subscriptions to authorized mobile devices |
US20140161037A1 (en) * | 2008-04-02 | 2014-06-12 | Vodafone Group Plc | Telecommunications network |
US20140227999A1 (en) * | 2011-08-05 | 2014-08-14 | Banque Accord | Method, server and system for authentication of a person |
US20140235205A1 (en) * | 2013-02-20 | 2014-08-21 | Comcast Cable Communications, Llc | Method And Systems For Pairing A Mobile Device With A Wireless Network |
US20140254364A1 (en) * | 2013-03-11 | 2014-09-11 | Futurewei Technologies, Inc. | System and Method for WiFi Authentication and Selection |
US20140258723A1 (en) * | 2011-11-28 | 2014-09-11 | Alcatel-Lucent | Method and a device of authentication in the converged wireless network |
US8836606B2 (en) | 2005-06-24 | 2014-09-16 | Ruckus Wireless, Inc. | Coverage antenna apparatus with selectable horizontal and vertical polarization elements |
US20150012986A1 (en) * | 2012-01-13 | 2015-01-08 | Zte Corporation | Authentication method and system oriented to heterogeneous network |
US9019165B2 (en) | 2004-08-18 | 2015-04-28 | Ruckus Wireless, Inc. | Antenna with selectable elements for use in wireless communications |
US9071583B2 (en) | 2006-04-24 | 2015-06-30 | Ruckus Wireless, Inc. | Provisioned configuration for automatic wireless connection |
US9131378B2 (en) | 2006-04-24 | 2015-09-08 | Ruckus Wireless, Inc. | Dynamic authentication in secured wireless networks |
US9143482B1 (en) * | 2009-09-21 | 2015-09-22 | Sprint Spectrum L.P. | Tokenized authentication across wireless communication networks |
US9226146B2 (en) | 2012-02-09 | 2015-12-29 | Ruckus Wireless, Inc. | Dynamic PSK for hotspots |
US9270029B2 (en) | 2005-01-21 | 2016-02-23 | Ruckus Wireless, Inc. | Pattern shaping of RF emission patterns |
US9313798B2 (en) | 2005-12-01 | 2016-04-12 | Ruckus Wireless, Inc. | On-demand services by wireless base station virtualization |
US9379456B2 (en) | 2004-11-22 | 2016-06-28 | Ruckus Wireless, Inc. | Antenna array |
US9537663B2 (en) | 2012-06-20 | 2017-01-03 | Alcatel Lucent | Manipulation and restoration of authentication challenge parameters in network authentication procedures |
US9634403B2 (en) | 2012-02-14 | 2017-04-25 | Ruckus Wireless, Inc. | Radio frequency emission pattern shaping |
US9769655B2 (en) | 2006-04-24 | 2017-09-19 | Ruckus Wireless, Inc. | Sharing security keys with headless devices |
US9769668B1 (en) * | 2016-08-01 | 2017-09-19 | At&T Intellectual Property I, L.P. | System and method for common authentication across subscribed services |
US20170286960A1 (en) * | 2007-12-03 | 2017-10-05 | At&T Intellectual Property I, L.P. | Methods, Systems and Products for Authentication |
US9792188B2 (en) | 2011-05-01 | 2017-10-17 | Ruckus Wireless, Inc. | Remote cable access point reset |
US20180183925A1 (en) * | 2016-12-22 | 2018-06-28 | Mastercard International Incorporated | Mobile device user validation method and system |
US10097998B2 (en) * | 2017-01-31 | 2018-10-09 | Verizon Patent And Licensing Inc. | Frictionless authentication over WiFi |
US20180302833A1 (en) * | 2007-09-27 | 2018-10-18 | Sun Patent Trust | Mobile terminal |
US10186750B2 (en) | 2012-02-14 | 2019-01-22 | Arris Enterprises Llc | Radio frequency antenna array with spacing element |
US20190230510A1 (en) * | 2017-01-27 | 2019-07-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Secondary Authentication of a User Equipment |
US10462124B2 (en) | 2016-12-30 | 2019-10-29 | Google Llc | Authenticated session management across multiple electronic devices using a virtual session manager |
US10541992B2 (en) * | 2016-12-30 | 2020-01-21 | Google Llc | Two-token based authenticated session management |
US20210051452A1 (en) * | 2008-06-05 | 2021-02-18 | Movius Interactive Corporation | Mobile application for providing multiple second line numbers on single mobile device |
JP2022530955A (en) * | 2019-04-30 | 2022-07-05 | 日本電気株式会社 | Methods and processes for validating multi-SIM devices and subscription information |
US20220286851A1 (en) * | 2016-12-06 | 2022-09-08 | Ingenu Inc. | Systems and methods for networks during multi-regional roaming of mobiles |
US20230188953A1 (en) * | 2008-06-05 | 2023-06-15 | Movius Interactive Corporation | Mobile application for providing multiple second line numbers on single mobile device |
US11963007B2 (en) * | 2018-05-17 | 2024-04-16 | Nokia Technologies Oy | Facilitating residential wireless roaming via VPN connectivity over public service provider networks |
Families Citing this family (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7751430B2 (en) | 2005-07-14 | 2010-07-06 | Motorola, Inc. | Self optimization of time division duplex (TDD) timing and adaptive modulation thresholds |
US8340057B2 (en) * | 2006-12-22 | 2012-12-25 | Canon Kabushiki Kaisha | Automated wireless access to peripheral devices |
GB2453525B (en) | 2007-09-26 | 2011-11-02 | Motorola Inc | Radio resource management |
US8214890B2 (en) | 2008-08-27 | 2012-07-03 | Microsoft Corporation | Login authentication using a trusted device |
US8589689B2 (en) * | 2009-05-11 | 2013-11-19 | Qualcomm Incorporated | Apparatus and method for over-the-air (OTA) provisioning of authentication and key agreement (AKA) credentials between two access systems |
KR101516994B1 (en) * | 2009-06-04 | 2015-05-04 | 주식회사 엘지유플러스 | Mobile communication terminal for certificating wifi wifi certification system and method |
US9119076B1 (en) | 2009-12-11 | 2015-08-25 | Emc Corporation | System and method for authentication using a mobile communication device |
US8438288B2 (en) | 2010-02-17 | 2013-05-07 | Microsoft Corporation | Device-pairing by reading an address provided in device-readable form |
JP5815924B2 (en) | 2010-03-24 | 2015-11-17 | ソニー株式会社 | Information processing system, information processing apparatus, and management server |
GB2495550A (en) * | 2011-10-14 | 2013-04-17 | Ubiquisys Ltd | An access point that can be used to establish connections with UE devices using both cellular and wifi air interfaces |
US8990913B2 (en) * | 2012-04-17 | 2015-03-24 | At&T Mobility Ii Llc | Peer applications trust center |
CN103731457B (en) * | 2012-10-15 | 2019-02-26 | 中兴通讯股份有限公司 | A kind of method for processing business and terminal |
KR101716725B1 (en) * | 2012-10-22 | 2017-03-15 | 야마하하쓰도키 가부시키가이샤 | Distance measurement device and vehicle using same |
US9603192B2 (en) | 2013-01-16 | 2017-03-21 | Ncore Communications, Inc. | Methods and apparatus for hybrid access to a core network |
EP3069493B1 (en) | 2013-11-15 | 2019-04-24 | BlackBerry Limited | Authentication system |
WO2016049353A1 (en) * | 2014-09-25 | 2016-03-31 | Behzad Mohebbi | Methods and apparatus for hybrid access to a core network based on proxied authentication |
US9876780B2 (en) | 2014-11-21 | 2018-01-23 | Sonos, Inc. | Sharing access to a media service |
US9860324B1 (en) * | 2014-12-10 | 2018-01-02 | Google Llc | Rapid establishment of a connection from multiple address locations |
CN106162574B (en) | 2015-04-02 | 2020-08-04 | 成都鼎桥通信技术有限公司 | Unified authentication method for applications in cluster system, server and terminal |
US10230710B2 (en) * | 2016-08-04 | 2019-03-12 | Visa International Service Association | Token based network service among IoT applications |
AU2016421889A1 (en) | 2016-08-30 | 2018-12-06 | Visa International Service Association | Biometric identification and verification among iot devices and applications |
GB2554953B (en) * | 2016-10-17 | 2021-01-27 | Global Reach Tech Inc | Improvements in and relating to network communications |
CA3052415C (en) | 2017-02-01 | 2021-07-06 | Equifax, Inc. | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity |
US11032326B2 (en) * | 2018-06-19 | 2021-06-08 | Verizon Patent And Licensing Inc. | Systems and methods for accessing a private network |
US11218462B2 (en) * | 2018-11-01 | 2022-01-04 | Cisco Technology, Inc. | Access network authentication token broker (ANATB) gateway |
US11102187B2 (en) * | 2019-02-20 | 2021-08-24 | Aetna Inc. | Systems and methods for managing workflow transactions including protected personal data in regulated computing environments |
US11184666B2 (en) | 2019-04-01 | 2021-11-23 | Sonos, Inc. | Access control techniques for media playback systems |
WO2020216445A1 (en) * | 2019-04-25 | 2020-10-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Trusted solutions for enabling user equipment belonging to a home network to access data communication services in a visited network |
US11777935B2 (en) | 2020-01-15 | 2023-10-03 | Cisco Technology, Inc. | Extending secondary authentication for fast roaming between service provider and enterprise network |
WO2021151888A1 (en) * | 2020-01-31 | 2021-08-05 | Sony Group Corporation | User equipment, non-public network authentication-authorization-accounting server, authentication server function entity |
US11706619B2 (en) | 2020-03-31 | 2023-07-18 | Cisco Technology, Inc. | Techniques to facilitate fast roaming between a mobile network operator public wireless wide area access network and an enterprise private wireless wide area access network |
US11765581B2 (en) | 2020-03-31 | 2023-09-19 | Cisco Technology, Inc. | Bootstrapping fast transition (FT) keys on wireless local area access network nodes based on private wireless wide area access network information |
US11778463B2 (en) | 2020-03-31 | 2023-10-03 | Cisco Technology, Inc. | Techniques to generate wireless local area access network fast transition key material based on authentication to a private wireless wide area access network |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020034301A1 (en) * | 2000-08-15 | 2002-03-21 | Stefan Andersson | Network authentication |
US20030163733A1 (en) * | 2002-02-28 | 2003-08-28 | Ericsson Telefon Ab L M | System, method and apparatus for federated single sign-on services |
US6704789B1 (en) * | 1999-05-03 | 2004-03-09 | Nokia Corporation | SIM based authentication mechanism for DHCPv4/v6 messages |
US6721632B2 (en) * | 2002-02-05 | 2004-04-13 | International Business Machines Corporation | Wireless exchange between vehicle-borne communications systems |
US20040117623A1 (en) * | 2002-08-30 | 2004-06-17 | Kabushiki Kaisha Toshiba | Methods and apparatus for secure data communication links |
US20040172531A1 (en) * | 2002-12-09 | 2004-09-02 | Little Herbert A. | System and method of secure authentication information distribution |
US20050144144A1 (en) * | 2003-12-30 | 2005-06-30 | Nokia, Inc. | System and method for authenticating a terminal based upon at least one characteristic of the terminal located at a position within an organization |
US20050176473A1 (en) * | 2002-01-29 | 2005-08-11 | Diego Melpignano | Internet protocol based wireless communication arrangements |
US20060002556A1 (en) * | 2004-06-30 | 2006-01-05 | Microsoft Corporation | Secure certificate enrollment of device over a cellular network |
US20060070116A1 (en) * | 2004-09-30 | 2006-03-30 | Hyun-Ah Park | Apparatus and method for authenticating user for network access in communication system |
US7058181B2 (en) * | 2001-08-02 | 2006-06-06 | Senforce Technologies, Inc. | Wireless bridge for roaming in network environment |
US7281137B1 (en) * | 1999-07-02 | 2007-10-09 | Nokia Corporation | Authentication method and system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6898711B1 (en) * | 1999-01-13 | 2005-05-24 | International Business Machines Corporation | User authentication system and method for multiple process applications |
CN1215386C (en) * | 2002-04-26 | 2005-08-17 | St微电子公司 | Method and hardware architecture for controlling a process or for processing data based on quantum soft computing |
JP4278614B2 (en) | 2002-09-30 | 2009-06-17 | ノキア シーメンス ネットワークス ゲゼルシャフト ミット ベシュレンクテル ハフツング ウント コンパニー コマンディトゲゼルシャフト | Method for preventing DoS attack against access token and handover procedure supporting optimized quality of service using encryption token valid only within a predetermined range |
US7206301B2 (en) | 2003-12-03 | 2007-04-17 | Institute For Information Industry | System and method for data communication handoff across heterogenous wireless networks |
US7720864B1 (en) * | 2004-03-25 | 2010-05-18 | Symantec Operating Corporation | Expiration of access tokens for quiescing a distributed system |
-
2005
- 2005-12-23 EP EP05823837A patent/EP1969761A4/en not_active Withdrawn
- 2005-12-23 US US11/571,206 patent/US20090217048A1/en not_active Abandoned
- 2005-12-23 WO PCT/CA2005/001971 patent/WO2007071009A1/en active Application Filing
- 2005-12-23 CA CA2571255A patent/CA2571255C/en active Active
-
2012
- 2012-09-28 US US13/630,771 patent/US8959598B2/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6704789B1 (en) * | 1999-05-03 | 2004-03-09 | Nokia Corporation | SIM based authentication mechanism for DHCPv4/v6 messages |
US7281137B1 (en) * | 1999-07-02 | 2007-10-09 | Nokia Corporation | Authentication method and system |
US20020034301A1 (en) * | 2000-08-15 | 2002-03-21 | Stefan Andersson | Network authentication |
US7058181B2 (en) * | 2001-08-02 | 2006-06-06 | Senforce Technologies, Inc. | Wireless bridge for roaming in network environment |
US20050176473A1 (en) * | 2002-01-29 | 2005-08-11 | Diego Melpignano | Internet protocol based wireless communication arrangements |
US6721632B2 (en) * | 2002-02-05 | 2004-04-13 | International Business Machines Corporation | Wireless exchange between vehicle-borne communications systems |
US20030163733A1 (en) * | 2002-02-28 | 2003-08-28 | Ericsson Telefon Ab L M | System, method and apparatus for federated single sign-on services |
US20040117623A1 (en) * | 2002-08-30 | 2004-06-17 | Kabushiki Kaisha Toshiba | Methods and apparatus for secure data communication links |
US20040172531A1 (en) * | 2002-12-09 | 2004-09-02 | Little Herbert A. | System and method of secure authentication information distribution |
US20050144144A1 (en) * | 2003-12-30 | 2005-06-30 | Nokia, Inc. | System and method for authenticating a terminal based upon at least one characteristic of the terminal located at a position within an organization |
US20060002556A1 (en) * | 2004-06-30 | 2006-01-05 | Microsoft Corporation | Secure certificate enrollment of device over a cellular network |
US20060070116A1 (en) * | 2004-09-30 | 2006-03-30 | Hyun-Ah Park | Apparatus and method for authenticating user for network access in communication system |
Cited By (104)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9019165B2 (en) | 2004-08-18 | 2015-04-28 | Ruckus Wireless, Inc. | Antenna with selectable elements for use in wireless communications |
US9837711B2 (en) | 2004-08-18 | 2017-12-05 | Ruckus Wireless, Inc. | Antenna with selectable elements for use in wireless communications |
US9379456B2 (en) | 2004-11-22 | 2016-06-28 | Ruckus Wireless, Inc. | Antenna array |
US9093758B2 (en) | 2004-12-09 | 2015-07-28 | Ruckus Wireless, Inc. | Coverage antenna apparatus with selectable horizontal and vertical polarization elements |
US9270029B2 (en) | 2005-01-21 | 2016-02-23 | Ruckus Wireless, Inc. | Pattern shaping of RF emission patterns |
US10056693B2 (en) | 2005-01-21 | 2018-08-21 | Ruckus Wireless, Inc. | Pattern shaping of RF emission patterns |
US8836606B2 (en) | 2005-06-24 | 2014-09-16 | Ruckus Wireless, Inc. | Coverage antenna apparatus with selectable horizontal and vertical polarization elements |
US9313798B2 (en) | 2005-12-01 | 2016-04-12 | Ruckus Wireless, Inc. | On-demand services by wireless base station virtualization |
US9769655B2 (en) | 2006-04-24 | 2017-09-19 | Ruckus Wireless, Inc. | Sharing security keys with headless devices |
US9131378B2 (en) | 2006-04-24 | 2015-09-08 | Ruckus Wireless, Inc. | Dynamic authentication in secured wireless networks |
US9071583B2 (en) | 2006-04-24 | 2015-06-30 | Ruckus Wireless, Inc. | Provisioned configuration for automatic wireless connection |
US20080195863A1 (en) * | 2007-02-09 | 2008-08-14 | Microsoft Corporation | Securing wireless communications between devices |
US7818571B2 (en) * | 2007-02-09 | 2010-10-19 | Microsoft Corporation | Securing wireless communications between devices |
US20110110334A1 (en) * | 2007-06-27 | 2011-05-12 | Panasonic Corporation | Communication system, communication processing device and authentication processing device |
US11082852B2 (en) | 2007-09-27 | 2021-08-03 | Sun Patent Trust | Mobile terminal |
US20180302833A1 (en) * | 2007-09-27 | 2018-10-18 | Sun Patent Trust | Mobile terminal |
US10484920B2 (en) * | 2007-09-27 | 2019-11-19 | Sun Patent Trust | Mobile terminal |
US8134972B2 (en) * | 2007-10-26 | 2012-03-13 | Hitachi, Ltd | Communication system and gateway apparatus |
US20090109925A1 (en) * | 2007-10-26 | 2009-04-30 | Hitomi Nakamura | Communication system and gateway apparatus |
US20170286960A1 (en) * | 2007-12-03 | 2017-10-05 | At&T Intellectual Property I, L.P. | Methods, Systems and Products for Authentication |
US10755279B2 (en) * | 2007-12-03 | 2020-08-25 | At&T Intellectual Property I, L.P. | Methods, systems and products for authentication |
US20120272057A1 (en) * | 2008-03-31 | 2012-10-25 | Jasmeet Chhabra | Method and Apparatus for Secured Embedded Device Communication |
US8949598B2 (en) * | 2008-03-31 | 2015-02-03 | Intel Corporation | Method and apparatus for secured embedded device communication |
US20140161037A1 (en) * | 2008-04-02 | 2014-06-12 | Vodafone Group Plc | Telecommunications network |
US9397863B2 (en) * | 2008-04-02 | 2016-07-19 | Vodafone Group Plc | Facilitating communication connections for terminals having token identification modules within a telecommunications network |
US11606673B2 (en) * | 2008-06-05 | 2023-03-14 | Movius Interactive Corporation | Mobile application for providing multiple second line numbers on single mobile device |
US20210051452A1 (en) * | 2008-06-05 | 2021-02-18 | Movius Interactive Corporation | Mobile application for providing multiple second line numbers on single mobile device |
US20230188953A1 (en) * | 2008-06-05 | 2023-06-15 | Movius Interactive Corporation | Mobile application for providing multiple second line numbers on single mobile device |
US8964694B2 (en) * | 2008-06-27 | 2015-02-24 | Panasonic Intellectual Property Corporation Of America | Communication system, communication processing device and authentication processing device |
US8107956B2 (en) * | 2008-12-30 | 2012-01-31 | Motorola Mobility, Inc. | Providing over-the-top services on femto cells of an IP edge convergence server system |
US20100167732A1 (en) * | 2008-12-30 | 2010-07-01 | Motorola, Inc. | Providing over-the-top services on femto cells of an ip edge convergence server system |
US8612778B2 (en) * | 2009-03-16 | 2013-12-17 | Samsung Electronics Co., Ltd. | Terminal device capable to operate at a dual power feeding mode for supporting a dual-mode configuration having two different wireless communication modules |
US20100235657A1 (en) * | 2009-03-16 | 2010-09-16 | Samsung Electronics Co., Ltd. | Method of and apparatus for controlling system according to power feeding of terminal |
US20120198539A1 (en) * | 2009-08-31 | 2012-08-02 | China Mobile Communications Corporation | Service Access Method, System and Device Based on WLAN Access Authentication |
US9143482B1 (en) * | 2009-09-21 | 2015-09-22 | Sprint Spectrum L.P. | Tokenized authentication across wireless communication networks |
US20120022968A1 (en) * | 2009-10-09 | 2012-01-26 | Tajinder Manku | Using a first network to control access to a second network |
US8630901B2 (en) * | 2009-10-09 | 2014-01-14 | Pravala Inc. | Using a first network to control access to a second network |
US20120116886A1 (en) * | 2009-10-09 | 2012-05-10 | Pravala Inc. | Using a first network to control access to a second network |
US8655729B2 (en) * | 2009-10-09 | 2014-02-18 | Pravala Inc. | Using a first network to control access to a second network |
US20130150000A1 (en) * | 2010-02-12 | 2013-06-13 | Alexander Hoi WONG | Seamless mobile subscriber identification |
US9107072B2 (en) * | 2010-02-12 | 2015-08-11 | Alexander Hoi WONG | Seamless mobile subscriber identification |
US20110219428A1 (en) * | 2010-03-03 | 2011-09-08 | Kabushiki Kaisha Toshiba | Electronic apparatus and terminal |
US8635667B2 (en) * | 2010-03-03 | 2014-01-21 | Kabushiki Kaisha Toshiba | Electronic apparatus and terminal |
KR101095481B1 (en) | 2010-03-18 | 2011-12-19 | 주식회사 엘지유플러스 | Fixed mobile convergence service providing system and providing method thereof |
US20120120933A1 (en) * | 2010-11-12 | 2012-05-17 | Deutsche Telekom Ag | Method for enhanced radio resource management in a public land mobile network |
US9154953B2 (en) * | 2010-12-10 | 2015-10-06 | At&T Intellectual Property I, L.P. | Network access via telephony services |
US20120148043A1 (en) * | 2010-12-10 | 2012-06-14 | At&T Intellectual Property 1 Lp | Network Access Via Telephony Services |
US20150373544A1 (en) * | 2010-12-10 | 2015-12-24 | At&T Intellectual Property I, L.P. | Network access via telephony services |
US9967748B2 (en) | 2010-12-10 | 2018-05-08 | At&T Intellectual Property I, L.P. | Network access via telephony services |
US9730063B2 (en) * | 2010-12-10 | 2017-08-08 | At&T Intellectual Property I, L.P. | Network access via telephony services |
US9112861B2 (en) * | 2010-12-23 | 2015-08-18 | Microsoft Technology Licensing, Llc | Registration and network access control |
US8713589B2 (en) * | 2010-12-23 | 2014-04-29 | Microsoft Corporation | Registration and network access control |
US9432359B2 (en) | 2010-12-23 | 2016-08-30 | Microsoft Technology Licensing, Llc | Registration and network access control |
US20120167185A1 (en) * | 2010-12-23 | 2012-06-28 | Microsoft Corporation | Registration and network access control |
US20140237250A1 (en) * | 2010-12-23 | 2014-08-21 | Microsoft Corporation | Registration and Network Access Control |
CN102571766A (en) * | 2010-12-23 | 2012-07-11 | 微软公司 | Registration and network access control |
US20120171996A1 (en) * | 2010-12-30 | 2012-07-05 | Sierra Wireless, Inc. | Method for enabling operation of a wireless modem |
US9668168B2 (en) * | 2011-01-17 | 2017-05-30 | Agency For Science, Technology And Research | Method and device for mobile data offload |
US20140105007A1 (en) * | 2011-01-17 | 2014-04-17 | Agency For Science, Technology And Research | Method and Device for Mobile Data Offload |
US9792188B2 (en) | 2011-05-01 | 2017-10-17 | Ruckus Wireless, Inc. | Remote cable access point reset |
US20140227999A1 (en) * | 2011-08-05 | 2014-08-14 | Banque Accord | Method, server and system for authentication of a person |
US10045210B2 (en) * | 2011-08-05 | 2018-08-07 | Oney Bank | Method, server and system for authentication of a person |
US20130133044A1 (en) * | 2011-11-18 | 2013-05-23 | Lockheed Martin Corporation | Self-propelled harvesting vehicle including a thermochemical reactor for carbonizing harvested crop material |
US8925049B2 (en) * | 2011-11-18 | 2014-12-30 | Lockheed Martin Corporation | Automated wireless vulnerability assessment using hand-held wireless devices |
US9883390B2 (en) * | 2011-11-28 | 2018-01-30 | Alcatel Lucent | Method and a device of authentication in the converged wireless network |
US20140258723A1 (en) * | 2011-11-28 | 2014-09-11 | Alcatel-Lucent | Method and a device of authentication in the converged wireless network |
US9444803B2 (en) * | 2012-01-13 | 2016-09-13 | Zte Corporation | Authentication method and system oriented to heterogeneous network |
EP2790370A4 (en) * | 2012-01-13 | 2015-08-12 | Zte Corp | Authentication method and system oriented to heterogeneous network |
US20150012986A1 (en) * | 2012-01-13 | 2015-01-08 | Zte Corporation | Authentication method and system oriented to heterogeneous network |
US9596605B2 (en) | 2012-02-09 | 2017-03-14 | Ruckus Wireless, Inc. | Dynamic PSK for hotspots |
US9226146B2 (en) | 2012-02-09 | 2015-12-29 | Ruckus Wireless, Inc. | Dynamic PSK for hotspots |
US10734737B2 (en) | 2012-02-14 | 2020-08-04 | Arris Enterprises Llc | Radio frequency emission pattern shaping |
US9634403B2 (en) | 2012-02-14 | 2017-04-25 | Ruckus Wireless, Inc. | Radio frequency emission pattern shaping |
US10186750B2 (en) | 2012-02-14 | 2019-01-22 | Arris Enterprises Llc | Radio frequency antenna array with spacing element |
US9092610B2 (en) * | 2012-04-04 | 2015-07-28 | Ruckus Wireless, Inc. | Key assignment for a brand |
US20130269008A1 (en) * | 2012-04-04 | 2013-10-10 | Ming-Jye Sheu | Key assignment for a brand |
US10182350B2 (en) | 2012-04-04 | 2019-01-15 | Arris Enterprises Llc | Key assignment for a brand |
US9537663B2 (en) | 2012-06-20 | 2017-01-03 | Alcatel Lucent | Manipulation and restoration of authentication challenge parameters in network authentication procedures |
US20140122869A1 (en) * | 2012-10-26 | 2014-05-01 | Cloudpath Networks, Inc. | System and method for providing a certificate for network access |
US8843741B2 (en) * | 2012-10-26 | 2014-09-23 | Cloudpath Networks, Inc. | System and method for providing a certificate for network access |
US20140136208A1 (en) * | 2012-11-14 | 2014-05-15 | Intermec Ip Corp. | Secure multi-mode communication between agents |
US20140153722A1 (en) * | 2012-12-03 | 2014-06-05 | Semyon Mizikovsky | Restricting use of mobile subscriptions to authorized mobile devices |
US11206532B2 (en) * | 2013-02-20 | 2021-12-21 | Comcast Cable Communications, Llc | Method and systems for pairing a mobile device with a wireless network |
US20140235205A1 (en) * | 2013-02-20 | 2014-08-21 | Comcast Cable Communications, Llc | Method And Systems For Pairing A Mobile Device With A Wireless Network |
US9432910B2 (en) * | 2013-03-11 | 2016-08-30 | Futurewei Technologies, Inc. | System and method for WiFi authentication and selection |
US10674433B2 (en) | 2013-03-11 | 2020-06-02 | Futurewei Technologies, Inc. | System and method for WiFi authentication and selection |
USRE49809E1 (en) | 2013-03-11 | 2024-01-16 | Futurewei Technologies, Inc. | System and method for wifi authentication and selection |
US20140254364A1 (en) * | 2013-03-11 | 2014-09-11 | Futurewei Technologies, Inc. | System and Method for WiFi Authentication and Selection |
US9961615B2 (en) | 2013-03-11 | 2018-05-01 | Futurewei Technologies, Inc. | System and method for WiFi authentication and selection |
US9769668B1 (en) * | 2016-08-01 | 2017-09-19 | At&T Intellectual Property I, L.P. | System and method for common authentication across subscribed services |
US20220286851A1 (en) * | 2016-12-06 | 2022-09-08 | Ingenu Inc. | Systems and methods for networks during multi-regional roaming of mobiles |
US10735580B2 (en) * | 2016-12-22 | 2020-08-04 | Mastercard International Incorporated | Mobile device user validation method and system |
US20180183925A1 (en) * | 2016-12-22 | 2018-06-28 | Mastercard International Incorporated | Mobile device user validation method and system |
US10541992B2 (en) * | 2016-12-30 | 2020-01-21 | Google Llc | Two-token based authenticated session management |
US10462124B2 (en) | 2016-12-30 | 2019-10-29 | Google Llc | Authenticated session management across multiple electronic devices using a virtual session manager |
US11297051B2 (en) | 2016-12-30 | 2022-04-05 | Google Llc | Authenticated session management across multiple electronic devices using a virtual session manager |
US20190230510A1 (en) * | 2017-01-27 | 2019-07-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Secondary Authentication of a User Equipment |
US11575509B2 (en) * | 2017-01-27 | 2023-02-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Secondary authentication of a user equipment |
US11895229B2 (en) | 2017-01-27 | 2024-02-06 | Telefonaktiebolaget Lm Ericsson (Publ) | States secondary authentication of a user equipment |
US10097998B2 (en) * | 2017-01-31 | 2018-10-09 | Verizon Patent And Licensing Inc. | Frictionless authentication over WiFi |
US11963007B2 (en) * | 2018-05-17 | 2024-04-16 | Nokia Technologies Oy | Facilitating residential wireless roaming via VPN connectivity over public service provider networks |
JP7218819B2 (en) | 2019-04-30 | 2023-02-07 | 日本電気株式会社 | Methods and processes for verifying multi-SIM devices and subscription information |
JP2022530955A (en) * | 2019-04-30 | 2022-07-05 | 日本電気株式会社 | Methods and processes for validating multi-SIM devices and subscription information |
JP7364104B2 (en) | 2019-04-30 | 2023-10-18 | 日本電気株式会社 | Method and process for verifying multi-SIM devices and subscription information |
Also Published As
Publication number | Publication date |
---|---|
CA2571255A1 (en) | 2007-06-23 |
US20130047218A1 (en) | 2013-02-21 |
US8959598B2 (en) | 2015-02-17 |
EP1969761A1 (en) | 2008-09-17 |
CA2571255C (en) | 2016-05-10 |
WO2007071009A1 (en) | 2007-06-28 |
EP1969761A4 (en) | 2009-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8959598B2 (en) | Wireless device authentication between different networks | |
US9391776B2 (en) | Method and system for authenticating peer devices using EAP | |
US7707412B2 (en) | Linked authentication protocols | |
CA2792490C (en) | Key generation in a communication system | |
US8543814B2 (en) | Method and apparatus for using generic authentication architecture procedures in personal computers | |
US8094821B2 (en) | Key generation in a communication system | |
KR101068424B1 (en) | Inter-working function for a communication system | |
US20060019635A1 (en) | Enhanced use of a network access identifier in wlan | |
US20060155822A1 (en) | System and method for wireless access to an application server | |
US20070178885A1 (en) | Two-phase SIM authentication | |
US20030236980A1 (en) | Authentication in a communication system | |
KR100755394B1 (en) | Method for fast re-authentication in umts for umts-wlan handover | |
US11277399B2 (en) | Onboarding an unauthenticated client device within a secure tunnel | |
Mahshid et al. | An efficient and secure authentication for inter-roaming in wireless heterogeneous network | |
KR101068426B1 (en) | Inter-working function for a communication system | |
Wiederkehr | Approaches for simplified hotspot logins with Wi-Fi devices | |
Billington et al. | Mutual authentication of B3G devices within personal distributed environments | |
Tan | Providing Secured Public Wireless-LAN Internet Access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: BCE INC., CANADA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SMITH, BRIAN NORMAN, MR.;REEL/FRAME:018673/0023 Effective date: 20060220 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |