CN101150857A - 用于松散耦合互操作的基于证书的认证授权计费方案 - Google Patents
用于松散耦合互操作的基于证书的认证授权计费方案 Download PDFInfo
- Publication number
- CN101150857A CN101150857A CNA2007101481988A CN200710148198A CN101150857A CN 101150857 A CN101150857 A CN 101150857A CN A2007101481988 A CNA2007101481988 A CN A2007101481988A CN 200710148198 A CN200710148198 A CN 200710148198A CN 101150857 A CN101150857 A CN 101150857A
- Authority
- CN
- China
- Prior art keywords
- network
- mobile device
- certificate
- wlan
- session key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/02—Inter-networking arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Feedback Control In General (AREA)
Abstract
一种使用基于证书的事务处理,用于在不属于同一管理域的第一和第二网络之间的互操作中的认证、授权和计费(AAA)的方法。在根据本发明的方法中,第二网络发送公钥到第一网络,并发送证书到移动设备。证书包括了关于移动设备的订购等级的信息并且用第二网络的私钥对其签名。一旦检测到第一网络,移动设备发送证书并且第一网络使用第二网络的公钥和私钥来认证证书,并且作为响应,授权接入网络。第一网络接着发出使用移动设备的公钥进行加密的会话密钥。移动设备用私钥解密会话密钥并使用会话密钥接入第一网络。这样,不要求布署在两种不同类型的网络之间进行桥接的特定互操作功能就可以实现互操作。
Description
本发明申请是申请日为2003年3月13日、申请号为038094517的同名专利申请的一个分案申请。
技术领域
本发明通常涉及网络互连,尤其涉及一种用于在两个不同接入网之间松散耦合互操作的基于证书的认证、授权和计费(AAA)方案。
背景技术
一般,为接入并利用比如蜂窝网和无线局域网(WLAN)之类的网络而要求认证、授权和计费(AAA)。然而,在两个不属于同一管理域并且不共享相同AAA方案的不同无线接入网之间进行互操作的情况下,比较难于实现AAA并要求额外的软件和/或硬件。
在蜂窝网和WLAN之间存在两种主要类型的互操作:紧密耦合和松散耦合。在松散耦合的情况下,WLAN和蜂窝网具有独立的数据路径,但是用于WLAN用户的AAA依赖于蜂窝网的AAA功能。然而,蜂窝网的AAA协议(MAP/SS7)与WLAN用户使用的基于因特网协议(IP)的协议不兼容。已经建议了两种方法。在第一种方法中,AAA接口配备在蜂窝网归属位置寄存器中(HLR)。这要求要么复制HLR数据,要么在半径/直径(Radius/Diameter)和MAP之间配备协议转换器。在第二种方法中,如果移动终端(MT)使用基于认证机制(比如,NOKIA的无线运营商LAN)用户识别模块(SIM)卡,则AAA将遵循蜂窝处理过程。AAA互操作功能(IWF)是必需的,以便将HLR和MT对接。从AAA方面来看,除了AAA业务是通过IP承载以外,功能性的方法和服务GPRS(通用分组无线业务)支持节点(SGSN)或移动交换中心(MSC)相类似。
采用这两种方法,需要蜂窝运营商部署特殊的互操作功能或网关。当采用第二种方法时,要求用户具有SIM卡来接入WLAN,但是许多的WLAN用户在他们的便携式电脑或个人数字助理(PDA)上没有可用的SIM卡。
因此,因此十分期望具有认证授权和计费(AAA)方案,用于在两个不属于同一管理域且不共享相同AAA方案的不同无线接入网之间进行互操作,这也将非常有益,其中AAA方案不要求布署特殊的互操作功能来在两种不同类型网络之间进行桥接。
发明内容
现有技术的上述问题以及其它相关的问题,由本发明解决,即一种用于在两个不同接入网之间互操作的、基于证书的认证授权和计费(AAA)方案。
有利的是,本发明在认证期间能够工作而不用与蜂窝核心网交互作用。与现有方案相比,建议的方案不要求蜂窝运营商调整他们的归属位置寄存器(HLR)接口,来通过因特网协议提供对WLAN用户的认证。
根据本发明的一个方面,提供一种在至少两个网络之间的互操作中的认证授权和计费(AAA)的方法。该至少两个网络包括第一网络和第二网络。第一网络的用户由第二网络根据证书验证。当验证用户时,会话密钥从第二网络发送到用户的移动设备。对话密钥用于加密在移动设备和第二网络之间的通信。
本发明的这些以及其它的方面、特征和优点从下列优选实施例的详细描述中将会更加明显,其可结合附图来理解。
附图说明
图1为根据本发明的示例性实施例,说明可应用本发明的计算机系统100的框图;
图2为根据本发明的示例性实施例,说明可应用本发明的接入网的组合的框图;
图3为根据本发明的示例性实施例,说明对在接入网之间松散耦合互操作中的移动用户进行基于证书的认证授权和计费(AAA)的方法的流程图;和
图4为根据本发明的另一个示例性实施例,说明对在接入网之间松散耦合互操作中的移动用户进行基于证书的认证授权和计费(AAA)的方法的流程图。
具体实施方式
本发明主要涉及松散耦合互操作的基于证书的认证授权和计费(AAA)方案。应当理解,本发明可适用于接入网(比如,共用接入电视(CATV)网络和无线局域网(WLAN)之间的互操作)的任何组合。然而,本发明尤其适用于处于松散互操作安排下的蜂窝网络和WLAN。
应当理解,本发明可以各种形式的硬件、软件、固件、专用处理器或者它们的组合实现,比如在移动终端、接入点或者蜂窝网络中实现。优选地,本发明实现为硬件和软件的组合。另外,软件优选地实现为明确地包含在程序存储设备中的应用程序。应用程序可以被上传到包括任何适当结构的机器并由该机器执行。优选地,机器在具有比如一个或多个中央处理单元(CPU)、随机存取存储器(RAM)和输入/输出(I/O)接口的计算机平台上实现。计算机平台也包括操作系统和微指令代码。在此描述的各种处理和功能可以为微指令代码的一部分或者应用程序(或者它们的组合)的一部分,它们通过操作系统被执行。另外,各种其它的外围设备可被连接到计算机平台,比如附加的数据存储设备和打印设备。
应当进一步地理解的是,由于在附图中描述的一些组成系统的部件和方法的步骤优选地以软件实现,所以在系统部件(或处理步骤)之间的实际连接可依本发明被编程的形式而不同。根据此处的教导,本领域普通技术人员能够设想本发明的这些以及类似的实现和配置。
图1为根据本发明的示例性实施例,说明可应用本发明的计算机系统100的框图。计算机处理系统100可包含在用来接入蜂窝网或WLAN的移动设备中。计算机处理系统100包括至少一个处理器(CPU)102,处理器经由系统总线104有效地耦合到其它部件。只读存储器(ROM)106、随机存取存储器(RAM)108、显示器适配器110、I/O适配器112、用户接口适配器114、声音适配器199和网络适配器198有效地耦合到系统总线104。
显示设备116由显示器适配器110有效地耦接到系统总线104。盘存储设备(比如,磁盘或光盘存储设备)118由I/O适配器112有效地耦接到系统总线104。鼠标120和键盘122由用户接口适配器114有效地耦接到系统总线104。鼠标120和键盘122用于向系统100输入信息或者从系统100输出信息。
至少一个扬声器(以下称“扬声器”)197通过声音适配器199有效地耦接到系统总线104。
(数字和/或模拟)调制解调器196通过网络适配器198有效地耦接到系统总线104。
图2为根据本发明的示例性实施例,说明可应用本发明的接入网的组合的框图。在图2的示例性实施例中,接入网的组合包括蜂窝网210和三个无线局域网(WLAN)220a、220b和220c。移动终端200、蜂窝网210和WLAN 220可以如图所示的那样互相通信。本发明提供了一种基于证书的方法,以便向WLAN用户提供AAA服务。如上所述,本发明可应用于任何网络组合,包括不同数目和不同类型的网络。
图3为根据本发明的示例性实施例,说明对在接入网之间松散耦合互操作中的移动用户进行基于证书的认证授权和计费(AAA)的方法的流程图。接入网包括蜂窝网和无线局域网(WLAN),如图2中所示的那些。蜂窝网与至少一个移动用户相关联。应当理解,尽管图3的示例性实施例(以及下面的图4的示例性实施例)是参照蜂窝网和WLAN来描述的,但是任何网络的组合,包括上述和其它类型的网络以及不同数目的网络,在保持本发明精神和范围的情况下,可容易地根据本发明采用。
最初,与蜂窝网相关联的公钥Kpub_cn从蜂窝网发送到与蜂窝网有互操作合同的WLAN(步骤310)。如果蜂窝网与一个以上的WLAN具有互操作合同,则蜂窝网应能将公钥Kpub_cn发送到所有与之有合同的WLAN。优选地,但不是强制性地,通过安全的信道分发蜂窝网公钥Kpub_cn,以便接收方WLAN能确信该公钥Kpub_cn确实为与蜂窝网相关联的有效公钥。
接着证书从蜂窝网发送到移动用户(步骤315)。证书包括,但不仅限于下列:与移动用户相关联的公钥Kpub_u;蜂窝网的ID;移动用户的订阅等级,用于授权/验证的目的,比如,移动用户是否订购了WLAN服务;证书的到期时间;移动用户的ID。用蜂窝网的私钥Kpri_cn对证书签名。优选地,但不是强制性地,当移动用户和蜂窝网签署合同使用WLAN互操作服务时,证书被发送到移动用户。
各种密钥和证书的使用如下。当移动用户移到WLAN覆盖下的区域时,证书从移动用户发送到WLAN(步骤320)。然后,WLAN:检验包括在证书中的蜂窝网ID(步骤325);检验包括在证书中的移动用户ID(比如为了授权/验证的目的)(步骤327);用蜂窝网的公钥Kpub cn验证证书的真实性(步骤330);一经验证,就为移动用户计算会话密钥,用包含在证书中的公钥Kpub_u加密会话密钥(步骤335);并将会话密钥发送到移动用户(步骤340)。会话密钥可以是,但不仅限于每个用户的有线等效加密(WEP)密钥。
一旦接收会话密钥,移动用户就用他/她的私钥Kpri_u解密会话密钥(步骤345),并使用会话密钥与WLAN通信(即,用会话密钥加密在移动设备和WLAN之间的所有后续通信)(步骤350)。由于只有特定的移动用户具有解密会话密钥所必需的私钥Kpri_u,移动用户可以被WLAN认证。
图4为根据本发明的另一个示例性实施例,说明对接入网之间松散耦合互操作的移动用户进行基于证书的认证授权和计费(AAA)方法的流程图。接入网包括蜂窝网和无线局域网(WLAN)。蜂窝网与至少一个移动用户相关联。图4的方法允许移动用户和WLAN之间的相互的授权,以便移动用户也能认证他/她确实和合法的WLAN通信(以防止,比如消息被窃听)。
蜂窝网的公钥Kpub_cn从蜂窝网发送到与蜂窝网有互操作合同的WLAN(步骤310)。如果蜂窝网与不只一个WLAN有互操作合同,则蜂窝网能将公钥Kpub_cn发送到所有与之有合同的WLAN。优选地,但不是强制性地,蜂窝网公钥Kpub_cn通过安全的信道分发,以便WLAN能确信该公钥Kpub_cn确实是蜂窝网的公钥。
蜂窝网的公钥Kpub_cn也从蜂窝网发送到移动用户(步骤412)。
第一证书从蜂窝网发送到移动用户(步骤315)。第一证书包括,但不仅限于下列:移动用户的公钥Kpub_u;蜂窝网的ID;移动用户的订购等级(移动用户是否订购了WLAN服务);第一证书的到期时间;移动用户的ID。用蜂窝网的私钥Kpri_cn对第一证书签名。优选地,但不是强制性地,当移动用户和蜂窝网签订合同使用WLAN互操作服务时,第一证书被发送到移动用户。
第二证书也从蜂窝网发送到每个WLAN(和蜂窝网有合同协议的WLAN)(步骤417)。第二证书包括,但不仅限于WALN的公钥Kpup_w。用蜂窝网的私钥Kpri_cn对第二证书签名。
例如,当移动用户移到WLAN覆盖下的区域时,第一证书从移动用户发送到WLAN(比如一个接入点(AP)或其它实体)(步骤320)。作为响应,WLAN检验包括在第一证书中的蜂窝网ID(步骤325),检验包括在第一证书中的移动用户ID(比如为了授权/认证的目的)(步骤327),并用蜂窝网的公钥Kpub_cn验证证书的真实性(步骤330);一经验证,就为移动用户计算会话密钥,用移动用户的(包括在第一证书中的)公钥Kpub_u对会话密钥加密和用WLAN的私钥Kpri_w对会话密钥签名(步骤435);并将会话密钥和第二证书发送到移动用户(步骤440)。会话密钥可以是,但不仅限于每个用户的有线等效加密(WEP)密钥。
一旦接收会话密钥和第二证书,移动用户使用蜂窝网的公钥Kpub_cn验证第二证书的有效性(步骤441)。如果它是有效的,则从第二证书中提取WLAN的公钥Kpub_w(步骤442)。移动用户接着通过使用WLAN的公钥Kpub_w验证会话密钥确实来自于WLAN,以验证会话密钥上的签名(步骤443)。如果加密的会话密钥被验证来自于WLAN,移动用户接着用他/她的私钥Kpri_u解密会话密钥(步骤345)并用会话密钥与WLAN通信。用会话密钥加密在移动设备和WLAN之间的所有后续通信,并且开始使用会话密钥和WLAN通信(步骤350)。
因此,与现有技术相比,本发明的突出优点在于,为了验证用户,不要求任何物理的互操作功能来使WLAN和蜂窝网交互作用。实际上,通过使用证书,在移动终端请求接入网络时,为了准予用户接入,WLAN不需要和蜂窝网的任何交互作用。由于证书包括了移动用户的身份,所以可用该包括用户身份的上述信息来容易地执行计费功能。
虽然已经在此参考附图描述了示例性实施例,但是应当理解,本发明不仅限于那些精确的实施例,在不脱离发明精神和范围的情况下,可以由本领域的普通技术人员在其中实现各种其它的变化和修改。所有这样的变化和修改都包括在所附权利要求所限定的范围之中。
Claims (10)
1.一种在第二网络中为与第一网络相关联的移动设备提供认证、授权和计费的方法,其中第一网络和第二网络具有各自的认证、授权和计费方案,该方法包括步骤:
由所述移动设备从所述第一网络接收证书;
由所述移动设备将所述证书发送到所述第二网络;以及
由所述移动设备接收所述第二网络计算的会话密钥,所述会话密钥利用与所述移动设备相关的公钥进行加密。
2.根据权利要求1的方法,其中利用所述第一网络的私钥对所述证书进行签名。
3.根据权利要求1的方法,其中所述证书包括与所述移动设备相关的所述公钥、所述第一网络的标识、所述移动设备的订购等级、所述证书的到期时间以及所述移动设备的标识。
4.根据权利要求1的方法,其中所述第一网络是蜂窝网络。
5.根据权利要求1的方法,其中所述第二网络是无线局域网。
6.一种在第二网络中为与第一网络相关联的移动设备提供认证、授权和计费的移动设备,第一网络和第二网络具有各自的认证、授权和计费方案,该方法包括:
用于由所述移动设备从所述第一网络接收证书的装置;
用于由所述移动设备将所述证书发送到所述第二网络的装置;以及
用于由所述移动设备接收所述第二网络计算的会话密钥的装置,所述会话密钥利用与所述移动设备相关的公钥进行加密。
7.根据权利要求6的移动设备,其中利用所述第一网络的私钥对所述证书进行签名。
8.根据权利要求6的移动设备,其中所述证书包括与所述移动设备相关的所述公钥、所述第一网络的标识、所述移动设备的订购等级、所述证书的到期时间以及所述移动设备的标识。
9.根据权利要求6的移动设备,其中所述第一网络是蜂窝网络。
10.根据权利要求6的移动设备,其中所述第二网络是无线局域网。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US37610002P | 2002-04-26 | 2002-04-26 | |
US60/376100 | 2002-04-26 |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB038094517A Division CN100417274C (zh) | 2002-04-26 | 2003-03-13 | 用于松散耦合互操作的基于证书的认证授权计费方案 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101150857A true CN101150857A (zh) | 2008-03-26 |
CN101150857B CN101150857B (zh) | 2012-02-22 |
Family
ID=29270763
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB008073740A Expired - Fee Related CN1215386C (zh) | 2002-04-26 | 2000-03-09 | 根据量子软计算控制过程或处理数据的方法和硬件体系结构 |
CN2007101481988A Expired - Fee Related CN101150857B (zh) | 2002-04-26 | 2003-03-13 | 用于松散耦合互操作的基于证书的认证授权计费方案 |
CNB038094517A Expired - Fee Related CN100417274C (zh) | 2002-04-26 | 2003-03-13 | 用于松散耦合互操作的基于证书的认证授权计费方案 |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB008073740A Expired - Fee Related CN1215386C (zh) | 2002-04-26 | 2000-03-09 | 根据量子软计算控制过程或处理数据的方法和硬件体系结构 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB038094517A Expired - Fee Related CN100417274C (zh) | 2002-04-26 | 2003-03-13 | 用于松散耦合互操作的基于证书的认证授权计费方案 |
Country Status (10)
Country | Link |
---|---|
US (1) | US7735126B2 (zh) |
EP (1) | EP1500298A4 (zh) |
JP (1) | JP4538312B2 (zh) |
KR (1) | KR101044210B1 (zh) |
CN (3) | CN1215386C (zh) |
AU (1) | AU2003253584A1 (zh) |
BR (2) | BRPI0309437B1 (zh) |
MX (1) | MXPA04010512A (zh) |
MY (1) | MY142660A (zh) |
WO (1) | WO2003091858A2 (zh) |
Families Citing this family (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4695877B2 (ja) * | 2002-08-14 | 2011-06-08 | トムソン ライセンシング | 多数のバーチャルオペレータを支援する公衆無線ローカルエリアネットワークのためのセッションキー管理 |
US7133386B2 (en) * | 2002-11-18 | 2006-11-07 | Cisco Technology, Inc. | Method and system for service portability across disjoint wireless networks |
US7079521B2 (en) * | 2002-11-18 | 2006-07-18 | Cisco Technology, Inc. | Method and system for voice calls in a wireless local area network (WLAN) |
US7593717B2 (en) * | 2003-09-12 | 2009-09-22 | Alcatel-Lucent Usa Inc. | Authenticating access to a wireless local area network based on security value(s) associated with a cellular system |
KR20050065130A (ko) * | 2003-12-24 | 2005-06-29 | 한국전자통신연구원 | 세션 키 발급 방법 |
US7600113B2 (en) * | 2004-02-20 | 2009-10-06 | Microsoft Corporation | Secure network channel |
GB2414639A (en) * | 2004-05-28 | 2005-11-30 | Clink Systems Ltd | Method for naming and authentication |
US9282455B2 (en) * | 2004-10-01 | 2016-03-08 | Intel Corporation | System and method for user certificate initiation, distribution, and provisioning in converged WLAN-WWAN interworking networks |
US20060143132A1 (en) | 2004-11-30 | 2006-06-29 | Valenti William L | Method and apparatus to enable a market in used digital content |
WO2006079953A1 (en) * | 2005-01-31 | 2006-08-03 | Koninklijke Philips Electronics N.V. | Authentication method and device for use in wireless communication system |
KR100843072B1 (ko) * | 2005-02-03 | 2008-07-03 | 삼성전자주식회사 | 무선 네트워크 시스템 및 이를 이용한 통신 방법 |
GB2423448B (en) * | 2005-02-18 | 2007-01-10 | Ericsson Telefon Ab L M | Host identity protocol method and apparatus |
US20060251253A1 (en) * | 2005-03-31 | 2006-11-09 | Intel Corporation | Cryptographically signed network identifier |
FI20050491A0 (fi) * | 2005-05-09 | 2005-05-09 | Nokia Corp | Järjestelmä varmenteiden toimittamiseksi viestintäjärjestelmässä |
US20070006296A1 (en) * | 2005-06-29 | 2007-01-04 | Nakhjiri Madjid F | System and method for establishing a shared key between network peers |
US7827400B2 (en) * | 2005-07-28 | 2010-11-02 | The Boeing Company | Security certificate management |
US20090217048A1 (en) * | 2005-12-23 | 2009-08-27 | Bce Inc. | Wireless device authentication between different networks |
US7917440B2 (en) * | 2006-07-07 | 2011-03-29 | Microsoft Corporation | Over-the-air delivery of metering certificates and data |
US8527770B2 (en) * | 2006-07-20 | 2013-09-03 | Research In Motion Limited | System and method for provisioning device certificates |
US20080040773A1 (en) * | 2006-08-11 | 2008-02-14 | Microsoft Corporation | Policy isolation for network authentication and authorization |
GB2443889A (en) | 2006-11-20 | 2008-05-21 | Skype Ltd | Method and system for anonymous communication |
GB0623622D0 (en) * | 2006-11-27 | 2007-01-03 | Skype Ltd | Communication system |
GB0623621D0 (en) * | 2006-11-27 | 2007-01-03 | Skype Ltd | Communication system |
US7975312B2 (en) * | 2007-01-08 | 2011-07-05 | Apple Inc. | Token passing technique for media playback devices |
CN101227712B (zh) * | 2007-01-15 | 2012-06-06 | 华为技术有限公司 | 一种实现多类型通信网络融合的系统及方法 |
CN101039197A (zh) * | 2007-04-18 | 2007-09-19 | 华为技术有限公司 | 点对点应用中收集计费信息的方法、设备和系统 |
EP2020797B1 (en) * | 2007-08-02 | 2016-06-15 | Apple Inc. | Client-server Opaque token passing apparatus and method |
US8307414B2 (en) * | 2007-09-07 | 2012-11-06 | Deutsche Telekom Ag | Method and system for distributed, localized authentication in the framework of 802.11 |
US8806565B2 (en) * | 2007-09-12 | 2014-08-12 | Microsoft Corporation | Secure network location awareness |
US8239549B2 (en) * | 2007-09-12 | 2012-08-07 | Microsoft Corporation | Dynamic host configuration protocol |
KR100955573B1 (ko) | 2007-11-14 | 2010-04-30 | 에스케이 텔레콤주식회사 | 편의 서비스 인증 방법 및 시스템 |
US8176328B2 (en) * | 2008-09-17 | 2012-05-08 | Alcatel Lucent | Authentication of access points in wireless local area networks |
US8589682B2 (en) | 2008-10-17 | 2013-11-19 | Dell Products L.P. | System and method for secure provisioning of an information handling system |
CN102045639B (zh) * | 2009-10-10 | 2015-06-10 | 中兴通讯股份有限公司 | 订购关系鉴权方法、系统和移动多媒体广播条件接收系统 |
US9325677B2 (en) * | 2010-05-17 | 2016-04-26 | Blackberry Limited | Method of registering devices |
US9525548B2 (en) * | 2010-10-21 | 2016-12-20 | Microsoft Technology Licensing, Llc | Provisioning techniques |
US8805434B2 (en) | 2010-11-23 | 2014-08-12 | Microsoft Corporation | Access techniques using a mobile communication device |
US9509686B2 (en) | 2010-12-03 | 2016-11-29 | Microsoft Technology Licensing, Llc | Secure element authentication |
US9959576B2 (en) | 2011-12-07 | 2018-05-01 | Visa International Service Association | Multi-purpose device having multiple certificates including member certificate |
US20130212653A1 (en) * | 2012-02-09 | 2013-08-15 | Indigo Identityware | Systems and methods for password-free authentication |
US8955080B2 (en) * | 2012-12-07 | 2015-02-10 | Sap Se | Managing single sign-ons between different entities |
US10033719B1 (en) * | 2012-12-20 | 2018-07-24 | Amazon Technologies, Inc. | Mobile work platform for remote data centers |
CN103326685A (zh) * | 2013-06-04 | 2013-09-25 | 湖南大学 | 采用量子算法的射频天线阻抗自适应匹配装置及方法 |
CN106462808B (zh) * | 2014-06-06 | 2019-05-14 | 微软技术许可有限责任公司 | 用于算术和函数合成的量子算法 |
CN104214772B (zh) * | 2014-07-16 | 2016-06-22 | 山西大学 | 一种循环流化床机组agc负荷指令响应的控制方法 |
DE102014011687B3 (de) | 2014-08-04 | 2016-02-04 | Giesecke & Devrient Gmbh | Kommunikationssystem mit PKI-Schlüsselpaar für mobiles Endgerät |
CN104504601B (zh) * | 2015-01-15 | 2015-10-28 | 曹东 | 基于ctp金融数据的量子信息特征提取方法 |
WO2017078735A1 (en) * | 2015-11-06 | 2017-05-11 | Google Inc. | Individual qubit excitation control |
US9445270B1 (en) * | 2015-12-04 | 2016-09-13 | Samsara | Authentication of a gateway device in a sensor network |
GB2547025A (en) | 2016-02-05 | 2017-08-09 | Thales Holdings Uk Plc | A method of data transfer, a method of controlling use of data and a cryptographic device |
EP3506560A1 (en) * | 2017-12-29 | 2019-07-03 | Nagravision S.A. | Secure provisioning of keys |
CN108898228B (zh) * | 2018-06-21 | 2024-03-08 | 广西师范大学 | 一种不破坏源操作数的量子加法器设计方法 |
WO2020122910A1 (en) * | 2018-12-13 | 2020-06-18 | Siemens Aktiengesellschaft | Automated system including reachability analysis |
CN111130556B (zh) * | 2019-12-25 | 2023-11-10 | 北京航天控制仪器研究所 | 一种对Hadamard测量基进行排序的方法 |
CN111598249B (zh) * | 2020-05-19 | 2021-09-07 | 北京百度网讯科技有限公司 | 确定近似量子门的方法、装置、经典计算机和存储介质 |
CN112083255B (zh) * | 2020-09-18 | 2021-07-02 | 西南交通大学 | 计及复杂频域的地电参数结构估计方法 |
CN113910247B (zh) * | 2021-11-19 | 2023-01-06 | 佛山科学技术学院 | 考虑关节间隙演化的工业机器人末端轨迹控制方法及系统 |
Family Cites Families (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5455863A (en) | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
US5371794A (en) | 1993-11-02 | 1994-12-06 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
US5825759A (en) * | 1994-10-26 | 1998-10-20 | Telefonaktiebolaget Lm Ericsson | Distributing network services and resources in a mobile communications network |
JP3453944B2 (ja) * | 1995-09-04 | 2003-10-06 | 日本電信電話株式会社 | 秘話通信方法 |
US5850444A (en) * | 1996-09-09 | 1998-12-15 | Telefonaktienbolaget L/M Ericsson (Publ) | Method and apparatus for encrypting radio traffic in a telecommunications network |
US20010010046A1 (en) * | 1997-09-11 | 2001-07-26 | Muyres Matthew R. | Client content management and distribution system |
FI980291A (fi) * | 1998-02-09 | 1999-08-10 | Nokia Mobile Phones Ltd | Liikkuva internetpääsy |
US6233577B1 (en) * | 1998-02-17 | 2001-05-15 | Phone.Com, Inc. | Centralized certificate management system for two-way interactive communication devices in data networks |
US6553493B1 (en) * | 1998-04-28 | 2003-04-22 | Verisign, Inc. | Secure mapping and aliasing of private keys used in public key cryptography |
FI105965B (fi) * | 1998-07-07 | 2000-10-31 | Nokia Networks Oy | Autentikointi tietoliikenneverkosssa |
US6334185B1 (en) * | 1998-09-08 | 2001-12-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for centralized encryption key calculation |
US6463534B1 (en) * | 1999-03-26 | 2002-10-08 | Motorola, Inc. | Secure wireless electronic-commerce system with wireless network domain |
DE60029217T2 (de) * | 1999-05-21 | 2007-05-31 | International Business Machines Corp. | Verfahren und vorrichtung zum initialisieren von sicheren verbindungen zwischen und nur zwischen zueinandergehörenden schnurlosen einrichtungen |
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
EP1188339B1 (en) * | 1999-06-24 | 2004-11-24 | Hewlett-Packard Development Company, L.P. | Method and system for providing telecommunication services across networks that use different protocols |
US7174018B1 (en) * | 1999-06-24 | 2007-02-06 | Nortel Networks Limited | Security framework for an IP mobility system using variable-based security associations and broker redirection |
FI19991733A (fi) * | 1999-08-16 | 2001-02-17 | Nokia Networks Oy | Autentikointi matkaviestinjärjestelmässä |
US7028186B1 (en) * | 2000-02-11 | 2006-04-11 | Nokia, Inc. | Key management methods for wireless LANs |
FI20000760A0 (fi) * | 2000-03-31 | 2000-03-31 | Nokia Corp | Autentikointi pakettidataverkossa |
FI110736B (fi) * | 2000-08-01 | 2003-03-14 | Nokia Corp | Datansiirtomenetelmä, tilaajapäätelaite ja GPRS/EDGE-radioliityntäverkko |
GB2367213B (en) * | 2000-09-22 | 2004-02-11 | Roke Manor Research | Access authentication system |
US6915345B1 (en) * | 2000-10-02 | 2005-07-05 | Nortel Networks Limited | AAA broker specification and protocol |
GB2369530A (en) | 2000-11-24 | 2002-05-29 | Ericsson Telefon Ab L M | IP security connections for wireless authentication |
FI110977B (fi) * | 2001-02-09 | 2003-04-30 | Nokia Oyj | Mekanismi palvelujen mainostamista ja käyttäjän auktorisointia varten |
SE0100474D0 (sv) * | 2001-02-14 | 2001-02-14 | Ericsson Telefon Ab L M | A security architecture |
US6879690B2 (en) * | 2001-02-21 | 2005-04-12 | Nokia Corporation | Method and system for delegation of security procedures to a visited domain |
US20020120536A1 (en) | 2001-02-23 | 2002-08-29 | David Maung | Financial institution wireless internet system and method |
US20020174335A1 (en) * | 2001-03-30 | 2002-11-21 | Junbiao Zhang | IP-based AAA scheme for wireless LAN virtual operators |
US7921290B2 (en) | 2001-04-18 | 2011-04-05 | Ipass Inc. | Method and system for securely authenticating network access credentials for users |
US6856800B1 (en) * | 2001-05-14 | 2005-02-15 | At&T Corp. | Fast authentication and access control system for mobile networking |
US7389412B2 (en) * | 2001-08-10 | 2008-06-17 | Interactive Technology Limited Of Hk | System and method for secure network roaming |
ES2247199T3 (es) * | 2001-11-29 | 2006-03-01 | Siemens Aktiengesellschaft | Aprovechamiento de un par de claves publicas en el aparato terminal para la auntentificacion y autorizacion del abonado de telecomunicaciones ante el operador de red e interlocutores de negocio. |
SE0104325D0 (sv) * | 2001-12-20 | 2001-12-20 | Ericsson Telefon Ab L M | A method and apparatus for switching access between mobile networks |
US20030139180A1 (en) * | 2002-01-24 | 2003-07-24 | Mcintosh Chris P. | Private cellular network with a public network interface and a wireless local area network extension |
US6792534B2 (en) * | 2002-03-22 | 2004-09-14 | General Instrument Corporation | End-to end protection of media stream encryption keys for voice-over-IP systems |
JP4583167B2 (ja) * | 2002-04-26 | 2010-11-17 | トムソン ライセンシング | アクセスネットワーク間の相互接続における推移的認証・許可・課金 |
KR100427551B1 (ko) | 2002-05-14 | 2004-04-28 | 에스케이 텔레콤주식회사 | 공중 무선랜과 셀룰러망 간의 로밍 방법 |
AU2003237252A1 (en) * | 2002-06-06 | 2003-12-22 | Thomson Licensing S.A. | Broker-based interworking using hierarchical certificates |
JP4588457B2 (ja) * | 2002-06-21 | 2010-12-01 | トムソン ライセンシング | Wlan受信可能領域を通じたマルチメディアコンテンツ配信 |
JP4684649B2 (ja) | 2002-06-21 | 2011-05-18 | トムソン ライセンシング | Wlan−umtsインターワーキングにおけるumtsルーティングエリアとしてのwlanの登録 |
US7581095B2 (en) * | 2002-07-17 | 2009-08-25 | Harris Corporation | Mobile-ad-hoc network including node authentication features and related methods |
ITRM20030100A1 (it) * | 2003-03-06 | 2004-09-07 | Telecom Italia Mobile Spa | Tecnica di accesso multiplo alla rete, da parte di terminale di utente interconnesso ad una lan e relativa architettura di riferimento. |
-
2000
- 2000-03-09 CN CNB008073740A patent/CN1215386C/zh not_active Expired - Fee Related
-
2003
- 2003-03-13 CN CN2007101481988A patent/CN101150857B/zh not_active Expired - Fee Related
- 2003-03-13 US US10/512,506 patent/US7735126B2/en not_active Expired - Fee Related
- 2003-03-13 EP EP03747251A patent/EP1500298A4/en not_active Withdrawn
- 2003-03-13 AU AU2003253584A patent/AU2003253584A1/en not_active Abandoned
- 2003-03-13 WO PCT/US2003/007574 patent/WO2003091858A2/en active Application Filing
- 2003-03-13 CN CNB038094517A patent/CN100417274C/zh not_active Expired - Fee Related
- 2003-03-13 MX MXPA04010512A patent/MXPA04010512A/es active IP Right Grant
- 2003-03-13 JP JP2004500167A patent/JP4538312B2/ja not_active Expired - Fee Related
- 2003-03-13 BR BRPI0309437A patent/BRPI0309437B1/pt unknown
- 2003-03-13 KR KR1020047017172A patent/KR101044210B1/ko active IP Right Grant
- 2003-03-13 BR BR0309437-5A patent/BR0309437A/pt not_active IP Right Cessation
- 2003-04-25 MY MYPI20031576A patent/MY142660A/en unknown
Also Published As
Publication number | Publication date |
---|---|
KR101044210B1 (ko) | 2011-06-29 |
CN100417274C (zh) | 2008-09-03 |
CN1650664A (zh) | 2005-08-03 |
MY142660A (en) | 2010-12-15 |
EP1500298A4 (en) | 2005-05-18 |
BRPI0309437B1 (pt) | 2019-09-10 |
US20050154909A1 (en) | 2005-07-14 |
CN1350664A (zh) | 2002-05-22 |
EP1500298A2 (en) | 2005-01-26 |
AU2003253584A8 (en) | 2003-11-10 |
BR0309437A (pt) | 2005-02-15 |
WO2003091858A3 (en) | 2004-07-01 |
US7735126B2 (en) | 2010-06-08 |
JP2005524262A (ja) | 2005-08-11 |
CN1215386C (zh) | 2005-08-17 |
AU2003253584A1 (en) | 2003-11-10 |
CN101150857B (zh) | 2012-02-22 |
MXPA04010512A (es) | 2004-12-13 |
JP4538312B2 (ja) | 2010-09-08 |
WO2003091858A2 (en) | 2003-11-06 |
KR20040102175A (ko) | 2004-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101150857B (zh) | 用于松散耦合互操作的基于证书的认证授权计费方案 | |
US7565142B2 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
CN100390773C (zh) | 通信系统中的认证 | |
EP1273197B1 (en) | Billing in a packet data network | |
EP2544478B1 (en) | Allocating a mobile identity to a mobile device and sending thereof to an authorisation server | |
US7607013B2 (en) | Method and apparatus for access authentication in wireless mobile communication system | |
CN100583883C (zh) | 提供用于对数据数字签名、认证或加密的签名密钥的方法和移动终端 | |
CN101120534A (zh) | 用于无线局域网(wlan)中的认证的系统、方法与设备 | |
US20020196764A1 (en) | Method and system for authentication in wireless LAN system | |
CN103516713A (zh) | 帮助实现和认证事务 | |
JP2008042862A (ja) | 無線lan通信システム及びその方法並びにプログラム | |
TW564627B (en) | System and method for authentication in public networks | |
CN1659558B (zh) | 使用分层证书的基于中介器的交互工作 | |
WO2006079953A1 (en) | Authentication method and device for use in wireless communication system | |
CN102149079A (zh) | 一种获取用户身份标识的方法、装置和系统 | |
US20050102519A1 (en) | Method for authentication of a user for a service offered via a communication system | |
CN111163063A (zh) | 边缘应用管理方法及相关产品 | |
CN101529796B (zh) | Tetra网络中的移动台验证 | |
CN101370259A (zh) | Wimax通信系统中MS定位能力协商的方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120222 Termination date: 20210313 |
|
CF01 | Termination of patent right due to non-payment of annual fee |