| US 7,512,796 B2 | ||
| Authentication in a packet data network | ||
| Henry Haverinen, Tampere (Finland); Jukka-Pekka Honkanen, Tampere (Finland); Antti Kuikka, Tampere (Finland); Nadarajah Asokan, Espoo (Finland); Patrik Flykt, Helsinki (Finland); Juha Ala-Laurila, Tampere (Finland); Jyri Rinnemaa, Tampere (Finland); Timo Takamäki, Tampere (Finland); Raimo Vuonnala, Espoo (Finland); Jan-Erik Ekberg, Helsinki (Finland); Tommi Mikkonen, Tampere (Finland); Petri Aalto, Pirkkala (Finland); and Seppo Honkanen, Helsinki (Finland) | ||
| Assigned to Nokia Corporation, Espoo (Finland) | ||
| Filed on Jul. 25, 2006, as Appl. No. 11/459,719. | ||
| Application 11/459719 is a continuation of application No. 09/756346, filed on Jan. 08, 2001, granted, now 7,107,620. | ||
| Claims priority of application No. 20000760 (FI), filed on Mar. 31, 2000. | ||
| Prior Publication US 2007/0060106 A1, Mar. 15, 2007 | ||
| Int. Cl. H04L 9/32 (2006.01); G06F 7/04 (2006.01); H04N 7/173 (2006.01); H04M 1/66 (2006.01); G06F 17/30 (2006.01); H04K 1/00 (2006.01) | ||
| U.S. Cl. 713—168 [726/29; 455/433; 455/428; 455/415; 455/411; 455/410; 455/432.1] | 51 Claims |
| 1. A method in a system comprising a mobile node, a packet data network and a telecommunication network, the mobile node being
configured for communicating directly over two different communication links, a telecommunication network link with the telecommunication
network and a packet data network link with the packet data network, the method comprising:
storing in the mobile node and in the telecommunication network a mobile node identity and a shared secret specific to the
mobile node identity corresponding to the mobile node, which mobile node identity and shared secret are capable of authenticating
the mobile node to the telecommunication network for communications over the telecommunication network link;
providing the mobile node with a protection code;
sending the mobile node identity and the protection code from the mobile node to the packet data network over the packet data
network link;
the telecommunication network providing the packet data network with authentication information corresponding to said mobile
node identity, the authentication information comprising a challenge and a session secret, wherein said session secret corresponds
to the mobile node identity and the session secret is derivable from the challenge together with the shared secret;
forming cryptographic information using at least the protection code and the session secret;
the packet data network sending the challenge and the cryptographic information to the mobile node over the packet data network
link;
the mobile node checking the validity of the cryptographic information using the challenge and the shared secret;
the mobile node deriving based on the shared secret, the session secret and a first response corresponding to the challenge;
the mobile node sending the first response to the packet data network over the packet data network link; and
the packet data network checking the first response for authenticating the mobile node.
|