Patent application number | Description | Published |
20090013381 | User Authentication and Authorisation in a Communications System - A method of authenticating a client to two or more servers coupled together via a communications network, wherein the client and a first server possess a shared secret. The method comprises authenticating the client to a first server using said shared secret, signalling associated with this authentication process being sent between the client and said first server via a second server, generating a session key at the client and at the first server, and providing the session key to said second server, and using the session key to authenticate the client to the second server. | 01-08-2009 |
20090205028 | Method and System for Mobile Device Credentialing - Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates. | 08-13-2009 |
20090217038 | Methods and Apparatus for Locating a Device Registration Server in a Wireless Network - Methods and apparatus for locating and accessing a data server in a wireless network are disclosed. The disclosed techniques may be used to allow a wireless device provided with temporary credentials to access a wireless network and obtain a network address for a data server for downloading subscription credentials. An exemplary wireless device comprises a processing unit configured to send an access authentication request to a wireless network, and to receive an authentication challenge value from the wireless network in response. The processing unit is further configured to generate a cryptographic response from the authentication challenge value and to send the cryptographic response to the wireless network, and to also derive a data server address from the authentication challenge value. Thus, the authentication challenge value serves two purposes—as a challenge key for use in a network access authentication procedure, and as a carrier for data server address information. | 08-27-2009 |
20090217364 | Method and Apparatus for Managing Subscription Credentials in a Wireless Communication Device - According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials. | 08-27-2009 |
20120254997 | METHODS AND APPARATUSES FOR AVOIDING DAMAGE IN NETWORK ATTACKS - Methods and apparatuses in a client terminal ( | 10-04-2012 |
20140096193 | ACCESS THROUGH NON-3GPP ACCESS NETWORKS - When setting up communication from a user equipment UE ( | 04-03-2014 |
20150058980 | Methods and Apparatuses for Avoiding Damage in Network Attacks - Methods and apparatuses in a client terminal and a web server for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF′, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF′, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions. | 02-26-2015 |
20150341788 | Access Through Non-3GPP Access Networks - When setting up communication from a user equipment UE ( | 11-26-2015 |