摘要:
A method and apparatus is provided for authentication between a home network and a wireless device during device activation using a registration server as a trusted agent. The wireless device owner subscribes to the services of the home network and the home network registers as the service provider with the registration server. When the home network registers with the registration server, the registration server provides authentication data to the home network to use for authentication with the wireless device. Because the wireless device has no prior knowledge of the home network, the wireless device connects to the registration server to obtain contact information for the home network. The registration server provides home network data to the wireless device. In some embodiments, the registration server may also provide second authentication data to the wireless device for authenticating the home network. When the wireless device subsequently connects to the home network to download permanent security credentials, the home network uses the information provided by the registration server to authenticate itself to the wireless device. The authentication procedure prevents a third party from fraudulently obtaining confidential information from the home network or the wireless device.
摘要:
A method of handling mobility-related signaling in a communications system comprising a mobile node, a mobile router, and a peer node. The method comprises providing the mobile router with a delegation certificate that is cryptographically signed by or on behalf of the mobile node. At the mobile router, a mobility-related signaling exchange is initiated with the peer node on behalf of the mobile node, the mobile router providing to the peer node within this exchange, said delegation certificate or an identification of the certificate, and a sequence number associated with the certificate. At the peer node, the received sequence number is compared with a sequence number maintained by the peer node in respect of the delegation certificate, and the exchange authorized in dependence upon the result of the comparison.
摘要:
Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network. In some embodiments, the subscription server may be further configured for downloading subscription credentials to subscribing wireless devices.
摘要:
Methods and apparatus for locating and accessing a data server in a wireless network are disclosed. The disclosed techniques may be used to allow a wireless device provided with temporary credentials to access a wireless network and obtain a network address for a data server for downloading subscription credentials. An exemplary wireless device comprises a processing unit configured to send an access authentication request to a wireless network, and to receive an authentication challenge value from the wireless network in response. The processing unit is further configured to generate a cryptographic response from the authentication challenge value and to send the cryptographic response to the wireless network, and to also derive a data server address from the authentication challenge value. Thus, the authentication challenge value serves two purposes—as a challenge key for use in a network access authentication procedure, and as a carrier for data server address information.
摘要:
Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network. In some embodiments, the subscription server may be further configured for downloading subscription credentials to subscribing wireless devices.
摘要:
According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.
摘要:
According to the teachings presented herein, a wireless communication device reverts from subscription credentials to temporary access credentials, in response to detecting an access failure. The device uses its temporary access credentials to gain temporary network access, either through a preferred network (e.g., home network) or through any one of one or more non-preferred networks (e.g., visited networks). After gaining temporary access, the device determines whether it needs new subscription credentials and, if so, uses the temporary access to obtain them. Correspondingly, in one or more embodiments, a registration server is configured to support such operations, such as by providing determination of credential validity and/or by redirecting the device to a new home operator for obtaining new subscription credentials.
摘要:
A method of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host operating in a first network environment and a second, HIP-enabled, host operating in a second network environment, with a gateway node forming a gateway between the two environments. An identifier is associated with the first host, stored at the gateway node, and sent to the first host. The identifier is then used as a source address in a subsequent session initiation message sent from the first host to the gateway node, having an indication that the destination of the message is the second host. The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要:
A method of handling mobility-related signaling in a communications system comprising a mobile node, a mobile router, and a peer node. The method comprises providing the mobile router with a delegation certificate that is cryptographically signed by or on behalf of the mobile node. At the mobile router, a mobility-related signaling exchange is initiated with the peer node on behalf of the mobile node, the mobile router providing to the peer node within this exchange, said delegation certificate or an identification of the certificate, and a sequence number associated with the certificate. At the peer node, the received sequence number is compared with a sequence number maintained by the peer node in respect of the delegation certificate, and the exchange authorised in dependence upon the result of the comparison.