公开(公告)号：US20090011739A1

公开(公告)日：2009-01-08

申请号：US12281683

申请日：2007-03-07

申请人： Piotr L Cofta

发明人： Piotr L Cofta

IPC分类号： H04L29/06 ,  H04M1/66

CPC分类号： H04L63/0869 ,  G06F21/445 ,  G06F2221/2103 ,  H04L63/0853 ,  H04W12/06 ,  H04W84/18

摘要： A process is provided in which a first device, e.g. a hub device (2) of a home network (1), is temporarily provided with a SIM (20) to store a challenge-response, and thereafter the first device (2) uses the stored challenge-response to interrogate a second device e.g. a mobile telephone (2), to authenticate that the second device (12) now has the SIM (20) that the first device (2) was previously provided with. A further process is provided in which the second device (12) authenticates that the first device (2) previously had access to the SIM (20) by verifying that a response from one or more challenge-response pairs provided by the first device (2) to the second device (12) is the same as a response received by the second device (12) from the SIM (20) when the second device (12) interrogates the SIM (20) with the challenge of the challenge-response pair received earlier from the first device (2).

摘要翻译： 提供了一种方法，其中第一装置，例如， 家庭网络（1）的集线器设备（2）被临时提供有存储挑战响应的SIM（20），此后第一设备（2）使用所存储的询问响应来询问第二设备，例如， 移动电话（2），以认证所述第二设备（12）现在具有所述SIM（20）所述第一设备（2）以前被提供的SIM。 提供了一种进一步的过程，其中第二设备（12）通过验证来自由第一设备（2）提供的一个或多个挑战 - 响应对的响应来认证第一设备（2）先前已经访问SIM（20） 与第二设备（12）的响应与当第二设备（12）询问SIM（20）与挑战 - 响应对的挑战时从SIM（20）接收的响应相同 早先从第一个设备（2）接收。

公开(公告)号：US08165565B2

公开(公告)日：2012-04-24

申请号：US12161806

申请日：2006-10-27

申请人： Piotr L Cofta

发明人： Piotr L Cofta

IPC分类号： H04M1/66

CPC分类号： H04W12/04 ,  H04L9/0844 ,  H04L9/3273 ,  H04L63/0853 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/06

摘要： Under a system referred to as GAA in the 3G protocol, authentication of devices in a network that is usually performed by a home subscriber server can be transferred to a third party element known as a bootstrapping server function. However, the use of a bootstrapping server function does not completely address the problem of reducing authentication traffic at the home subscriber server. Such a problem is alleviated by utilizing the original session key generated under GAA and using that key in a recursive process to authenticate and generate further session keys at other network elements. This generation of further keys can be performed independently of the home subscriber server, and thus reduces traffic at the home subscriber server.

摘要翻译： 在3G协议中称为GAA的系统下，通常由归属订户服务器执行的网络中的设备的认证可以被传送到被称为自举服务器功能的第三方元件。 然而，使用引导服务器功能并没有完全解决在家用户服务器上减少认证流量的问题。 通过利用在GAA下生成的原始会话密钥来缓解这个问题，并在递归过程中使用该密钥对其他网元进行认证和生成其他会话密钥。 可以独立于本地用户服务器来执行这一代的进一步的密钥，从而降低归属用户服务器的流量。

公开(公告)号：US08417218B2

公开(公告)日：2013-04-09

申请号：US12293133

申请日：2007-02-08

申请人： Piotr L Cofta

发明人： Piotr L Cofta

IPC分类号： H04M1/66

CPC分类号： H04L63/0853 ,  H04W12/06

摘要： A method of authentication in a communications network, said communications network comprising a network authentication server, a local authentication entity and a user terminal, said local authentication entity comprising a subscriber application and an authentication application, said method comprising the steps of: sending a request from the local authentication entity to the network authentication server to authenticate the user terminal, said request comprising the identity of the user terminal; generating by the network authentication entity an authentication key in response to the request and generating by the subscriber application an identical authentication key; sending the authentication key generated by the network authentication server securely to the user terminal identified by said identity, then storing the authentication key at the user terminal; sending the authentication key generated by the subscriber application securely to the authentication application, then storing the authentication key at the authentication application; and authenticating the user terminal by verifying the authentication key stored at the user terminal with the authentication key stored at the authentication application.

摘要翻译： 一种在通信网络中的认证方法，所述通信网络包括网络认证服务器，本地认证实体和用户终端，所述本地认证实体包括订户应用和认证应用，所述方法包括以下步骤：发送请求 从本地认证实体到网络认证服务器认证用户终端，所述请求包括用户终端的身份; 由所述网络认证实体生成响应于所述请求的认证密钥，并由所述订户应用生成相同的认证密钥; 将由网络认证服务器生成的认证密钥安全地发送到由所述身份标识的用户终端，然后将认证密钥存储在用户终端; 将由用户应用生成的认证密钥安全地发送给认证应用，然后将认证密钥存储在认证应用中; 以及通过使用存储在认证应用中的认证密钥验证存储在用户终端的认证密钥来认证用户终端。

公开(公告)号：US20090131109A1

公开(公告)日：2009-05-21

申请号：US12293896

申请日：2007-03-12

申请人： Piotr L Cofta

发明人： Piotr L Cofta

IPC分类号： H04M1/00

CPC分类号： H04L63/1408 ,  G06F21/57 ,  H04L63/0853 ,  H04L63/12 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W92/08

摘要： A method, and devices, for a first communications device (10) e.g. a Subscriber Identity Module (SIM) to monitor a second communications device, e.g. a mobile telephone (1). The method comprises: the SIM (10) sending a program (16) stored at the SIM (10) to the mobile telephone (1); the mobile telephone (1) running the program (16) to provide one or more outcomes; the mobile telephone (1) sending the one or more outcomes to the SIM (10); the SIM (10) comparing the one or more outcomes to one or more correct outcomes (18) stored at the SIM (10); and the SIM (10) evaluating the result of the comparison according to one or more policies (20) stored at the SIM (10).

摘要翻译： 一种用于第一通信设备（10）的方法和设备。 用户身份模块（SIM），用于监视第二通信设备，例如， 移动电话（1）。 该方法包括：SIM（10）将存储在SIM（10）中的程序（16）发送到移动电话（1）; 运行程序（16）的移动电话（1）提供一个或多个结果; 移动电话（1）将一个或多个结果发送到SIM（10）; SIM（10）将一个或多个结果与SIM（10）中存储的一个或多个正确结果（18）进行比较; 和SIM（10）根据SIM（10）中存储的一个或多个策略（20）来评估比较结果。

公开(公告)号：US08190127B2

公开(公告)日：2012-05-29

申请号：US12281683

申请日：2007-03-07

申请人： Piotr L Cofta

发明人： Piotr L Cofta

IPC分类号： H04M1/66 ,  H04M1/68 ,  H04M3/16

CPC分类号： H04L63/0869 ,  G06F21/445 ,  G06F2221/2103 ,  H04L63/0853 ,  H04W12/06 ,  H04W84/18

摘要： A process is provided in which a first device, e.g., a hub device of a home network, is temporarily provided with a SIM to store a challenge-response, and thereafter the first device uses the stored challenge-response to interrogate a second device, e.g., a mobile telephone, to authenticate that the second device now has the SIM with which the first device was previously provided. A further process is provided in which the second device authenticates that the first device previously had access to the SIM by verifying that a response from one or more challenge-response pairs provided by the first device to the second device is the same as a response received by the second device from the SIM when the second device interrogates the SIM with the challenge of the challenge-response pair received earlier from the first device.

摘要翻译： 提供了一种过程，其中第一设备（例如家庭网络的集线器设备）被临时提供有存储询问响应的SIM，然后第一设备使用所存储的询问响应来询问第二设备， 例如移动电话，以认证第二设备现在具有先前提供了第一设备的SIM。 提供了另一过程，其中第二设备通过验证来自第一设备提供给第二设备的一个或多个质询 - 响应对的响应与接收到的响应相同，来认证第一设备先前已经访问了SIM卡 当第二设备在询问来自第一设备的挑战 - 响应对的挑战的情况下，从SIM卡接收第二设备。

公开(公告)号：US08126507B2

公开(公告)日：2012-02-28

申请号：US12293896

申请日：2007-03-12

申请人： Piotr L Cofta

发明人： Piotr L Cofta

IPC分类号： H04M1/00 ,  H04B1/38

CPC分类号： H04L63/1408 ,  G06F21/57 ,  H04L63/0853 ,  H04L63/12 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W92/08

摘要： A method, and devices, for a first communications device (10) e.g. a Subscriber Identity Module (SIM) to monitor a second communications device, e.g. a mobile telephone (1). The method comprises: the SIM (10) sending a program (16) stored at the SIM (10) to the mobile telephone (1); the mobile telephone (1) running the program (16) to provide one or more outcomes; the mobile telephone (1) sending the one or more outcomes to the SIM (10); the SIM (10) comparing the one or more outcomes to one or more correct outcomes (18) stored at the SIM (10); and the SIM (10) evaluating the result of the comparison according to one or more policies (20) stored at the SIM (10).

摘要翻译： 一种用于第一通信设备（10）的方法和设备。 用户身份模块（SIM），用于监视第二通信设备，例如， 移动电话（1）。 该方法包括：SIM（10）将存储在SIM（10）中的程序（16）发送到移动电话（1）; 运行程序（16）的移动电话（1）提供一个或多个结果; 移动电话（1）将一个或多个结果发送到SIM（10）; SIM（10）将一个或多个结果与SIM（10）中存储的一个或多个正确结果（18）进行比较; 和SIM（10）根据SIM（10）中存储的一个或多个策略（20）来评估比较结果。