发明申请
WO2005002165A1 APPARATUS AND METHOD FOR A SINGLE SIGN-ON AUTHENTICATION THROUGH A NON-TRUSTED ACCESS NETWORK
审中-公开
基本信息:
- 专利标题: APPARATUS AND METHOD FOR A SINGLE SIGN-ON AUTHENTICATION THROUGH A NON-TRUSTED ACCESS NETWORK
- 专利标题(中):通过非信任访问网络进行单点识别的装置和方法
- 申请号:PCT/EP2004/051217 申请日:2004-06-23
- 公开(公告)号:WO2005002165A1 公开(公告)日:2005-01-06
- 发明人: BARRIGA CACERES, Luis , RAMOS ROBLES, Luis
- 申请人: TELEFONAKTIEBOLAGET LM ERICSSON (publ) , BARRIGA CACERES, Luis , RAMOS ROBLES, Luis
- 申请人地址: S-164 83 Stockholm SE
- 专利权人: TELEFONAKTIEBOLAGET LM ERICSSON (publ),BARRIGA CACERES, Luis,RAMOS ROBLES, Luis
- 当前专利权人: TELEFONAKTIEBOLAGET LM ERICSSON (publ),BARRIGA CACERES, Luis,RAMOS ROBLES, Luis
- 当前专利权人地址: S-164 83 Stockholm SE
- 代理机构: DE ELZABURU, Alberto
- 优先权: EP03076977.2 20030626
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
摘要:
The present invention provides a telecommunication apparatus, user equipment and method for Single Sign-On authentication purposes when the access network does not provide data origin authentication. The invention proposes the re-utilisation of the original access authentication carried out with the core network, namely with the home network holding the user's subscription or with the visited network where the user is roaming. Therefore, access credentials obtained during a successful authentication of the user with the core network are linked at the user equipment side with a secure tunnel established towards a service network through the access network. Said access credentials received at an entity of the service network are also linked therein with the secure tunnel, and both linked with an internal IP address to securely identify the user in the service network.
摘要(中):
本发明提供了当接入网络不提供数据源认证时,用于单点登录认证的电信设备,用户设备和方法。 本发明提出了利用核心网络进行的原始接入认证的再利用,即保持用户订阅的家庭网络或用户正在漫游的被访问网络。 因此,在用核心网络的用户的成功认证期间获得的访问凭证在用户设备侧被链接到通过接入网络建立到服务网络的安全隧道。 在服务网络的实体处接收到的所述接入证书也与安全隧道相连,并且两者都与内部IP地址链接以安全地识别服务网络中的用户。