CN1698308B - Method and apparatus enabling reauthentication in a cellular communication system - Google Patents
Method and apparatus enabling reauthentication in a cellular communication system Download PDFInfo
- Publication number
- CN1698308B CN1698308B CN03823734.2A CN03823734A CN1698308B CN 1698308 B CN1698308 B CN 1698308B CN 03823734 A CN03823734 A CN 03823734A CN 1698308 B CN1698308 B CN 1698308B
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal
- certificate server
- authentication request
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
A method (and corresponding equipment) for us in reauthentication--after a first, full authentication by a first authentication server (23a)--of a communication session involving the exchange of information between a terminal (21) and a server (24), the method including: a step (11) in which the first authentication server (23a) and other authentication servers (23b) are each assigned a respective unique realm name; and a step (13) in which during authentication between the terminal and the first authentication server (23a), the first authentication server (23a) transmits to the terminal (21) a reauthentication identity including the unique realm name assigned to the first authentication server. Then, later, during reauthentication, to make possible that the reauthentication is performed by the same authentication server (23a) as performed the full authentication--i.e. by the first authentication server (23a)--the reauthentication identity is included in a request for reauthentication.
Description
The cross reference of related application
The application requires in priority submission on October 3rd, 2002, that be entitled as the U.S. Provisional Application sequence number No.60/416481 of " EAPAKA and SIM authentication ".
Technical field
The present invention relates to be used in the communication system to authenticate Extensible Authentication Protocol (EAP) mechanism with session key distribution, as be used for the authentication of universal mobile telecommunications system (UMTS) and the EAP mechanism of (session) key (distribution) agreement (AKA), and for example the EAP mechanism that is used for AKA of realization in the used subscriber identification module of global system for mobile communications (GSM) (SIM).More specifically, the present invention relates to EAP mechanism is used for the authentication again of the communication system of GSMSIM or UMTSAKA authentication.
Background technology
AKA is based on inquiry-response mechanism and symmetric cipher, and in UMTS, it can be organized in 3GPPTS (technical specification) 33.102 V3.6.0 of in November, 2000 issue referring to 3GPP (plan of third generation partnership): " technical specification group service and system aspects; The 3G fail safe; Security architecture (1999 editions) ".AKA operation in UMTS subscriber identification module (USIM) (class smart card device) usually.But the application of AKA is not limited to contain the customer equipment of smart card; For example AKA can also realize with host software.AKA also provides the backward compatibility to the GSM authentication mechanism, and the GSM authentication mechanism is the GSM03.20 (ETS 300 534) in August, 1997 issue in ETSI: " digital cellular telecommunication systems (the 2nd stage); The network function that fail safe is relevant " middle proposition.With GSM mechanism relatively, AKA provides much longer key length and authentication to server end (and client) is provided.
For make customer equipment such as wireless terminal (more specifically for example travelling carriage) use server (as operator provide and the communication system of managing in server) service (or comprise as the server of any kind network of internet service) that provides, (for some service of some network and those networks) must be to server authentication oneself in some cases for user terminal, and vice versa.(at least at some networks, especially server must be to client authentication oneself among the UMTS), promptly each side must prove the identity that it is declared to the opposing party.On Dial-up Network, WLAN, wired lan network and various Digital Subscriber Line (xDSL) network, the operator of network usually adopts so-called AAA (authentication, authorize and keep accounts) server to authenticate the client, and authenticates the server (or authentication carrier network and no matter any specific server) of this client's the carrier network that service request mail to.Aaa server can be responsible for storing shared secret and other required security informations of authenticated user (having the terminal of also therefore discerning user's assembly specific to the specific user), perhaps aaa server also can use independent user database server, is used to store these security informations.But extended authentication agreement (EAP) is used adopting aaa server to carry out on the network of the authentication between aaa server and the terminal usually.If the operator of network is the cellular carrier of UMTS or GSM network, then the EAP method can authenticate and cryptographic key agreement as the GSM that encapsulation in EAP SIM strengthens, perhaps UMTS authentication and the cryptographic key agreement that strengthens as encapsulation in EAP AKA.Attendant device exchange authentication grouping on terminal and the local network.Attendant device is different and different with network type, but it can be for example Wireless LAN access point, Ethernet switch and Dial-up Network access server (NAS).Usually as so-called AAA client operation, AAA client and aaa server use so-called aaa protocol to carry out authentication to attendant device.
When the communication session of setting up with EAP SIM or EAP AKA began, terminal and aaa server were carried out the so-called full authentication of this paper, authentication authorization and accounting from terminal or aaa server each other all not as the state on any basis of authentication the other side.
After setting up full authentication, may be under the situation that one period scheduled time or certain other condition are met, needing again, authentication reduces following possibility: " bad egg " utilizes certain other equipment (server apparatus or customer equipment) to begin to pretend to be initial entity by authentication, perhaps even in some way obtained initial physics control by authenticated device (forget when for example the user leaves close the terminal by authentication and leave) and begun to send to ask.In order to confirm that terminal still using Internet resources, also may need the requirement of the record keeping message that sends according to local network to authenticate again.Equally, under key term of validity condition of limited, also may use authentication again to consult new safe key for safety reasons.Again it is identical authenticating in EAP SIM (corresponding to GSM) and EAP AKA (corresponding to UMTS).
The identity of authenticated user again that the EAP SIM of prior art and the utilization of EAP AKA agreement pass to the terminal that is being authenticated again from aaa server respectively provides authentication again.Again authenticate other contextual informations of setting up in dialogue-based key and the full authentication process.
The operator may dispose a plurality of aaa servers based on equally loaded and other reasons in network.Because can select at random or select aaa server to come terminal is authenticated, so terminal (user) may always not authenticate to same aaa server by certain predetermined mechanisms such as polling mechanism.In this network,, just then authenticate again and become problem if contextual information only is stored in the aaa server of carrying out full authentication.Because the validity of some information that provide in the full authentication process is provided in authentication again, if so the AAA request that authenticates again of terminal is forwarded to another aaa server that is different from the aaa server of carrying out full authentication, then authentication can't be carried out (promptly can't carry out) again.
Therefore, need a kind of method, authentication can may be forwarded in the network of another aaa server that is different from the aaa server of carrying out full authentication in authentication request again carry out.
Disclosure of an invention
Therefore, in a first aspect of the present invention, a kind of method that the communication session that relates to by authenticating network exchange message between a terminal and server is authenticated again of being used for is provided, described communication session was authenticated by first certificate server of terminal and authenticating network, and described method is characterised in that: the step of first certificate server and other certificate servers being distributed corresponding unique domain name respectively; And during authenticating between the terminal and first certificate server, first certificate server sends again the step of authenticating identity to terminal, and described authenticating identity again contains unique domain name of distributing to first certificate server.
According to a first aspect of the invention, the feature of described method also is: for carrying out authentication again, terminal sends the step of the authentication request again of using the authenticating identity again that contains unique domain name; And the certificate web unit of receiving again authentication request is according to the definite step of indicating unique domain name of the certificate server of carrying out full authentication of the authenticating identity again that comprises in the described request.The feature of described method also is: the authentication network element is forwarded to described request the step of the indicated certificate server of unique domain name that the part as described authenticating identity again comprises; And terminal and first certificate server are carried out the step of authentication again.
In a second aspect of the present invention, a kind of certificate server in the cellular communication system is provided, it comprises the device that is used for authenticating again the communication session between terminal and the content server, and described certificate server is characterised in that: the device that is used to receive unique domain name of distribution; And the device that is used for sending the authenticating identity again that comprises unique domain name to terminal.
According to a first aspect of the invention, the feature of described certificate server also is: receive the authentication request again use again authenticating identity, and the device of determining unique domain name according to authenticating identity again.The feature of described certificate server also is: the device that described request is forwarded to the indicated certificate server of unique domain name of comprising as the part of authenticating identity again.
In a third aspect of the present invention, a kind of computer program is provided, it comprises: contain the computer-readable storage organization of the computer program code of being carried out by the computer processor in the certificate server on it, wherein said computer program code is characterised in that it comprises the instruction of the device that is used to enable equipment according to a second aspect of the invention.
In a fourth aspect of the present invention, a kind of system is provided, it comprises: a plurality of terminals, a plurality of certificate server and at least one content server; Described terminal can operate with by the authentication of or another described certificate server and after authenticating again once in a while to described content server request content, described system is characterised in that: at least two described certificate servers are as the described equipment of second aspect present invention.
Brief description
With reference to following detailed description in conjunction with the accompanying drawings, can know above-mentioned and other purposes of the present invention, feature and advantage, in the accompanying drawing:
Fig. 1 is according to the present invention, is used for the flow chart that (to the certificate server that serves as authentication proxy) authenticates the method for terminal again;
Fig. 2 is according to the present invention, terminal authentication and the block diagram/flow diagram that authenticates again to certificate server afterwards.
The preferred forms of invention
Carrying out effectively the problem of authentication again in the network of another aaa server that is different from the aaa server of carrying out full authentication at how guaranteeing to be forwarded in authentication request again, the invention provides a solution.Be head it off, the invention enables the aaa server that to select the to carry out full authentication aaa server when authenticating again.
Describe the present invention below in conjunction with being used for Universal Mobile Telecommunications System (UMTS) authentication and the authentication of cryptographic key agreement (AKA) and Extensible Authentication Protocol (EAP) mechanism of session key distribution, above-mentioned agreement can be organized in the 3GPPTS33.102 V3.6.0 of in November, 2000 issue referring to 3GPP: " technical specification group service and system aspects; The 3G fail safe; Security architecture (1999 editions) "; And IETF (internet engineering task group) the draft document submitted in June, 2002 of J.Arkko and H.Haverinen: " EAPAKA authentication " (draft-arkko-pppext-eap-aka-04.txt).UMTS is a Global 3G mobile network standard.The present invention obviously can also be in conjunction with being used to adopt the authentication of global system for mobile communications (GSM) subscriber identification module (SIM) and the EAP mechanism of session key distribution, the GSM technical specification GSM03.20 (ETS 300 534) that this mechanism can be issued in August, 1997 referring to ETSI: " digital cellular telecommunication systems (the 2nd stage); The network function that fail safe is relevant " and the ietf draft document submitted on July 2nd, 2002 of H.Haverinen: " EAPSIM authentication " (draft-haverinen-pppext-eap-sim-05.txt).Though the description of this invention concrete with reference to Extensible Authentication Protocol be used in combination and UMTS and GSM method are carried out, should be understood that the present invention does not limit the use of in Extensible Authentication Protocol or meets UMST or the cellular communication system of GSM standard; Similar or the comparable mode that the present invention in fact can Extensible Authentication Protocol be used in combination with aaa protocol is used for providing any communication system of authentication.In the situation of described embodiment, the present invention utilizes so-called EAP (Extensible Authentication Protocol), and this EAP can be among the RFC2284 of " PPP Extensible Authentication Protocol (EAP) " referring to the title of IETF network work group issue.(PPP) EAP is a kind of general authentication protocol; It supports multiple authentication mechanism.
With reference now to Fig. 1 and Fig. 2,, feasible all the time for guaranteeing to authenticate again, the present invention proposes a kind of method that comprises first step 11, in this step, be each aaa server 23a and unique domain name of 23b (being arranged in identical or different carrier network) distribution, in the situation of UMTS or GSM and IP service authentication, it is to can be used for the title of type of network access identifier (NAI) (as the part of NAI, for example with the form of user@realm, wherein " realm " is unique domain name), to be aaa protocol use (terminal) identifier when being used for network access authentication to NAI.In EAP that formulates and aaa protocol, authentication request comprises user's network access identifier.In the situation of full authentication, EAP SIM and EAP AKA designated terminal will be used to ask the identity format of full authentication.According to the standard of appointment, the user name part branch of NAI comprises the temporary identifier that is called assumed name in international mobile subscriber identifier (IMSI) or EAP SIM and the EAP AKA standard.The used domain name common identifier of home operator normally among the NAI.Can adopt several A AA server to serve the request that is sent to this domain name.Therefore, according to prior art, the domain name among the NAI can be shared by several aaa servers usually.For example: the user of MyOperator can use domain name myoperator.com, and AAA message can be routed to one of these aaa servers of myoperator.com.In EAP SIM and EAP AKA full authentication, domain name may be indicated one group of aaa server.But, according to the present invention, will distribute a unique domain name for each aaa server, for example, serverX.myoperator.com, it is to be used for again unique domain name of authenticating identity.Here, to make domain name serverX.myoperator.com be unique domain name to third level title serverX.The structured format of this domain name can allow some AAA network element that all territories with myoperator.com ending are routed to correct next to jump, and need not to consider to make the unique and third level title that must add of domain name; For example, attendant device 21a may not need to be concerned about complete domain name, but can adopt simple rule: " * .myoperator.com being routed to the AAA agency of MyOperator " (wherein * is used as asterisk wildcard, that is, and and any character set that allows in its expression title).
In next step 12, the first server 23a among aaa server 23a and the 23b is by acting on behalf of aaa server 22 from attendant device 21a (i.e. AAA client, be specially for example Service Access Point) receive (complete) authentication request of relevant terminal 21, so attendant device 21a can agree terminal 21 access networks 24 (for example internet).Among Fig. 2 (for clarity sake) do not show other network elements that make the radio communication between terminal 21 and aaa server 23a and the 23b become possible various network elements (radio access network that specifically refers to each carrier network) and the communication information is routed to one of aaa server 23a and 23b or the opposing party of one or more carrier network.
In next step 13, the first aaa server 23a (by acting server 22 and attendant device 221a) sends again authenticating identity (using for terminal) to terminal 21 in authentication operation again after a while, and comprise unique domain name at described authenticating identity again, it also comprises the user name part.Used identity and assumed name identity when authenticating identity is different from full authentication again based on IMSI.Step 13 is carried out as the part of full authentication procedure, and full authentication procedure also is included as for simplicity other steps of abridged in Fig. 1.Again the user name of authenticating identity partly is the disposable user name that server is selected.It can be numeral or the identifier of selecting at random.Therefore again authenticating identity for example can for:
1209834387@server15.myoperator.com。
In next step 14, in order to authenticate (usually based on some condition that has been met) again, terminal 21 sends the authentication request again of using the authenticating identity again that contains unique domain name.In general, can several modes start authentication again.A kind of mode is to start authentication again by attendant device 21a.In this case, on WLAN (wherein " authentication request again " transmitted according to unique domain name comprises the grouping of EAP identity response), attendant device 21a sends the EAP identity request packet to terminal 21, and this terminal responds with the EAP identity response that contains again authenticating identity.Forward the packet to correct aaa server by aaa protocol then.Perhaps, terminal 21 itself can start authentication again.On WLAN, terminal 21 sends to attendant device 21a with EAPOL-Start (EAP based on LAN starts) grouping.When receiving EAPOL-Start, attendant device 21a sends EAP identity request packet, authenticated exchange continuation as described below again then to this terminal.
In next step 15, receive that any AAA network element (attendant device 21a, agency 22 and aaa server 23a and 23b) of this request checks authenticating identity again contained in this request, with definite where will route the request to (according to authenticating identity again of indicating the first aaa server 23a by domain name).This Route Selection is based on routing table or other suitable AAA method for routing commonly used.Usually, acting server 22 is checked domain name and is directly routed requests to the first aaa server 23a.Therefore, the aaa server (i.e. the first aaa server 23a) of carrying out full authentication all can be received this request early or late.
In next step 16, the first aaa server 23a responds this authentication request again according to the authentication protocol of formulating again.In next step 17, according to the aaa protocol of formulating, the subsequent communications between the terminal 21 and the first aaa server 23a is carried out between the terminal 21 and the first aaa server 23a by attendant device 21a.Subsequent communications can be directly between the attendant device 21a and the first aaa server 23a route or by middle AAA network element route.The aaa protocol of formulating generally includes the device that the aaa server 23a that is used to guarantee to carry out authentication does not change during authenticated exchange.
In some instances, terminal 21 can communicate by several different sessions simultaneously, and full authentication procedure is used in each session.These sessions can authenticate by same aaa server or by different aaa servers, and can utilize identical or different radiotechnics and identical or different being used to carry out the application program of authentication.According to the present invention, in order to adapt to this changeability, terminal 21 is safeguarded each this type of session state information separately, so terminal 21 can be carried out authentication again to each this type of session respectively subsequently, as described in conjunction with Fig. 1.Accordingly, each aaa server 23a and the 23b that is used for one or more while sessions are authenticated safeguards each this type of session state information separately.
Notice that though the present invention relates to the WLAN authentication, it is relevant with other authentication context with xDSL, Dial-up Network, Ethernet.The extensible authentication protocol method that is used for UMTS and GSM authentication will be the target of wishing the mobile operator of management WLAN or other auxiliary Access Networks; The present invention also may never can be applied among the actual UMTS or GSM network.
Be appreciated that above-mentioned arrangement only is the explanation that the principle of the invention is used.Under the prerequisite that does not deviate from the scope of the invention, those skilled in the art can design various modifications and substitute and arrange, and appended claims is intended to contain this class modification and arranges.
Claims (7)
1. one kind is used for method that the communication session that relates to by authenticating network exchange message between terminal and server is authenticated again, described method realizes in first certificate server of described authenticating network, described communication session was authenticated by described terminal and described first certificate server, and described method comprises:
The full authentication request of receiving terminal;
Send authenticating identity again to described terminal, described authenticating identity again contains unique domain name of described first certificate server of unique identification; And
From the again authentication request of authentication network element reception from described terminal, wherein said authentication request again comprises the described authenticating identity again of the described unique domain name that contains described first certificate server of unique identification, and described authentication request again is that described unique domain name that the first basis of described certificate web is included in the described authentication request again routes to described first certificate server.
2. the method for claim 1, wherein to carry out described unique domain name of described first certificate server of the full authentication of described terminal be to determine according to the described authenticating identity again that comprises in the described authentication request again to unique identification.
3. method as claimed in claim 2 also comprises:
In response to described authentication request again, carry out the authentication again of described terminal.
4. one kind is used for the communication session that relates to by authenticating network exchange message between terminal and server is carried out authenticated device again, described equipment is realized in first certificate server of described authenticating network, described communication session was authenticated by described terminal and described first certificate server, and described equipment comprises:
The device that is used for the full authentication request of receiving terminal;
Be used for sending again to described terminal the device of authenticating identity, described authenticating identity again contains unique domain name of described first certificate server of unique identification; And
Be used for from the device of authentication network element reception from the authentication request again of described terminal, wherein said authentication request again comprises the described authenticating identity again of the described unique domain name that contains described first certificate server of unique identification, and described authentication request again is that described unique domain name that the first basis of described certificate web is included in the described authentication request again routes to described first certificate server.
5. system comprises:
First certificate server, it is arranged to the full authentication request of receiving terminal, and is arranged to the authenticating identity again that comprises unique domain name to described terminal transmission, described first certificate server of described unique domain name unique identification; And
The authentication network element, it is arranged to from described terminal and receives authentication request again, described authentication request again comprises the described authenticating identity again of the described unique domain name that contains described first certificate server of unique identification, and be arranged to according to the described unique domain name that identifies described first certificate server, described authentication request is again routed to described first certificate server.
6. one kind is used for the communication session that relates to by authenticating network exchange message between terminal and server is carried out authenticated device again, described equipment is realized in described terminal, described communication session was authenticated by the described terminal and first certificate server, and described equipment comprises:
Be used for sending the device of complete authentication request to described first certificate server;
Be used for receiving the device of the authenticating identity again of the unique domain name that comprises described first certificate server of unique identification from described first certificate server; And
Be used for sending the device of the authentication request again of using the described authenticating identity again that comprises described unique domain name to the authentication network element.
7. equipment as claimed in claim 6 is characterized in that: be used for comprising the device that is used for comprising in the Extensible Authentication Protocol identity response described authenticating identity again to the device that described authentication network element sends.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US41648102P | 2002-10-03 | 2002-10-03 | |
| US60/416,481 | 2002-10-03 | ||
| US10/659,774 US8972582B2 (en) | 2002-10-03 | 2003-09-10 | Method and apparatus enabling reauthentication in a cellular communication system |
| US10/659,774 | 2003-09-10 | ||
| PCT/IB2003/004298 WO2004032415A1 (en) | 2002-10-03 | 2003-09-30 | Method and apparatus enabling reauthentication in a cellular communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1698308A CN1698308A (en) | 2005-11-16 |
| CN1698308B true CN1698308B (en) | 2011-07-20 |
Family
ID=35266144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN03823734.2A Expired - Lifetime CN1698308B (en) | 2002-10-03 | 2003-09-30 | Method and apparatus enabling reauthentication in a cellular communication system |
Country Status (4)
| Country | Link |
|---|---|
| CN (1) | CN1698308B (en) |
| MY (1) | MY153211A (en) |
| NO (1) | NO336812B1 (en) |
| TW (1) | TWI246300B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183939B (en) * | 2006-11-14 | 2010-06-09 | 中兴通讯股份有限公司 | Multiple identification based reauthorization method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5544322A (en) * | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
| US5740361A (en) * | 1996-06-03 | 1998-04-14 | Compuserve Incorporated | System for remote pass-phrase authentication |
-
2003
- 2003-09-16 MY MYPI20033522A patent/MY153211A/en unknown
- 2003-09-24 TW TW92126273A patent/TWI246300B/en not_active IP Right Cessation
- 2003-09-30 CN CN03823734.2A patent/CN1698308B/en not_active Expired - Lifetime
-
2005
- 2005-03-11 NO NO20051254A patent/NO336812B1/en not_active IP Right Cessation
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5544322A (en) * | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
| US5740361A (en) * | 1996-06-03 | 1998-04-14 | Compuserve Incorporated | System for remote pass-phrase authentication |
Non-Patent Citations (2)
| Title |
|---|
| G.Schafer, A.Festag, H.Karl.Current Approaches to Authentication in Wireless andMobileCommunications Networks.TKN Technical Reports Series.2001,36-44. * |
| WO01/57626A! 2001.08.09 |
Also Published As
| Publication number | Publication date |
|---|---|
| MY153211A (en) | 2015-01-29 |
| NO336812B1 (en) | 2015-11-02 |
| CN1698308A (en) | 2005-11-16 |
| TW200423674A (en) | 2004-11-01 |
| TWI246300B (en) | 2005-12-21 |
| NO20051254L (en) | 2005-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8972582B2 (en) | Method and apparatus enabling reauthentication in a cellular communication system | |
| US11223947B2 (en) | Enhanced registration procedure in a mobile system supporting network slicing | |
| KR101494986B1 (en) | Method for managing content on a secure element connected to an equipment | |
| US8407769B2 (en) | Methods and apparatus for wireless device registration | |
| US20080072301A1 (en) | System And Method For Managing User Authentication And Service Authorization To Achieve Single-Sign-On To Access Multiple Network Interfaces | |
| US8307455B2 (en) | Decryption-key distribution method and authentication apparatus | |
| CN100433616C (en) | Method for authenticating a user in a terminal, an authentication system, a terminal, and an authorization device | |
| US20070178885A1 (en) | Two-phase SIM authentication | |
| EP1860906B1 (en) | A general authentication form and a method for implementing the authentication | |
| EP1414212B1 (en) | Method and system for authenticating users in a telecommunication system | |
| EP2103078B1 (en) | Authentication bootstrapping in communication networks | |
| WO2013116913A1 (en) | Method for activating users, method for authenticating users, method for controlling user traffic, method for controlling user access on a 3g-traffic rerouting wi-fi network and system for rerouting 3g traffic | |
| EP1690189B1 (en) | On demand session provisioning of ip flows | |
| EP1891821A2 (en) | Method and apparatus for providing a telecommunications service | |
| US20130183934A1 (en) | Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device | |
| KR100670791B1 (en) | Method for verifying authorization with extensibility in AAA server | |
| CN1698308B (en) | Method and apparatus enabling reauthentication in a cellular communication system | |
| CN101990771B (en) | Service reporting | |
| CN100479571C (en) | A method for preventing abnormal access terminal to access and access network | |
| CDMA2000 | Terms and Acronyms in Identity Management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160118 Address after: Espoo, Finland Patentee after: NOKIA TECHNOLOGIES OY Address before: Espoo, Finland Patentee before: NOKIA Corp. |
|
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20110720 |