Method and apparatus for single sign-on in a mobile communication system

摘要

The present invention relates to a method and an apparatus for single sign-on in a mobile communication system. A method in which a browsing agent performs single sign-on in a mobile communication system according to the present invention comprises: a step of transmitting user-supplied identifier to a relay party (RP); a step of receiving, from said RP, a message indicating that a browser should be re-directed to said RP; a step of transmitting an identifier of an authentication agent to an open ID provider (OP)/network application function (NAF); and a step of transmitting, to the authentication agent, the identifier of the authentication agent or a message that triggers to make an inquiry into the identifier of the authentication agent. According to the present invention, a single sign-on procedure may be performed in a safer manner.

主权项

1. An authentication method for a single sign-on by a browsing agent in a mobile communication system, the method comprising:
transmitting an user-supplied identifier to a relaying party (RP); receiving, from the RP, a message instructing to redirect a browser to the RP; and transmitting one of an identifier of the authentication agent and a message triggering inquiry of the identifier of the authentication agent to the authentication agent, wherein the identifier of the authentication agent is transmitted from the authentication agent to an open ID provider/network application function (OP/NAF), if the browsing agent transmits the message triggering the inquiry, wherein the identifier of the authentication agent is used for first authentication procedure, and wherein the user-supplied identifier and the identifier of the authentication agent are used to determine whether to initiate a second authentication procedure using generic bootstrapping architecture (GBA) with the authentication agent.