Method and system for automated and secure provisioning of service access credentials for on-line services to users of mobile communication terminals

摘要

In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network. The method includes: during the authenticating the network access requestor, having an authentication entity request to the on-line service provider the generation of the service access credentials; at the on-line service provider, generating the service access credentials, encrypting the service access credentials by exploiting a public encryption key of the network access requestor and providing the encrypted service access credentials to the authentication entity; and having the authentication entity cause the network access requestor to be provided with the encrypted service access credentials.

主权项

1. A method for automatically provisioning a communications terminal with service access credentials for accessing an on-line service offered by an on-line service provider accessible through a communications network, wherein the communications network comprises at least one authentication entity for authenticating the communications terminal in order to conditionally grant access to the communications network, wherein said authenticating is based on public key cryptography, the method comprising:
determining, at the on-line service provider, a security level of the communications network based on an identification of the communications network; enabling, at the on-line service provider, one or more security functions based in part on the determined security level, wherein the access credentials for accessing the on-line service are associated with the security functions; authenticating a network access requestor, in part, by having the authentication entity request the on-line service provider generate said service access credentials based on the enabled security functions, wherein the network access requestor comprises a communications terminal; generating, at the on-line service provider, the service access credentials, wherein the service access credentials expire when the communications terminal disconnects from the communication network; encrypting, at the on-line service provider, the service access credentials by exploiting a public encryption key of the network access requestor, such that the authentication entity is not able to decrypt the encrypted service access credentials; providing, by the on-line service provider, the encrypted service access credentials to the authentication entity; and causing, by the authentication entity, the network access requestor to be provided with the encrypted service access credentials.