发明名称 |
Selection of successive authentication methods |
摘要 |
A method of authenticating a user who is a subscriber of a home network, authenticated in a first network, for accessing a service in a second network. This method includes: authenticating the user in the first network with a first authentication method selected in an authentication server; reserving resources for the service towards a rules enforcement device; requesting control rules for the resources towards a control rules server; submitting towards the control rules server information about the first authentication method; determining at the control rules server whether a further authentication of the user with a further authentication method is required; and instructing from the control rules server towards the authentication server to force the further authentication of the user with the further authentication method. |
申请公布号 |
US8949950(B2) |
申请公布日期 |
2015.02.03 |
申请号 |
US200712809471 |
申请日期 |
2007.12.20 |
申请人 |
Telefonaktiebolaget L M Ericsson (publ) |
发明人 |
Fernandez Alonso Susana;Näslund Mats;Walker John Michael |
分类号 |
H04W12/06;H04W80/10;H04L29/06 |
主分类号 |
H04W12/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method of authenticating a user accessing a service in a second network, the user being subscriber of a home network and previously authenticated in a first network through which the user accesses the service, the method comprising the steps of:
authenticating the user in the first network, which the user accesses through, with a first authentication method selected in an authentication server of the home network in accordance with access and subscription information for the user; where the user accesses the service in the second network, requesting reservation of resources for the service to a rules enforcement device, in charge of handling resources; requesting control rules for the resources from the rules enforcement device to a control rules server in charge of installing control rules; submitting to the control rules server information about the first authentication method applied to the user; determining at the control rules server, by applying authentication policies, that a further authentication of the user with a second authentication method is required; and instructing from the control rules server to the authentication server to force the further authentication of the user with the second authentication method, wherein the authentication server is a Home Subscriber Server (HSS) where the user holds a subscription, wherein the rules enforcement device is a Policy and Charging Enforcement Function (PCEF) providing service data flow detection, and wherein the control rules server is a Policy and Charging Rules Function (PCRF) providing control functions and installing corresponding control rules. |
地址 |
Stockholm SE |