Users of telecommunications networks increasingly desire to use a cell phone or other personal communications device to make on-line purchases, perform banking or other transactions, redeem coupons or use gift cards during in-store transactions, and a wide variety of other activities that may benefit from, or even require, authentication of the identity of the person seeking to perform the transaction. Short messaging service (SMS) messages are an increasingly popular mechanism for performing transactions using a personal communications device, but there is no defined standard for authentication of SMS messages. Wireless network protocols such as GSM include some level of authentication, but many wired network protocols do not. Furthermore, wireless network authentication is limited to the network, transport, or session layer of a typical network protocol stack. While this level of authentication is useful to verify that the user's cell phone is allowed access onto the wireless network, it does not address the need to verify to a bank, for example, that the person using the cell phone to transfer money out of an account is the actual owner of that account.
Consequently, messages that originate from or transfer into wired networks may not be authenticated or may have authentication that is insufficient for the task at hand. Moreover, the problem is not limited to SMS messages. Other types of messages that are sent through a telecommunications network may require or benefit from authentication. For example, networked games, such as massively multiplayer role-playing games, involve communication of messages back and forth between a player and the game server. In some games, the play involves a form of commerce in the game currency, such as where players buy and sell virtual property. Thus, for both real and virtual commerce, for example, it becomes vitally important that there be authentication of messages at the application level. Without application level authentication, these transactions pose a security risk, and present opportunities for fraudulent transactions to be performed.
Accordingly, there exists a need for application-level authentication of messages in a telecommunications network.