In the mobile and wireless communication, Authentication methods are generally used to gain network access. The communication server (either for mobile or wireless), which provides accessibility, must have a set of processes and protocols to verify user's identity. There is a need of a standard way for verifying user's logon, monitoring user's network usage and customer billing. Currently there are standards and protocols that can fulfill the above criteria for Authentication, Authorization and Accounting (AAA) purposes. But some of them are not secured and their performance will not meet 3G mobile communication requirements.
However, the current mobile and wireless authentication mechanisms employ the usage of Certificates. The Authorization protocols must support some notion of a “charging certificate”. These Certificates being heavy weight in size affect the performance of the Mobile Application. With the conservative standards set by many Institutions chiefly in the mobile banking sector there is a requirement for light weight protocols which help in ensuring optimum performance of mobile applications through wireless media.
Moreover, mobile and wireless devices, like smart phones, PDAs, cellular phones and remote control systems, play an increasingly important role in the digital environment. The pervasive use of mobile and wireless devices brings new security and privacy risks and with the extensive use of mobile devices consumers continuously leave traces of their identities and transactions, sometimes even by just carrying the devices around in their pockets. Since providing true privacy is hard as hiding identity information is irrelevant as long as some other linkable information is associated with the messages, the usage of a light weight protocol will help provide effective solutions to a majority of mobile and wireless applications.
Some of the inventions which deal with providing systems and methods for secure transaction of data between at least one wireless communication device and a server are:
United States Patent Application No. 20090193247 by Kiester et al. discloses that methods and apparatus which provide tunneling one authentication framework over a more widely accepted framework (e.g., EAP). In this manner, pluralities of strong authentication protocols are wirelessly enabled between a supplicant and server that are not otherwise wirelessly enabled. During use, packets are wirelessly transmitted and received between the supplicant and server according to EAP's prescribed message format, including a wireless access point. In a tunnel, various authentication protocols form the payload component of the message format which yields execution capability of more than one protocol, instead of the typical single protocol authentication. Certain tunneled frameworks include NMAS, LDAP/SASL, Open LDAP/SLAPD, or IPSEC. Computer program products, computing systems and various interactions between the supplicant and server are also disclosed.
U.S. Pat. No. 7,626,963 by Patel et al. discloses that methods and apparatus for dynamically generating a set of Mobile IP keys. The set of Mobile IP keys is dynamically generated using an existing HLR/AuC authentication infrastructure. This is accomplished, in part, by obtaining an International Mobile Subscriber Identity (IMSI) that uniquely identifies a particular Mobile Node. Once a set of Mobile IP keys is generated from authentication information associated with the IMSI, the Mobile Node may register with its Home Agent using the set of Mobile IP keys.
U.S. Pat. No. 7,398,550 by Zick et al. discloses that Enhanced Secret Shared Provisioning Protocol (ESSPP) which provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended.
U.S. Pat. No. 7,448,068 by Sun et al. discloses automatic client authentication for a wireless network protected by PEAP, EAP-TLS or other extensible authentication protocols. The user doesn't have to understand the difference between the protocols in order to connect to the network. A default authentication protocol is automatically attempted. If not successful, then the authentication switches over to another authentication method if the network requests it.
Network Working Group, Request for Comments: 3748 {RFC 3748}, Extensible Authentication Protocol (EAP), by Aboba et al. discloses that EAP is authentication framework for wireless networks and point-to-point connections.
Network Working Group, Request for Comments: 4764 {RFC 4764}, the EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method, by Bersani et al. discloses that it provides a protected communication channel when mutual authentication is successful for both parties to communicate over.
Cisco systems developed Lightweight Extensible Authentication protocol (LEAP). It is a proprietary EAP method. There is no native support for LEAP in any Windows operating system but is supported by third party supplicants. The protocol is known to be vulnerable to dictionary attacks. However, Cisco still maintains that LEAP can be secure if sufficiently complex passwords are used.
None of the above mentioned prior arts provide a system and method for a lightweight and high speed certificateless extensible authentication protocols (EAPs), which occupy less memory space for storage, for mobile and wireless communications and also provide EAPs which are suitable for wireless communication devices enabled with 2G, 3G or 4G networks.
Thus, in the light of the above mentioned prior art, it is evident that, there is a need to system and method which: Solves Confidentiality, Authentication, Authorization and Accounting (CAAA) issues for mobile phones and wireless devices at an affordable cost; Provides a certificate-less extensible authentication protocols (EAPs) for mobile and wireless communications; Provides two way authentication in comparison to the current one way authentication standards; and Provides extensible authentication protocols (EAPs) based on the random sequences which are easy to deploy on existing wireless communication devices.