This section introduces aspects that may help facilitate a better understanding of the inventions. Accordingly, the statements of this section are to be read in this light and are not to be understood as admissions about what is prior art or what is not prior art.
Generally, in existing authentication approaches, user devices (end users) seeking access to an application over a particular communication network must first be authenticated by the communication network itself and then, second, they must be authenticated again (re-authenticated) by an application server that is serving the application sought to be accessed by the end user.
The Generic Bootstrapping Architecture (GBA) is one technology enabling the authentication of an end-user. GBA is standardized by the 3rd Generation Partnership Project (3GPP) in accordance with 3GPP Technical Specification (TS) 33.220, the disclosure of which is incorporated by reference herein in its entirety. In general, GBA authenticates by making an initial network component challenge the end user device when attempting to gain access to the network and verify that the challenge response is similar to one predicted by a Home Location Register (HLR) or a Home Subscriber Server (HSS).
However, GBA also requires explicit re-authentication of the end user at the application layer. This re-authentication is performed in accordance with the 3GPP Authentication and Key Agreement (AKA) protocol, see RFC 3310: “Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA),” September 2002, the disclosure of which is incorporated by reference herein in its entirety; and RFC 4169: “Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2,” November 2005, the disclosure of which is incorporated by reference herein in its entirety.
Such a re-authentication causes several problems such as, for example, the need for extra accesses to HLR/HSS databases and the need for re-synchronization caused by potential problems with the AKA sequence number (SQN) parameter. Furthermore, GBA uses the AKA Digest protocol, which is not supported by standard Web browsers.
Accordingly, improved end user authentication techniques are needed.