This invention relates to authentication in data communication. In particular the invention relates to, but is not limited to, authenticating mobile stations and network servers communicating with each other through a network.
The Internet is used to share public information. Since it is an open system, it should not be used to share confidential information unless precautions are taken to protect the information by use of passwords, encryption and the like. Even so, if passwords are used, hackers can determine them. In the Internet, there are clients, e.g. personal computers, and servers which may be server computers running computer programs that cause the servers to provide services to the clients. Typically computer programs used at clients and servers assume that their users are honest about their identity. Some client/server applications rely on the client to restrict its activities to those, which it is allowed to do, with no other enforcement by the server. Both clients and servers are entities.
Some sites use firewalls to improve their network security. Unfortunately, firewalls are based on an assumption of security threats come from the outside, which is not always the case. Computer crime can be carried out by insiders who have access to such private networks that are connected to the Internet by firewalls, that is intranets. These insiders can listen to the data traffic and detect passwords of the other users. Using these illegally obtained passwords, an insider can access such services to which he would not normally have access. In other words, firewalls can restrict viruses from accidentally contaminating an intranet, but they do not generally provide any certainty of the true authenticity of a client or server. Strong authentication is highly desirable for transactions involving money, confidential data or both.
One way to improve the situation is to use dedicated authentication protocols and, if necessary, encryption protocols for verifying the authenticity of a party and for preventing unauthorised parties from obtaining access. In addition, these protocols can typically be used to verify the integrity of any information exchanged over a link so that a recipient can be certain that the data received have not been tampered with.
The wireless use of a Subscriber Identity Module SIM is previously known in the context of lending a SIM from one mobile station to another mobile station. EP1075155 discloses an example of providing a wireless access to a SIM, in order to provide a user identity of a GSM device. One SIM can be alternately used by different GSM devices without physically transferring the SIM between these devices. This publication is referred to as an example on how a SIM can be accessed over a wireless link, although there one SIM is shared by two mobile stations.
WO 00/02407 discloses an invention wherein a laptop PC, provided with a Wireless Local Area Network (WLAN) adapter and a Global System for Mobiles (GSM) card phone, may access WLAN networks and authenticate a user by utilising a Subscriber Identity Module (SIM) card contained by the GSM card phone. Access to the local area network takes place e.g. with the aid of a LAN card in the terminal and to the GSM network with the aid of a GSM card phone, which in practice is a stripped telephone located e.g. in the laptop's expansion slot. In addition, a SIM is connected to the GSM card phone. In that publication, the SIM is used not only for authenticating in a GSM network, but for reliable authentication of a data terminal to a non-trusted data network, such as to a third-party Mobile Internet Protocol (MIP) network. The SIM is accessed using the SIM slot of the GSM card phone. In brief, the SIM is used for generating a correct response to a challenge originated from an Authentication Center (AuC) of the GSM network to which the SIM belongs. The response can only be correctly generated by the SIM that possesses a first shared secret or a secret key known or stored only by the SIM and the AuC. When a user desires to access a WLAN network, a following process is performed:
1. A Home agent (HA) fetches from the authentication center AuC located in connection with the home location register HLR of the mobile communications network a set of subscriber-specific authentication triplets, each of which contains a challenge or RAND, a signed response (SRES) and a GSM key, Kc, which is a connection-specific encryption key.
2. The challenge (RAND) in each authentication triplets are transferred further to the mobile node or terminal.
3. The terminal uses the SIM to generate a response and a GSM key, Kc, based on one of the challenges and a first shared secret, KI known only by the SIM and the AuC.
4. The terminal sends back the response to the HA for checking against the HA stored version of the response. Security Parameter Index (SPI) is used for carrying the SRES, and because some of the SPI values are received, they cannot be used. Therefore, the response not only acknowledges that the terminal has access to the SIM, but also identifies which one of many challenges has been used and corresponding GSM key, Kc, can be used.
5. The obtained GSM key, Kc, is used as a secret, the basis of which an authenticator is computed. The authenticator may be used as a session key in, for example, Mobile IP networking.
Despite the technical advance of WO 00/02407, it still necessitates a data terminal to possess a SIM slot in order to be able to make use of the disclosed SIM based authentication. Furthermore, althouth a user may have separate SIMs for a personal GSM telephone and for a GSM card phone of a personal computer, he or she may only have or desire to use a single SIM alternately in either device.
The use of the word ‘known’ is synonymous with the word store. A device ‘knows’ information if the device stores that information in one or more registers or memories that are on, in or near a processor of the device in the sense that the information is readable or operable by the processor in a manner that is not susceptible to interception or corruption. Knowing has a time-factor as well. A first device may not know information during a brief instant, where one or more exchanges of messages between the device and a second device are required before the data of a second device is readable or operable by a processor of the first device, and yet the first device may know the information in the context of a larger period of time.