A mobile network operator wanting to offer a Wireless Local Area Network (WLAN) access to its users likely wants to use SIM-based authentication procedures for this access, so that the users have a single security token, such as a SIM card may be, for different access technologies while maintaining a uniform level of security. A Wireless Local Area Network (WLAN), where users of a mobile network operator may access through, is referred to as a WLAN access network. WLAN access protocol is generally governed by IEEE 802.11 protocol specification.
The WLAN access network itself may belong to a mobile network operator (hereinafter referred to as MNO), or to some other operator such as a WLAN Internet Service Provider. Irrespective of the operator owning the WLAN access network, user authentication is traditionally performed in a core network (CN) of the MNO where the user holds a subscription (namely the MNO core network, and hereinafter abbreviated as MNO-CN). An exemplary MNO-CN might be a GSM core network, a GPRS core network, or a UMTS core network, amongst others.
During the authentication of a user by an MNO-CN a number of entities are involved, such as an Authentication Gateway (AG) receiving an access request originated by the user, fetching authentication vectors (AV) for authenticating the user from a Home Location Register (HLR), and granting access to the user once said user has been successfully authenticated. The Authentication Gateway (AG) generally authenticates a user through a challenge-response mechanism, such as the Authentication and Key Agreement (AKA) suggested in rfc33 may be, though other authentication procedures may be applied as well. Apart from these entities, there is generally provided an Authentication Centre (AuC) entity in charge of generating authentication vectors for a number of users, and to be provided to the HER upon request.
In operation, once a user has gained access to the WLAN access network and has been thus authenticated, the user may try to gain access to services available in a service network (SN), said service network (SN) may in particular belong to the mobile network operator (hereinafter referred to as MNO-SN). At present, provided that the user accesses this MNO-SN through a WLAN access network, the user has to be authenticated by the MNO-SN even though the WLAN access network had already authenticated the user. For the sake of clarity, a descriptive distinction is worthwhile between an ‘access level authentication” and a “service level authentication’ for a user. The former being the user authentication carried out by the core network (CN) before granting the user access to the access network, whereas the latter being the user authentication carried out by the service network (SN) before granting the user access to services in said service network.
An exemplary teaching of this ‘service level authentication’ carried out by a sort of service network is described in the University paper “Using GSM/UMTS for Single Sign-On” by Andreas Pashalidis and Chris Mitchell, Information Security Group, Royal Holloway University of London. In this paper, the main components are said to be a User System (US) consisting of a network access device, a SIM card and a SIM card reader) a Service Provider (SP), which in the context of this paper is any entity that provides some I kind of service or content to a user; and the GSM operator's Authentication Centre (AuC).
The University paper introduces a concept of Single sign-on (SSO) as a technique where users authenticate themselves only once to a trusted Authentication Service Provider (ASP), and are automatically logged into the SPs they subsequently use, without necessarily having to reauthenticate each time. Under this SSO concept, an SP needs some form of notification from the ASP that indicates the user's authentication status. These notifications are termed authentication assertions.
The proposal made in this University paper for SSO starts when the user requests a service from the SP. The process has a first step where the SP sends a random value (RAND) towards the US; a second step where the SIM in said US computes a ciphering key Kc as a function (GSM algorithm A8) of a secret user key Ki and the given RANDi a third step where the US computes another final code (MAC, SHA-I) using this ciphering key Kc on the SP identifier (SPID); a fourth step where the US returns back to the SP a user's identifier (IMSI) and the computed MACKC(SPID); a fifth step where the SP transmits this answer along with the RAND to the AuCi a sixth step where the AuC finds the secret user key K corresponding to the user's identifier (IMSI) and computes a ciphering key Kc as a function (GSM algorithm A8) of the secret user key Ki and the given RAND; a seventh step where the AuC also computes a MACKC(SPID) with the ciphering key Kc previously computed, and checks whether the received MACKC(SPID) matches the one lately calculated; and an eighth step where the AuC returns to the SP an authentication assertion indicating a valid authentication of the user when the above matching occurs or an authentication failure otherwise. Now, the SP has got an authentication assertion so that further authentications are not needed under the SSO concept presented in this paper.
A first teaching in this University paper is that an SP, namely “any entity that provides some kind of service or content to a user” in its own wording, always triggers a sort of explicit and complete GSM authentication procedure, as shown in this paper, with the SP generating the RAND value′ triggering the authentication procedure, and acting as an i intermediate entity between the user equipment and the authentication entity of the home core network, the latter carrying out the explicit and complete GSM authentication procedure. The scenario in this University paper may be similar to the one described as initiating this description if a reader assumes the SP as an entity in the service network (SN) receiving service requests from users.
However, even though this paper cites a WLAN access as a possible interconnection, nothing is described about a sort of previous ‘access level authentication’ of the user with its own mobile network. Moreover, assuming that the user is connected to the mobile network when accessing the SP, the user should have been previously authenticated by its mobile core network before being granted such access. There is no description in this respect in the University paper, and the concept of SSO seems to apply only after having successfully authenticated the user at an SP, or at an entity of the service network. That is, the SSO seems to apply only after having carried out an explicit ‘service level authentication’ for the user.
A second teaching of this University paper is that the authentication procedure may be carried out between the US and a UMTS/3GPP network, having the SP as an intermediate entity transmitting the challenge from the AuC towards the US, and the response from the US towards the AuC, and finally receiving the authentication assertion from the AuC if the user had been successfully authenticated. As for the first teaching commented above, an explicit and complete authentication of the user is carried out at request from, or with participation of, the SP where the user has accessed.
There is, however, no teaching in this Paper in respect of applying SSO for a user who had been authenticated before, when accessing other network or other network domain. In particular, there is no teaching on whether a user had carried out a previous ‘access level authentication’ through an access network such as WLAN, and there is no teaching on how this ‘access level authentication’ may be re-used as a further ‘service level authentication’ when accessing the service network within a broader SSO principle.
Moreover, even though the University paper states that a user authenticates only once to a trusted Authentication Service Provider (ASP) and is automatically logged into the Service Provider that the user further uses, there is no enabling disclosure of how this can be carried out. In this respect, the paper only cites that the AuC and the US need to agree on the use of a Message Authentication Code (MAC) function, which is further used to compute a MACKC(SPID) submitted from the SP to the AuC for checking whether the user had been authenticated. In accordance with the teaching in “Applied Cryptography”, by Bruce Schneier, ISBN 0-47 1-1 1709-9, a message authentication code (MAC), also known as a data authentication code (DAC), is a one-way hash function acting on an input with the addition of a secret key (Section 18. 14), wherein a one-way means that there is no manner to derive the inputs to the function from the output and thus there is no means for verifying that a user had been already authenticated other than repeating the authentication mechanism and comparing the result offered with the one received. Thereby, there is no applicable teaching in this University paper for re-using a previous access level authentication when accessing the service network. Furthermore, if the user attempts to access a service in a second SP, said second SP having a different SPID, the previous complete explicit authentication would have to be repeated again to produce a new MACKC(SPID) for said different SPID, since the previous assertion stored in the first SP does not seem to be known and applicable to the 1O second SP.
In this context, Single Sign-On (SSO) is for the purpose of the present invention an emerging principle that enables users to access different networks, or different network domains, without explicitly authenticating such users for each particular different network, or different network domain, once the users had been already authenticated. This principle implies that a user is authenticated only once at a given network, or given network domain, and the resulting authentication is valid for entrance to other networks, or network domains. In other words, the purpose of SSO is to allow users to securely access different networks and network domains, without being explicitly authenticated every time.
A special case occurs when a same entity, for example a mobile network operator (MNO), fully controls the access level authentication, wherein the user has been authenticated with the core network (CN) of the MNO, and the MNO may trust on this authentication to allow the user further accessing to the service network (SN) of the MNO. For instance, a user may be authenticated with the MNO-CN in order to gain access to a General Packet Radio Service (GPRS) from where the MNO-SN is accessible, and the MNO-SN relies on this authentication since the GPRS network is a trusted network from the mobile network operator perspective.
More specifically, and illustrative for the known GPRS technique commented above, when a user has gained access to the MNO core network (MNO-CN) through a GPRS access network and has been thus authenticated, the user is assigned an IP address that is trustable, since all equipment in the IP infrastructure of the mobile network operator is supposed to have anti-spoofing capabilities in order to prevent the malicious use of fake IP addresses. That is, the IP address assigned to the user can be used to track that the user having accessed to the MNO core network (MNO-CN) is the same as the one now accessing the MNO service network (MNO-SN). This identification is notified by a Gateway GPRS Support Node (GGSN) to an entity in the MNO service network, such as an Authentication-Authorization-Accounting (AAA) server. In short, the assignation of an IP address by the MNO core network (MNO-CN) to identify an authenticated user is a key aspect of the SSO solution for a typical MNO service network accessed through a trusted access network such as a GPRS network.
Under this special case, the MNO service network (MNO-SN) can only rely on the MNO core network (MNO-CN) authentication if the access network, which the user is accessing through, provides data origin authentication. This is the case, for example, when the user is accessing through a GPRS access network. In this context, data origin authentication means that for any data received from the access network, such as the above IP address that the user is assigned, the claimed originator of said data can be considered authentic, irrespective of the originator.
However, a WLAN access network is not able to assign IP addresses in a trustable way for the MNO, since the WLAN infrastructure usually does not belong to the MNO, and the anti-spoofing capabilities presently existing in a GPRS access network cannot be expected to be available in a WLAN access network. Consequently, an IP address assigned to an authenticated user and received at an MNO service network (MNO-SN) from a WLAN access network cannot be accepted as a token to track the presence of said user in the MNO service network and, hence/the traditional mechanism to support SSO authentication cannot be used.
At this stage, attention is called to the University paper commented above wherein no mention appears in respect of re-using or trusting a possibly previous access level authentication of the user with its own core network while likely accessing the serving entity (SP), namely accessing an entity in the service network, through a WLAN access network.
The present invention is aimed to provide means and method for offering a broader Single Sign-On mechanism to users of a mobile network operator when the users are accessing a service network through a non-trusted access network, said users having been previously authenticated by the core network of the mobile network operator.
Moreover, this aim also ambitions to make this means and method for offering the broader Single Sign-On mechanism also applicable to users of a fixed network operator under a single inventive concept.
Therefore, an object of the present invention is the provision of an SSO mechanism that allows the service network to trust on an authentication token received through a non trusted access network and intended to prove that a user had been previously authenticated.
It is a further object of the present invention that this SSO mechanism may also be used where the access network is a fully trusted access network so that distinguishing whether an access network may or may not be trusted by the service network becomes a superfluous discussion.