136 results about "Extensible Authentication Protocol" patented technology

A wireless authentication protocol. Access to a network is managed by providing a challenge-handshake protocol within the Extensible Authentication Protocol for authentication between a client and the network.

A method, Wireless Local Area Network (WLAN) client, and WLAN Service Node (WSN) that allows an Extensible Authentication Protocol—Subscriber Information module (EAP-SIM) module of the WLAN client, which module may be wither downloaded from the Internet or pre-installed in the WLAN client, to extract user credentials from a Subscriber Information Module (SIM) card, and to package the credentials into the EAP-SIM format and further into the TCP / IP format, before sending them to the WSN via a serving Access Point (AP). The WSN receives the credentials and unpacks them from the TCP / IP format and further from the EAP-SIM format, and authenticates / authorizes the WLAN client. WLAN access is authorized for the WLAN client upon successful authorization.

One aspect relates to a communication protocol for communicating between one or more entities, such as devices, hosts or any other system capable of communicating over a network. A protocol is provided that allows communication between entities without a priori knowledge of the communication protocol. In such a protocol, for example, information describing a data structure of the communication protocol is transferred between communicating entities. Further, an authentication protocol is provided for providing bidirectional authentication between communicating entities. In one specific example, the entities include a master device and a slave device coupled by a serial link. In another specific example, the communication protocol may be used for performing unbalanced transmission between communicating entities.

The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials.; The flexible, configurable and extendable authentication framework supports a wide variety of authentication scheme and supports third party, proprietary and customized authentication schemes.

The invention relates to an authentication protocol for increasing safety against a man-in-the-middle (MITM) access attack for point-to-point communication (10), between client computer (12) and server (14), to services. The server (14) responds with an N byte nonce value and the client computer (12) utilizes a hash algorithm to compute a hash value of the parameters clients' password, client computer unique IP address, server IP address, and the nonce value. The hash value is transmitted through the client computer (12) as an authenticator for accessing the services, whereby the server (14) reproduces the authenticator by utilizing the same hash algorithm and parameters. A compare between the reproduction and the transmitted authenticator is accomplished. If they match, the grant of an access to the server (14) and services is authorized. By utilizing the client computer (12) unique IP address in the authenticator it prevents a MITM computer (16), having a different IP address, from addressing the server with a matching authenticator. The present invention also comprises an authenticator signal and a medium for carrying the signal.

A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.

A method for adding other authentication protocol in IEEE802.11 WAPI (WLAN Authentication and Privacy Infrastructure), especially adding the authentication protocol based on key shared by access point and mobile terminal, and based on EAP (Extensible Authentication Protocol), said method realizes adding new protocol in original WAPI and selecting between original WAPI and new added protocol, permitting the mutual authentication between the access point with / without new added protocol and mobile terminal, insuring compatible with original WAPI protocol, said invention can escalate access point with WAPI and mobile terminal, in authentication, both of original WAPI and new added protocol can be set forced use, and also can set use access point and terminal neachievediation protocol, in all supporting new added protocol using WAPI or new added protocol, in one part does not support new added protocol using original WAPI.

The invention discloses a method, a system and equipment for transporting signaling, belonging to the communication field. The method for transporting singling comprises the following steps: signaling information from a terminal is received by an extensible authentication protocol (eAN) / PCF through a first default route, and the signaling information is sent to an HRDP serving gateway (HSGW) through a second default route; or signaling information from the HSGW is received by the eAN / PCF through the second default route, and the signaling information is sent to the terminal through the first default route; and the bearing separation of the signaling information and data is achieved through the bearing signaling information of the first default route and the second default route. The system for transporting singling comprises user equipment (UE), the eAN / PCF and the HSGW. The sorting of a user plane data packet and signaling in a band can be avoided by using signaling outside the band, the performance of the system for transporting signaling is improved, the processing capacity of the HSGW and the capacity of a serviceable terminal are enhanced, the band width of the surface of the signaling is ensured, the signaling can not lose under the high load of the system for transporting signaling, and the stability and the reliability of the system for transporting signaling are improved. Because the surface of the signaling and the user plane are logically separated, the system for transporting signaling more structurally meets the requirement of the third generation partnership project (3GPP).

A method in a system for transferring accounting information, a system for transferring accounting information, a method in a terminal, a terminal, a method in an Extensible Authentication Protocol (EAP) service authorization server, an EAP service authorization server, a computer program, a computer program, an Extensible Authentication Protocol response (EAP-response) packet. The method in a system comprises: metering data related to service used by at least one terminal, providing the metered data as accounting information to at least one Extensible authentication Protocol (EAP) service authorization server, sending, by means of an Extensible Authentication Protocol request (EAP-request), a service authorization request from said at least one EAP service authorization server to said at least one terminal, digitally signing accounting information, in said at least one terminal, including, at said at least one terminal, the digitally signed accounting information in an Extensible Authentication Protocol response (EAP-response), and sending the digitally signal accounting information to an AAA-server.

A media-independent handover key management architecture is disclosed that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. In the preferred embodiments, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for a proactive mode of operation. It can also be optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node.