Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces

A technology for single sign-on and user management, which is applied in user identity/authority verification, transmission system, digital data authentication, etc. It can solve problems such as large delays, and achieve the effect of facilitating switching and reducing processing overhead

Inactive Publication Date: 2007-08-08
PANASONIC CORP
View PDF2 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Especially if the user is in a foreign domain away from their home domain, the resulting delay will be significant
For some real-time applications, this type of delay in handover processing would be unacceptable

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces
  • System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces
  • System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0064] Figure 1 illustrates an example embodiment of the invention for obtaining global authentication in a federated web services environment. It will be obvious to anyone of ordinary skill in the art that the present invention can be applied to any service with a similar authentication structure.

[0065] Each terminal (1.3) has a unique user identity within its home domain (1.1). The ID is globally unique and includes information about the home domain. Distribute it to the user when the user is associated with the domain. For example, when a user subscribes to an operator, the identification is placed in the SIM / USIM card provided to the user. When a user needs to authenticate himself to the home domain, he can use a different device, such as a laptop with a SIM reader, a handset, etc. The user can also perform simultaneous authentication using several devices. Thus, in order to uniquely identify the user's authentication session, another authentication session identifi...

no. 2 example

[0127] The subscription capability (3.3, 7.4) embedded in the return message by the AAA server includes the authorized interface type information and the QoS level information of each interface type granted by the AAA server to the terminal of the visiting domain.

[0128] The authorized interface type information includes a list of network interface types that the terminal is authorized to use in the access domain. The AAA server will only include the network interface type provided by the access domain that initiated the "authentication confirmation query" and the network interface type subscribed by the user. For example, for the system structure in Fig. 2, the subscription capability information returned to the access domain (1.2) will include "Bluetooth, WLAN, UMTS", although this user can also subscribe to the GPRS above the above three network interfaces, this is for It is agnostic to the visiting domain (1.2). This is because the access domain (1.2) only provides thes...

no. 3 example

[0139] In accessing multiple domain services, a user may have multiple subscriptions. In this case, the user terminal will need to meet multiple home domain situations, especially network sharing. For example, a domain federated with a user's home domain 1 may own a WLAN hotspot, but it may also be shared by the user's home domain 2 . Thus, the user terminal must be able to select which subscriptions are to be authenticated.

[0140]A solution to this problem is for the user's home domain to provide the relevant information to the user as part of the subscription profile, eg saving it to the USIM card given to the user. The user terminal will maintain a list of home domains. When a user terminal needs to access a network, it will obtain domain information related to the network, and compare it with the information in the home domain list. If one of its home domains owns the network, the user terminal will attempt to authenticate using the corresponding subscription from tha...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A single-sign-on to access multiple networks residing at multiple domains is disclosed. In particular the single-sign-on features refers to the authentication and the authorization process carried out among the different network administration domains so that the terminal using the end service need not explicitly initiate the authentication process each time it accesses a new service. This invention's single-sign-on feature can be extended for usage in a federated domain environment and non-federated domain environment. The non-federated domains are able to form an indirect federation chain through other domains in order to utilize this invention. Therefore discovery of intermediate domains to form a federation chain is also covered. The management of user credentials to allow a Visited Domain to perform authetication is also covered in this invention.

Description

technical field [0001] The invention relates to the field of data communication networks. In particular, it relates to access control in mobile telecommunication networks for simpler cross-domain service provisioning. Typically, a user needs to perform multiple logins in order to access services provided by different networks in different administrative domains. The present invention enables users in directly or indirectly federated multiple domain environments to have a single login and access to the services provided by all these networks. Also, due to the present feature provided, it can be used for fast switching to facilitate the user to switch to a network providing the same service at any time. In environments where multimodal terminals are permitted, the invention is particularly useful for enabling the user to access services through all network interfaces through a single sign-on process. Background technique [0002] In today's world, to address the inefficienc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/31G06F21/41
CPCG06F21/41H04L63/0815H04L9/32G06F15/16G06F21/00H04L69/00
Inventor 谢佩恩程洪
Owner PANASONIC CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products