US2018317086A1PendingUtilityA1
Secondary Authentication of a User Equipment
Est. expiryJan 27, 2037(~10.5 yrs left)· nominal 20-yr term from priority
H04L 63/164H04L 9/0844H04W 76/25H04L 63/061H04W 88/023H04L 2463/082H04W 80/10H04W 76/11H04L 63/0892H04L 63/08H04L 63/0884H04W 12/06H04W 12/068H04W 12/0431H04W 12/062H04W 12/041G06F 21/30H04L 63/16
54
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A user equipment ( 18 ) is configured to receive an extensible authentication protocol, EAP, request ( 28 ) from a session management function, SMF, ( 14 ) that serves as an EAP authenticator for secondary authentication of the user equipment ( 18 ). The secondary authentication is authentication of the user equipment ( 18 ) in addition to primary authentication of the user equipment ( 18 ). The user equipment ( 18 ) is also configured to, responsive to the EAP request ( 28 ), transmit an EAP response ( 30 ) to the SMF ( 14 ).
Claims
exact text as granted — not AI-modified1 - 38 . (canceled)
39 . A method for secondary authentication of a user equipment, wherein the method comprises:
receiving, by the user equipment, an extensible authentication protocol, EAP, request from a session management function, SMF, that serves as an EAP authenticator for secondary authentication of the user equipment, wherein the secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment; and responsive to the EAP request, transmitting an EAP response from the user equipment to the SMF.
40 . The method of claim 39 , wherein the SMF is configured to forward the EAP request and the EAP response between the user equipment and an EAP server that executes an EAP authentication method for the EAP authenticator.
41 . The method of claim 40 , wherein the user equipment and the SMF are configured for use in a wireless communication network, wherein the EAP server is in a data network with which the user equipment requests a user plane session, wherein the secondary authentication of the user equipment is authentication of the user equipment to establish the user plane session, wherein the secondary authentication is delegated by the wireless communication network to the data network.
42 . The method of claim 40 , wherein the EAP request and the EAP response are transmitted between the SMF and the EAP server via a user plane function selected by the SMF.
43 . The method of claim 39 , wherein the EAP request and the EAP response are encapsulated within respective non-access stratum (NAS) protocol messages between the SMF and the UE.
44 . The method of claim 39 , wherein a session establishment request transmitted from the user equipment triggers the secondary authentication of the user equipment, wherein the session establishment request includes a secondary identity of the user equipment used for the secondary authentication, and wherein a session establishment response transmitted to the user equipment includes either an EAP success message indicating success of the secondary authentication or an EAP failure message indicating failure of the secondary authentication.
45 . A method for secondary authentication of a user equipment, wherein the method comprises:
transmitting an extensible authentication protocol, EAP, request from a session management function, SMF, to a user equipment, wherein the SMF serves as an EAP authenticator for secondary authentication of the user equipment, wherein the secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment; and responsive to the EAP request, receiving at the SMF an EAP response from the user equipment.
46 . The method of claim 45 , wherein the SMF is configured to forward the EAP request and the EAP response between the user equipment and an EAP server that executes an EAP authentication method for the EAP authenticator.
47 . The method of claim 46 , wherein the user equipment and the SMF are configured for use in a wireless communication network, wherein the EAP server is in a data network with which the user equipment requests a user plane session, wherein the secondary authentication of the user equipment is authentication of the user equipment to establish the user plane session, wherein the secondary authentication is delegated by the wireless communication network to the data network.
48 . The method of claim 46 , wherein the EAP request and the EAP response are transmitted between the SMF and the EAP server via a user plane function selected by the SMF.
49 . The method of claim 45 , wherein the EAP request and the EAP response are encapsulated within respective non-access stratum (NAS) protocol messages between the SMF and the UE.
50 . The method of claim 45 , wherein a session establishment request transmitted from the user equipment triggers the secondary authentication of the user equipment, wherein the session establishment request includes a secondary identity of the user equipment used for the secondary authentication, and wherein a session establishment response transmitted to the user equipment includes either an EAP success message indicating success of the secondary authentication or an EAP failure message indicating failure of the secondary authentication.
51 . A method for secondary authentication of a user equipment, wherein the method comprises:
transmitting an extensible authentication protocol, EAP, request from an EAP server to the user equipment via a session management function, SMF, wherein the SMF serves as an EAP authenticator for secondary authentication of the user equipment, wherein the secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment and wherein the EAP server is configured to execute an EAP authentication method for the EAP authenticator; and responsive to the EAP request, receiving at the EAP server via the SMF an EAP response from the user equipment.
52 . The method of claim 51 , wherein the user equipment and the SMF are configured for use in a wireless communication network, wherein the EAP server is in a data network with which the user equipment requests a user plane session, wherein the secondary authentication of the user equipment is authentication of the user equipment to establish the user plane session, wherein the secondary authentication is delegated by the wireless communication network to the data network.
53 . The method of claim 51 , wherein the EAP request and the EAP response are transmitted between the SMF and the EAP server via a user plane function selected by the SMF.
54 . The method of claim 51 , wherein the EAP request and the EAP response are encapsulated within respective non-access stratum (NAS) protocol messages between the SMF and the UE.
55 . The method of claim 51 , wherein a session establishment request transmitted from the user equipment triggers the secondary authentication of the user equipment, wherein the session establishment request includes a secondary identity of the user equipment used for the secondary authentication, and wherein a session establishment response transmitted to the user equipment includes either an EAP success message indicating success of the secondary authentication or an EAP failure message indicating failure of the secondary authentication.
56 . A user equipment comprising:
processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the user equipment is configured to:
receive an extensible authentication protocol, EAP, request from a session management function (SMF) that serves as an EAP authenticator for secondary authentication of the user equipment, wherein the secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment; and
responsive to the EAP request, transmit an EAP response from the user equipment to the SMF.
57 . The user equipment of claim 56 , wherein the SMF is configured to forward the EAP request and the EAP response between the user equipment and an EAP server that executes an EAP authentication method for the EAP authenticator.
58 . The user equipment of claim 19 , wherein the user equipment and the SMF are configured for use in a wireless communication network, wherein the EAP server is in a data network with which the user equipment requests a user plane session, wherein the secondary authentication of the user equipment is authentication of the user equipment to establish the user plane session, wherein the secondary authentication is delegated by the wireless communication network to the data network.
59 . The user equipment of claim 19 , wherein the EAP request and the EAP response are transmitted between the SMF and the EAP server via a user plane function selected by the SMF.
60 . The user equipment of claim 56 , wherein the EAP request and the EAP response are encapsulated within respective non-access stratum (NAS) protocol messages between the SMF and the UE.
61 . The user equipment of claim 56 , wherein a session establishment request transmitted from the user equipment triggers the secondary authentication of the user equipment, wherein the session establishment request includes a secondary identity of the user equipment used for the secondary authentication, and wherein a session establishment response transmitted to the user equipment includes either an EAP success message indicating success of the secondary authentication or an EAP failure message indicating failure of the secondary authentication.
62 . Network equipment configured for providing a session management function, SMF, wherein the control plane equipment comprises processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the SMF is configured to:
transmit an extensible authentication protocol, EAP, request from the SMF to a user equipment, wherein the SMF serves as an EAP authenticator for secondary authentication of the user equipment, wherein the secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment; and responsive to the EAP request, receiving at the SMF an EAP response from the user equipment.
63 . The network equipment of claim 62 , wherein the SMF is configured to forward the EAP request and the EAP response between the user equipment and an EAP server that executes an EAP authentication method for the EAP authenticator.
64 . The network equipment of claim 63 , wherein the user equipment and the SMF are configured for use in a wireless communication network, wherein the EAP server is configured for use in a data network with which the user equipment requests a user plane session, wherein the secondary authentication of the user equipment is authentication of the user equipment to establish the user plane session, wherein the secondary authentication is delegated by the wireless communication network to the data network.
65 . The network equipment of claim 63 , wherein the EAP request and the EAP response are transmitted between the SMF and the EAP server via a user plane function selected by the SMF.
66 . The network equipment of claim 62 , wherein the EAP request and the EAP response are encapsulated within respective non-access stratum (NAS) protocol messages between the SMF and the UE.
67 . The network equipment of claim 62 , wherein a session establishment request transmitted from the user equipment triggers the secondary authentication of the user equipment, wherein the session establishment request includes a secondary identity of the user equipment used for the secondary authentication, and wherein a session establishment response transmitted to the user equipment includes either an EAP success message indicating success of the secondary authentication or an EAP failure message indicating failure of the secondary authentication.
68 . An extensible authentication protocol, EAP, server comprising:
processing circuitry and memory, the memory containing instructions executable by the processing circuitry whereby the EAP server is configured to:
transmit an EAP request from the EAP server to a user equipment via a session management function, SMF, that serves as an EAP authenticator for secondary authentication of the user equipment, wherein the secondary authentication is authentication of the user equipment in addition to primary authentication of the user equipment and wherein the EAP server is configured to execute an EAP authentication method for the EAP authenticator; and
responsive to the EAP request, receive at the EAP server via the SMF an EAP response from the user equipment.
69 . The EAP server of claim 68 , wherein the user equipment and the SMF are configured for use in a wireless communication network, wherein the EAP server is configured for use in a data network with which the user equipment requests a user plane session, wherein the secondary authentication of the user equipment is authentication of the user equipment to establish the user plane session, wherein the secondary authentication is delegated by the wireless communication network to the data network.
70 . The EAP server of claim 68 , wherein the EAP request and the EAP response are transmitted between the SMF and the EAP server via a user plane function selected by the SMF.
71 . The EAP server of claim 68 , wherein the EAP request and the EAP response are encapsulated within respective non-access stratum (NAS) protocol messages between the SMF and the UE.
72 . The EAP server of claim 68 , wherein a session establishment request transmitted from the user equipment triggers the secondary authentication of the user equipment, wherein the session establishment request includes a secondary identity of the user equipment used for the secondary authentication, and wherein a session establishment response transmitted to the user equipment includes either an EAP success message indicating success of the secondary authentication or an EAP failure message indicating failure of the secondary authentication.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.