公开(公告)号：AU2003245887A1

公开(公告)日：2003-12-12

申请号：AU2003245887

申请日：2003-05-23

Applicant: ERICSSON TELEFON AB L M

Inventor： BUSBOOM AXEL ,  QUINET RAPHAEL ,  SCHUBA MARKO ,  HOLTMANNS SILKE

IPC: G06F21/20 ,  G06F1/00 ,  G09C1/00 ,  H04L29/06

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.

公开(公告)号：DE60314871D1

公开(公告)日：2007-08-23

申请号：DE60314871

申请日：2003-05-23

Applicant: ERICSSON TELEFON AB L M

Inventor： BUSBOOM AXEL ,  QUINET RAPHAEL ,  SCHUBA MARKO ,  HOLTMANNS SILKE

IPC: G06F21/20 ,  H04L29/06 ,  G06F1/00 ,  G09C1/00

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.

公开(公告)号：ES2274229T3

公开(公告)日：2007-05-16

申请号：ES03724957

申请日：2003-04-04

Applicant: ERICSSON TELEFON AB L M

Inventor： BUSBOOM AXEL ,  HOLTMANNS SILKE ,  QUINET RAPHAEL ,  SCHUBA MARKO

IPC: H04L29/06

Abstract: Un método para proporcionar acceso para una entidad solicitante de datos (IRE) a datos relacionados con un principal, que comprende los pasos siguientes: crear un tique de concesión de acceso que comprende (a) una especificación de acceso que específica un permiso para un acceso a datos relacionados con el principal, estando dichos datos disponibles en una entidad proveedora de datos (IPE1), (b) un identificador de principal que representa el principal ante la entidad proveedora de datos (IPE1), - encriptar el tique de concesión de acceso con una clave de encriptación de la entidad proveedora de datos (IPE1), - comunicar a la entidad solicitante de datos (IRE) el tique de concesión de acceso encriptado acompañado por un identificador de la entidad proveedora de datos (IPE1), - comunicar a partir de la entidad solicitante de datos (IRE) a la entidad proveedora de datos (IPE1) una solicitud que comprende el tique de concesión de acceso encriptado, - descifrar el tique de concesión de acceso encriptado con una clave de desencriptación de la entidad proveedora de datos (IPE1) que corresponde a la clave de encriptación, - proporcionar a la entidad solicitante de datos (IRE) acceso a los datos relacionados con el identificador de principal según la especificación de acceso.

公开(公告)号：CA2526237A1

公开(公告)日：2004-10-14

申请号：CA2526237

申请日：2003-04-04

Applicant: ERICSSON TELEFON AB L M

Inventor： SCHUBA MARKO ,  QUINET RAPHAEL ,  HOLTMANNS SILKE ,  BUSBOOM AXEL

IPC: H04L29/06

Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of t he data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granti ng ticket with a decryption key of the data providing entity (IPE1) correspondi ng to the encryption key, (vi) providing to the data requesting entity (IRE) access to data related to the principal identifier according to the access specification.

公开(公告)号：AU2003212261A1

公开(公告)日：2004-09-09

申请号：AU2003212261

申请日：2003-02-21

Applicant: ERICSSON TELEFON AB L M

Inventor： BUSBOOM AXEL

IPC: G06F21/31 ,  G06F21/62 ,  H04L29/06 ,  G06F1/00 ,  G06F17/60

Abstract: A method for sign-on in a network based communications environment is described. Authentication of a first entity is requested by a second entity for accessing a service to be provided by the second entity to the first entity. The authentication is provided by a third entity. Data that identify the second entity are blinded towards the third entity. Blinding means that data identifying the second entity are modified such that the blinded data do not provide any information on the basis of which the second entity can be identified preferably except for the entity which has at least initiated data blinding, here the first entity. Examples for blinding include the use of a pseudonym or alias for the data identifying the second entity. According to a preferred embodiment, the method according to the present invention is used for a single sign-on. Referring to the above description of single sign-on, e.g. in line with the LAP specifications, the present invention provides a method for blinding the identity of the service provider SP towards the identity provider IdP.

公开(公告)号：AU2003245887A8

公开(公告)日：2003-12-12

申请号：AU2003245887

申请日：2003-05-23

Applicant: ERICSSON TELEFON AB L M

Inventor： SCHUBA MARKO ,  HOLTMANNS SILKE ,  QUINET RAPHAEL ,  BUSBOOM AXEL

IPC: G06F21/20 ,  G06F1/00 ,  G09C1/00 ,  H04L29/06

Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.