methods for authenticating a subscriber of a first network and several first networks to access an application service, and system for authenticating a subscriber of a first network to access application services

摘要

METHODS FOR AUTHENTICING A FIRST NETWORK SUBSCRIBER AND FIRST NETWORKS TO ACCESS AN APPLICATION SERVICE, AND SYSTEM TO AUTHENTIC A FIRST NETWORK SUBSCRIBER TO ACCESS APPLICATION SERVICES. The present invention relates to a system and method for authenticating a subscriber of a first network, for example, a GPRS / GSM network, to access application services through a second network, where the second network is a data network by packets (PDN), for example, Intemet. The system according to preferred embodiments of the invention includes a mobile station MS (2) connected to a cellular network and capable of generating access request messages included in the data packets, said access request messages being expressed with a syntax that conforms to an application level protocol; an AAA allocation server (7) capable of allocating an address on said second network to said subscriber (subscriber address) and providing a mapping between the subscriber address and a first subscriber identifier; a connection point (6), for example a GGSN, which interfaces the first network with the second network and assigns the subscriber address to MS 2; an STI Socket Injector (10) connected to the connection point (6) and capable of intercepting data packets generated from the endpoint station and directed to the second network through the connection point (6) and capturing in data packets at least the subscriber address, and an Identity Authority IA logical entity (9) connected to the STI 10 and capable of performing the following functions: receiving the subscriber address and access request message from the first entity logic, recognizing the application level protocol of the access request message, requesting the first subscriber identifier from the allocation server, generating an authentication token according to the application level protocol, said token including a second identifier of subscriber, and associate the authentication form with the access request message.