EP1025739A2 - Generation d'une valeur de depart - Google Patents

Generation d'une valeur de depart

Info

Publication number
EP1025739A2
EP1025739A2 EP98958929A EP98958929A EP1025739A2 EP 1025739 A2 EP1025739 A2 EP 1025739A2 EP 98958929 A EP98958929 A EP 98958929A EP 98958929 A EP98958929 A EP 98958929A EP 1025739 A2 EP1025739 A2 EP 1025739A2
Authority
EP
European Patent Office
Prior art keywords
encryption
algorithm
key
seed number
seed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP98958929A
Other languages
German (de)
English (en)
Inventor
Pasi Lahtinen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sonera Oy
Original Assignee
Sonera Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Oy filed Critical Sonera Oy
Publication of EP1025739A2 publication Critical patent/EP1025739A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party

Definitions

  • the present invention relates to a method as defined in the preamble of claim 1 for computing the key to an encryption algorithm used to encrypt messages transmitted over a telecommunication network and for generating the seed number needed for the computation of the encryption key by making use of the subscriber identity module of a mobile station.
  • the invention relates to a system as defined in the preamble of claim 7 for computing the key to an encryption algorithm used to encrypt messages transmitted over a telecommunication network and for generating the seed number needed for the computation of the encryption key by making use of the subscriber identity module of a mobi- le station.
  • SIM cards Subscriber Identity Module
  • the encryption algorithm implementing the encryption needs an encryption key.
  • a method is known in which a separate algorithm for computing the encryption key is implemented in the subscriber identity module of a mobile station.
  • the encryption key is stored on the subscriber identity module in conjunction with manufacture.
  • the encryption key is stored on the subscriber identity module when the latter is taken into use.
  • a problem with the prior-art methods is that managing the seed number needed for the computation of the encryption key and/or managing the encryption key is difficult and, e.g.
  • a further problem is that an encryption key permanently stored on the subscriber identity module is not as secure as an encryption key having a variable value.
  • the object of the present invention is to disclose a new type of method that eliminates the problems described above.
  • a further object of the invention is to disclose a system that can be used to implement said method.
  • a specific object of the present invention is to disclose a method and a system that allow flexible and safe management of seed numbers and encryption keys.
  • the encryption key. required by the encryption algorithm used for the encryption of communication is computed from a certain seed number by making use of the subscriber identity module of the mobile station.
  • the mobile station When the mobile station is activated, its subscriber identity module performs an authentication procedure with the mobile communication network. This is done by using an operator- specific authentication algorithm and a seed number consisting of a random number RAND generated by the mobile communication network.
  • the same authentication algorithm can be used to compute an encryption key.
  • the seed number is a number computed on the basis of a ran- dom number RAND generated by the authentication centre AC of the mobile communication network.
  • an application in the subscriber identity module computes the encryption key and stores it in the subscriber identity module. This encryption key is used when messages are to be encrypted and/or decrypted.
  • the present invention has the advantage that it makes the management of seed numbers and encryption keys considerably easier and simpler than before. As the seed numbers and encryption keys are calculated in the subscriber identity module when necessary, they need not be transmitted or set. A further advantage is that no separate equipment is needed for the management of seed numbers and encryption keys, which means that cost savings are achieved.
  • the invention also increases security. In the met- hod of the invention, the encryption key changes continuously and it is not transmitted anywhere, thus considerably reducing the chance of its getting into the hands of outsiders.
  • a seed number is calculated from a random number RAND generated by the authentication centre, producing a seed number such as RA D+1.
  • the encryption key is computed by using an A3 algorithm, which is an operator-specific authentication algorithm.
  • one or more encryption keys are used.
  • each application requiring encryption has its own encryption key, thus increasing security.
  • the encryption key is computed by using one or more successive algorithms so that the result of the preceding algorithm is used as the seed number for the next algorithm. This provides the advantage that the seed number for the new algorithm is changed, which leads to increased security.
  • a certain portion of the random number range used by the mobile communication network is reserved for the calculation of seed numbers.
  • the system of the invention for computing the key to an encryption algorithm used to encrypt messages transmitted over a telecommunication network and for generating the seed number needed for the computation of the encryption key by making use of the subscriber identity module of a mobile station comprises an encryption device and means for the transmission of encrypted messages.
  • the encryption device comprises a me- ans for computing an encryption key from a seed number.
  • the means used to transmit encrypted messages comprise a mobile station and an encryption server.
  • an encryption device is implemented both in the subscriber identity module and in the authentication centre.
  • the encryption device comprises a device for storing the encryption key.
  • the mobile station is GSM compatible.
  • Fig. 2 presents an example representing the hardware configuration of the system of the invention.
  • Fig. la illustrates a method in which the mobile communication network generates a random number RAND and sends it to the subscriber identity module 9. Based on this random number, a seed number RAND+1 is calculated.
  • This seed number 1 and the identification key Kj . 2 are input as starting values to an A3 algorithm 3.
  • the identification key K 2 is a user-specific secret parameter, which has been stored in the subscriber identity module 9 and in the authentication centre 10.
  • the A3 algorithm 3 is the same operator-specific algorithm that is used when the subscriber identity module 9 carries out an authentication procedure with the authentication centre 10 of the mobile communication network upon activation of the mobile station 8.
  • a feature characteristic of the A3 algorithm 3 is that com- puting the encryption key 4 from the seed number 1 and the identification key K ⁇ 2 is easy, but determining the identification key 2 on the basis of the seed number 1 and the encryption key 4 is extremely difficult.
  • the encryption key 4 is the result produced by the algorithm 3. This encryption key 4 is used when messages are to be encrypted and/or decrypted.
  • Fig. lb illustrates a variation of the method of the previous example.
  • the random number range is 0 - 10000. It is divided into two halves so that the random number RAND values 0 - 4999 are reserved for the computation of seed numbers 5.
  • the mobile communication network generates a random number RAND and sends it to the subscriber identity module 9. Based on the random number, a seed number RAND+5000 is calculated.
  • the seed number 5 and the identification key K L 2 are input as starting values to the A3 algorithm 3, which produces a new seed number 6 as a result.
  • the new seed number 6 thus computed and the identification key Kj . 2 are given as starting values to a new algorithm 7.
  • the result obtained is used as the final encryption key .
  • the advantage provided by this alternative is that the seed number ⁇ for the new algorithm 7 is automatically changed.
  • Fig. 2 illustrates a system in which encrypted short messages are transmitted between a GSM telephone 8 and an encryption server 12 in a GSM network.
  • An encryption device 11 has been implemented both in the subscriber identity module 9 of the mobile station 8 and in the authentication 10 of the GSM network.
  • the encryption device 11 comprises a SIM Application Toolkit, an application that computes the encryption key 4.
  • the encryption device 11 stores the compu- ted encryption key 4 for use.
  • the encryption device 11 computes an encryption key 4 on the basis of a seed number 1 and a user-specific identification key Ki 2 both on the SIM card 9 and in the authentica- tion centre 10.
  • an encryption algorithm such as an RSA or 3DES algorithm, implemented both on the SIM card and in the authentication server 12, encrypts/decrypts the message.
  • the key 4 is stored for the next time it is needed, or a new value for the key is computed each time.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé permettant de calculer la clé d'un algorithme cryptographique utilisé pour chiffrer les messages devant être transmis sur un réseau de télécommunications et pour générer la valeur de départ nécessaire au calcul de la clé de cryptage. Dans la présente invention, la valeur de départ utilisée est un nombre calculé à partir d'un nombre aléatoire généré par le centre d'authentification du réseau de communication mobile, et la clé de cryptage est calculée à l'aide de l'algorithme d'authentification à partir de la valeur de départ et d'une clé d'identification d'abonné.
EP98958929A 1997-11-11 1998-11-11 Generation d'une valeur de depart Withdrawn EP1025739A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FI974198A FI105253B (fi) 1997-11-11 1997-11-11 Siemenluvun generointi
FI974198 1997-11-11
PCT/FI1998/000879 WO1999025086A2 (fr) 1997-11-11 1998-11-11 Generation d'une valeur de depart

Publications (1)

Publication Number Publication Date
EP1025739A2 true EP1025739A2 (fr) 2000-08-09

Family

ID=8549914

Family Applications (1)

Application Number Title Priority Date Filing Date
EP98958929A Withdrawn EP1025739A2 (fr) 1997-11-11 1998-11-11 Generation d'une valeur de depart

Country Status (7)

Country Link
EP (1) EP1025739A2 (fr)
JP (1) JP2001523064A (fr)
AU (1) AU1489299A (fr)
CA (1) CA2309666A1 (fr)
FI (1) FI105253B (fr)
NZ (1) NZ504378A (fr)
WO (1) WO1999025086A2 (fr)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7328350B2 (en) 2001-03-29 2008-02-05 Arcot Systems, Inc. Method and apparatus for secure cryptographic key generation, certification and use
GB2350981A (en) * 1999-06-11 2000-12-13 Int Computers Ltd Cryptographic key recovery
KR20010004791A (ko) * 1999-06-29 2001-01-15 윤종용 인터넷 환경의 이동통신시스템에서 사용자 정보 보안 장치 및그 방법
FI109864B (fi) 2000-03-30 2002-10-15 Nokia Corp Tilaajan autentikaatio
WO2002028020A2 (fr) * 2000-09-29 2002-04-04 The Regents Of The University Of California Systeme et procede d'acces de reseau ad hoc au moyen du choix reparti d'un calendrier d'emission partage
US6983375B2 (en) * 2001-04-13 2006-01-03 Ge Medical Technology Services, Inc. Method and system to grant indefinite use of software options resident on a device
US7424115B2 (en) 2003-01-30 2008-09-09 Nokia Corporation Generating asymmetric keys in a telecommunications system
FI120174B (fi) 2004-03-19 2009-07-15 Nokia Corp Tietojen tallentaminen laitteen yhteydessä
CN1747384A (zh) * 2004-09-08 2006-03-15 华为技术有限公司 验证密钥设置方法
JP4790731B2 (ja) * 2005-02-18 2011-10-12 イーエムシー コーポレイション 派生シード
US7925895B2 (en) 2005-02-22 2011-04-12 Kyocera Mita Corporation Data management apparatus, data management method, and storage medium
JP2007019711A (ja) * 2005-07-06 2007-01-25 Kyocera Mita Corp データ管理装置およびそのプログラム
GB2512595A (en) * 2013-04-02 2014-10-08 Mastercard International Inc Integrated contactless mpos implementation
JP5847345B1 (ja) * 2015-04-10 2016-01-20 さくら情報システム株式会社 情報処理装置、認証方法及びプログラム

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4797672A (en) * 1986-09-04 1989-01-10 Octel Communications Corp. Voice network security system
JP3080382B2 (ja) * 1990-02-21 2000-08-28 株式会社日立製作所 暗号通信システム
US5201000A (en) * 1991-09-27 1993-04-06 International Business Machines Corporation Method for generating public and private key pairs without using a passphrase
IL107967A (en) * 1993-12-09 1996-12-05 News Datacom Research Ltd Apparatus and method for securing communication systems
EP0688929B1 (fr) * 1994-06-21 2004-10-13 Microchip Technology Inc. Auto-apprentissage protégé
SE506619C2 (sv) * 1995-09-27 1998-01-19 Ericsson Telefon Ab L M Metod för kryptering av information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9925086A2 *

Also Published As

Publication number Publication date
WO1999025086A2 (fr) 1999-05-20
CA2309666A1 (fr) 1999-05-20
WO1999025086A3 (fr) 1999-10-28
FI974198A0 (fi) 1997-11-11
JP2001523064A (ja) 2001-11-20
AU1489299A (en) 1999-05-31
FI105253B (fi) 2000-06-30
NZ504378A (en) 2002-03-28
FI974198A (fi) 1999-05-12

Similar Documents

Publication Publication Date Title
US4956863A (en) Cryptographic method and apparatus for public key exchange with authentication
EP0841770B1 (fr) Procédé d'émission d'un message sécurisé dans un système de télécommunications
US8223970B2 (en) Message deciphering method, system and article
US7716483B2 (en) Method for establishing a communication between two devices
US5544245A (en) Mutual authentication/cipher key delivery system
CA2303048C (fr) Procede de securite pour transmissions dans des reseaux de telecommunications
EP0735723B1 (fr) Procédé et dispositif de communication cryptographique
US5915021A (en) Method for secure communications in a telecommunications system
US5602917A (en) Method for secure session key generation
CN101217362B (zh) 一种基于动态随机化drntru公钥加密系统建立的rfid通信安全机制
KR100943683B1 (ko) 데이터 전송 안전 확보 방법, 통신 시스템 및 통신 장치
US6047072A (en) Method for secure key distribution over a nonsecure communications network
EP0792042A3 (fr) Procédé de communication utilisant une clé cryptographique commune
WO2001001630A1 (fr) Procedes et dispositifs permettant d'assurer une liaison securisee d'authentification d'entite et de generation de cles de chiffrement
US7620186B2 (en) Method for establishing an encrypted communication by means of keys
WO1999025086A2 (fr) Generation d'une valeur de depart
US20020199102A1 (en) Method and apparatus for establishing a shared cryptographic key between energy-limited nodes in a network
FI964926A0 (fi) Tiedonsiirron osapuolien oikeellisuuden tarkistaminen tietoliikenneverkossa
EP1763192A1 (fr) Personnalisation on cascade d'un module de chiffrement de bout en bout
JPS6346028A (ja) 暗号鍵配布方式
Smith et al. Identity-based cryptography for securing mobile phone calls
JPH0897813A (ja) 通信方法および装置
JP2565893B2 (ja) 共有鍵生成方法
CA2024049A1 (fr) Methode et appareil de cryptographie pour l'echange d'informations au moyen d'une cle publique avec verification d'identite

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20000504

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RAX Requested extension states of the european patent have changed

Free format text: LT PAYMENT 20000504

RAX Requested extension states of the european patent have changed

Free format text: LT PAYMENT 20000504;LV PAYMENT 20000504

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20030603

REG Reference to a national code

Ref country code: NL

Ref legal event code: ZD

Free format text: PAT. BUL. 11/2005 HEADING PD, SECTION 4, PAGE 1685, INT.CL. A42B 1/24, PATENT NO. 1025739; THE NAME OF THE INVENTOR SHOULD READ: HERMAN JACQUES MONSHOUWER TE AMÜUR BANGLAMUNG (TH).