EP1634425A1 - Method and device for forming and encrypting an encrypted message containing communication configuration data - Google Patents

Method and device for forming and encrypting an encrypted message containing communication configuration data

Info

Publication number
EP1634425A1
EP1634425A1 EP04766057A EP04766057A EP1634425A1 EP 1634425 A1 EP1634425 A1 EP 1634425A1 EP 04766057 A EP04766057 A EP 04766057A EP 04766057 A EP04766057 A EP 04766057A EP 1634425 A1 EP1634425 A1 EP 1634425A1
Authority
EP
European Patent Office
Prior art keywords
communication
unit
communication unit
configuration data
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04766057A
Other languages
German (de)
French (fr)
Inventor
Jorge Cuellar
Hannes Tschofenig
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks GmbH and Co KG
Original Assignee
Siemens AG
Nokia Solutions and Networks GmbH and Co KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to DE10327610 priority Critical
Application filed by Siemens AG, Nokia Solutions and Networks GmbH and Co KG filed Critical Siemens AG
Priority to PCT/EP2004/051153 priority patent/WO2005004433A1/en
Publication of EP1634425A1 publication Critical patent/EP1634425A1/en
Application status is Withdrawn legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance or administration or management of packet switching networks
    • H04L41/08Configuration management of network or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/001Protecting confidentiality, e.g. by encryption or ciphering
    • H04W12/0013Protecting confidentiality, e.g. by encryption or ciphering of user plane, e.g. user traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/04Key management, e.g. by generic bootstrapping architecture [GBA]

Abstract

A cryptographic key pair is formed (226) using an Internet-based authentication method, in order to transmit (230) communication configuration data from a first communication unit to a second communication unit in a secure cryptographic manner.

Description

METHOD AND DEVICE FOR FORMING AND DECODING AN ENCRYPTED MESSAGE WITH COMMUNICATION CONFIGURATION DATA

description

Method and apparatus for forming an encrypted message, and methods and means for decrypting the encrypted message egg 5 ner

The invention relates to a method and means for forming an encrypted message and a method and a device for decrypting an encrypted message 10.

A mobile radio communication terminal receives as part of the network access of the communication network usually have a set of configuration parameters, which comprise, for example, 15 communication link parameters. The mechanism used in connection with the provision of the configuration parameters is dependent on the particular application scenario.

For a mobile communication terminal that logs in 20 local network, such as a wireless local area network (LAN), such as a so-called hot spot as an access node to the local network the possibility of providing configuration parameters is not currently often because neither Point-to-Point Protocol Pro 25 (PPP) or virtual private communication networks (virtual private network, VPN) are used. If there is no protection of the configuration data used by the respective mobile communication terminal, ie the configuration parameters, there is for an attacker to 30 the opportunity to both the mobile communication terminal as well as harm the communication network. A description of the existing security threats can be found for example in [1]. Fig.l is a block diagram illustrating a communication arrangement 100th The communication arrangement 100 includes an access network 101 and a network domain 102, which together by means of an access router 105 (Access Router) are coupled.

at least one mobile radio communication terminal 103 and a switching node are also provided 104 (Link Node) in the access network 101 to a mobile communication connection between the mobile communication terminal 103 and the network domain 102 and also to provide with other communication terminals.

a plurality of necessary communications are further illustrated in Fig.l nikationsprotokollen that are performed as part of a communication network access procedure. By the arrows or the double arrows shown in each case, between which entities of the communication entities involved the respective communication protocol is carried out.

Thus, as shown by a first arrow 106, intermediate see the communications network domain 102 and the access router 105, a protocol for providing the communication network domain security provided (1. Network Domain Security in Fig.l).

Further, under a second communication protocol, illustrated in Fig.l by means of a second arrow 107, a secure IP address configuration provided (2. Secure IP Address Configuration in Fig.l). Using the mobile communication terminal 103 of switching node 104 and the access router 105, an establishment of an authentication and security carried standardized relationship between on the one hand to the mobile communication terminal 103 and the access router 105, and between the access router 105 and the communications network domain 102 in Fig.l symbolized by a third arrow 108 and a fourth arrow 109 (3. Authentication and Security Association establishment in Fig.l).

Further, usually communication protocols are at the level of the layer 2 of the OSI reference model (OSI: Open sys- tems Interconnection), that is provided for providing security mechanisms at the level of the data link layer, represented in Fig.l by means of a 'fifth arrow 110 between the mobile communication terminal 103 and switching node 104 or by a sixth arrow 111 to secure communications on Datensicherungsschicht- level between switching node 104 and the access router 105th

A seventh arrow 112 symbolizes a further communication protocol to provide security mechanisms at the Internet protocol layer level between the mobile communication terminal 103 and the access router 105th

Of particular importance are the communication hereinafter onsprotokolle to secure IP address configuration (indicated by the second arrow 107) and the authentication and security relationship establishment (symbolized by the third arrow 108 and by the fourth arrow

109).

To provide configuration parameters in the context of corporate communication networks, it is known to configure them either statically or dynamically, for example, according to the Dynamic Host Configuration Protocol for IPv6 (DHCPvβ) as described in [2] or [3] described.

In [2] and [3] itself is not a cryptographic protection of the respective communication protocols described therein is provided. However, the DHCP provides the ability to secure the electronic messages of the communication protocol through a pre-negotiated kryptographisehen key. This possibility is described in [4].

For access to an Internet service provider is currently almost exclusively the Point-to-Point Protocol (PPP) or a variation, called Point-to-Point Protocol over Ethernet (PPPoE), used to the necessary configuration parameters to the mobile communication terminal to transmit.

For access to a virtual private network (Virtual Private Network, VPN), it is known to use two protocols to the configuration parameters for the mobile communication terminal, ie the configuration data cryptographically protected to transport, namely a first protocol ModeConfig and a second communication protocol DHCP, which protocols in [5], [6], [7] and [8] are described. In the communication protocol ModeConfig were in the Au- thentifikations- and key negotiation protocol Internet

Key Exchange (IKE) (described in [9]) or in the Internet

Key Exchange v2 protocol (IKEv2) described in [10], domestic tegriert.

In order to enable kryptographiseh secure transmission of configuration parameters between the communication network and a mobile communication terminal, different methods have been used in the past.

These methods can be divided into three groups in particular:

1. extensions to DHCP:

To DHCP message communication devices in the field of mobile communications were cryptographically protect a set of extensions to DHCP proposed, as described for example in [11], [12], [13] and [14] are described.

These extensions to DHCP should enable a mobile communication terminal to build dynamically in the communication network, a security relationship with the DHCP server computer.

2. Extensions of Extensible Authentication Protocol (EAP) Method:

The Extensible Authentication Protocol is described in [16]. In [15] an extension of an EAP method is described with which it is possible, derzuverwenden the Internet Key Exchange Protocol v2, as described in [10] How-.

As a side effect in IKEv2 the possibility of transferring protected configuration parameters kryptographiseh.

3. bootstrapping method:

Further, a communication protocol proposal is known with which the initial network authentication using EAP, and providing a safety communication link is made possible with the DHCP server computer (see FIG. [17]).

The advantage of this method is the separation between the network authentication and the cryptographic see securing the DHCP messages.

The DHCP communication protocol must not be changed in this case.

In [18] a method for the EAP authorization is described.

Further extensions to the Extensible Authentication Protocol for kryptographiseh secure transmission of data are described in [19], [20] and [21].

The invention is based on the problem of providing cryptographically secured a communication device in a simple way communication configuration data. The problem is solved by a method and means for forming an encrypted message and a method and a device for decrypting an encrypted message having the features according to the independent claims.

Preferred developments of the invention emerge from the dependent claims. The Ausges- described below taltungen the invention relate to both the method and the means for forming an encrypted message as well as the method and means for decrypting an encrypted message.

The described below, components of the invention may be in software, ie by means of a computer program, in hardware, that is by means of a special electric circuit, or in any desired hybrid form, that is, be partially implemented in hardware and partly in software.

In a method for forming an encrypted message, said encrypted message communication comprising configuration data, a data link layer between a first communications unit and a second communication unit is performed onsverfahren an Internet-based Authentifikati- using at least one service of one unit, whereby first the communication unit and the second communication unit, at least one pair of cryptographic keys, comprising at least two mutually corresponding kryptographiseh key, is formed. Using at least one cryptic tographischen key of the at least one rule cryptographic key pair, the communication is encrypted configuration data from the first communication unit, with which the encrypted message is formed.

In a method for decrypting an encrypted message containing encrypted message communication configuration data, an Internet-based Authentifikati- is performed onsverfahren using at least one service of one unit of a link layer between a first communications unit and a second communications unit, whereby for the first communication unit and at least one pair of cryptographic keys is formed for the second communication unit. Using at least one cryptographic key of at least a cryptographic key pair, the communication contained in the encrypted message to determine configuration data from the second communication unit by decrypting the encrypted message.

Means for forming an encrypted message, encrypted message communication which

contains configuration data that includes a key generation unit which is adapted onsverfahren using at least one service of one unit of a link layer between a first communications unit and a second communication unit an Internet-based Authentifikati- perform, thereby for the first communication unit and the second communication unit at least one pair of cryptographic keys is formed. Further, the device has an encryption unit, WEL before is arranged to encrypt the using at least one cryptographic key at least a cryptographic key pair, the communication configuration data, whereby the encrypted message is formed.

Means for decrypting an encrypted message, said encrypted message communication comprising configuration data that includes a key generation unit which is configured using at least one service of one unit of a link layer between a first communications unit and a second communication unit an Internet-based Authentifikati- onsverfahren carried out, thereby forming a pair of cryptographic keys is formed for the first communication unit and the second communication unit at least. Further, the device has a decryption unit, WEL before is configured using at least one cryptographic key of the at least one cryptographic key pair communication configuration data from the second communication unit by decrypting the encrypted message which contains the communication configuration data, decrypt.

According to one embodiment of the invention, the Internet-based authentication method is based on an Extensible Authentication Protocol methods.

Alternatively, any authentication method can be used, in which a pair of cryptographic keys will be formed and which directly the services of the data link layer without interposition of an IP layer is made in the presence demanding. This clearly means that the inter- net-based authentication method at layer 3 level in accordance with the OSI reference model, that is implemented at the level of the network layer. In other words, this means that the present invention standardized configuration protocols, such as are described for example in [5], [6], [7] or [8], used to configure a communication terminal, preferably a mobile communication terminal, that is, with configuration data, hereinafter also referred to as configuration data communications or communications to provide configuration parameters.

This is done in a manner that is not provided in accordance with the prior art.

Clearly, the standardized protocols Konfigurationsproto- kryptographiseh be secured using cryptic tographischer keys that were formed by a preceding web-based authentication method, particularly preferably fikationsverfahren a previous EAP-based Netzwerkauthenti- or network authentication mechanism.

In other words, standardized configuration protocols such as DHCP or ModeConfig protected in a previous Netzwerkzugangsauthentifika- tion formed cryptographic key.

The communication configuration information may be transmitted to the second communication unit using electronic messages according to the Web-based authentication method of the first communication unit. In particular, this embodiment of the invention has the advantage that already the communication protocol used for authentication and for key generation in the to-use message formats can be used by the communication network to the communication terminal and to transmit the communication configuration data, whereby the implementation of the method according to the invention considerably simplifies becomes.

According to another embodiment of the invention, it is provided that the co munikations configuration data using electronic messages according to any one of the present internet-based authentication process transmitted from the first communication unit to the second communication unit

• Protected Extensible Authentication Protocol methods,

• Extensible Authentication Protocol Tunneled TLS Authentication Protocol methods, or

• Protocol for Carrying Authentication for Network Access method.

In other words, this means that the transfer of the communication configuration data according to the can be in [20], the gene transferred in [21] or by the method described in [17] procedures.

When the EAP-based process itself used to transmit the communication configuration data, the protection of the EAP-configuration messages over itself can well-known te tunneling methods, such as those described in [20], [21] or [17] are described, or by EAP-internal protection mechanisms, for example, be in accordance with [19]. In this context, it is also possible to use The described in [18] The method as a container to transport the com- munikations configuration data.

Preferably, the first communication unit is a communication unit of a communication network element, more preferably a communication unit of a communication network element in a mobile communication network, for example according to a 3GPP mobile radio standard, for example a Kommunikationsnetz- network element, which is in accordance with UMTS arranged alternatively according to a is set up another wireless standard, eg GSM.

According to another embodiment of the invention, it treadmill is intended that the second communication unit is a communication terminal, more preferably a mobile communication terminal, such as established in accordance with a mobile communication standard according to the 3GPP, for example according to the UMTS communication standard, alternatively, according to the GSM communication standard ,

Particularly in the context of the transfer of configuration data to a mobile communication terminal via an air interface procedures for operations described above is suitable se, as the standard in this regard co munika- tion protocols very simple and inexpensive can be used for securely transmitting the communication configuration parameters from a Kommunikationsnetzwerk- domain towards a mobile Koinmunikationsendgerät.

According to another embodiment of the invention, it is provided that the communication configuration data is encoded according to a protocol format of a protocol for configuring a communication terminal, preferably according to a protocol format of a protocol for dynamically configuring a communication terminal, more preferably according to a protocol format of a Dynamical Host Configuration Protocol for dynamically configuring a communication terminal, as described for example in [2].

Particularly, in an EAP-based authentication method, the use of the based part of the EAP authentication method generated cryptographic specific key material for cryptographically secured communication as the communication configuration data in the context of a DHCP communication protocol or ModeConfig- communication protocol is characterized by the simplicity and thus the cost feasibility out.

Under communication configuration data, all the data or parameters are to be understood in this context, by means of which communication characteristics of the Kommunikationsendge- Raets be characterized as part of a communication session.

For example, among communication configuration data, a provided by means of the configuration log, preferably according to the Dynamical Host Configuration Protocol data for characterizing the communication terminal, for example, provided according to the BOOTP information, provided a the BOOTP-based server computer, in particular the IP address of the communication terminal, a so-called subnet mask, an IP address of the default gateway, an IP address of the primary DNS server and / or the secondary DNS server, an IP address of the primary WINS server or an IP the secondary WINS server address is a path to the required BOOTP file, a communication network domain suffix of the client, ie the mobile radio communication terminal, an IP address of a time server computer as well as a time offset from Coordinated Universal time (CMT).

Embodiments of the invention are illustrated in the figures and are explained in more detail below.

Show it

1 shows a communication arrangement according to the prior art;

2a to 2d show a message flow diagram in which the individual process steps for transmitting com- munikations configuration data are presented according to a first embodiment of the invention; and

Figure 3a and 3b is a message flow diagram in which the individual process steps for transmitting communication nication configuration data according to a second embodiment of the invention are shown.

2a to Figure 2d shows a message flow diagram 200, in which the exchange of electronic messages between units of a mobile radio communication system, configured according to the UMTS communication standard, is shown. In particular, are shown to Figure 2d 2a in a Mo- bilfunk communication terminal 201, a wireless local area network (WLAN) access node computer 202, a TTLS server computer 203 and an Authorization Authentication and Ac-counting unit 204 (AAA) unit. The other conventional components of the cellular communication network according to the UMTS standard, in particular the units of the core network and the other mobile communication terminals, or wireline communication terminals, which are also provided in the communication system for providing a communication link are, for the sake of simplicity in the message flow diagram 200 from 2a not display shows up Figure 2d.

The communication system is set up in terms of the message flow described by the invention as described below extension as defined in [21].

First, therefore, the method described in [21] is carried out for establishing a TLS tunnel, wherein a unilateral authentication of the server computer 204 is performed at the client computer according to this embodiment to the mobile communication terminal two hundred and first The Nachrich- tenfluss substantially corresponds to that described in section 13.2 in [21].

After creation of the TLS tunnel, as is explained in more detail below, is an EAP / MD5 Challenge

Authentication, that is, in other words a unilateral authentication of the client computer, according to this embodiment of the mobile communication terminal 201 performed at the server computer 204th

As described in [21], the method begins with the access point node computer according to [21] det transmitted educational 202 Extensible Authentication Protocol-Request / Identity message 205 and to the mobile communication terminal two hundred and first

In response forms and the mobile communication terminal sends 201 an EAP Response / Identity

Message 206 to the access point node computer 202, which is a RADIUS forms on the receipt of this message 206 towards Access Request message 207 with the message parameters "XXX Data Cipher Suitet" and "EAP Response passthrough" and on the TTLS server computer 203 received.

forms on the reception of RADIUS Access-Request message 207 back and transmitted to the TTLS server computer 203 a RADIUS Access-Challenge message 208 with the parameters EAP Request / TTLS start to the access point node calculator 202nd

Upon receipt of the message 208 the Access Point is the node computer 202, a EAP-Request passthrough message 209 and sends it to the mobile communication terminal two hundred and first

After receiving the message 209, the mobile communication terminal 201 forms an EAP-Response / TTLS message 210 with the parameters "Client Hello" as Nutzdatenelement and sends this message 210 to the access point node calculator 202nd

The access point node calculator 202 in turn forms on receipt of the message 210 towards a RADIUS Access-Request message 211 with the parameters "EAP-Response pass through" as Nutzdatenelement and sends this message 211 to the TTLS server computer 203. After the TTLS server computer has received the RADIUS access Request message 211 203 and Nutzdatenelement EAP-response passthrough has evaluated the TTLS server computer 203 forms a RADIUS Aecess-challenge message 212 and sends it to the access point node calculator 202nd in the RADIUS Aecess-challenge message 212 are as Nutzdatenelemente, that is included as message parameters: "EAP-Request-TTLS", "server Hello", "Certificate", "ServerKeyEx- change" and "server Hello Done".

As shown in Figure 2b, the Access Point transmits node computer 202 to receipt of the message 212 through a formed by it EAP-Request passthrough Naehrieht 213 to the mobile communication terminal 201, which then a according to the procedure described in [21] The method EAP

Response / TTLS message 214 with the parameters "ClientKeyEx- change", "Change Cipher Spec", "Finished" as a message parameter and sends the message 214 to the Access Point node computer 202 which on receiving the message 214 towards a RADIUS Access-Request message 215 forms with the message parameter "EAP-response pass through", and this is sent to the server computer TTLS 203rd

The TTLS server computer 203 forms to receiving the demand Judges 215 towards a RADIUS Aecess-Challenge message 216 with the following message parameters: "EAP-Request / TTLS", "Change Cipher Spec", "Finished" and sends the message 216 to the access point node calculator 202, which forms the receipt of the message 216 towards an EAP-Request passthrough Naehrieht 217 and transmits it to the mobile communication terminal two hundred and first Having received the message 217 it forms in the reaction, the

Mobile communication terminal 201 an EAP Response / TTLS

Message 218 with the parameters "{EAP Response / Identity}" and "{XXX Data Cipher Suite +}" and sends the message 218 to the access point node computer 202nd

The access point node calculator 202 in turn forms on receipt of the message 218 towards a RADIUS Access-Request message 219 to the element "EAP-Response pass through". The message 219 is transmitted from the access point node calculator 202 to the TTLS server computer 203 which on receiving the message 219 towards a RADIUS Access-Request message 220 with the indication "EAP-response / Identity" as Nutzdatenelement and sends the message 220 to the AAA server computer 204 which on receipt of the message 220 reacts with the formation of a RADIUS Aecess-challenge message 221, which message as a parameter a "EAP-Request / MD5-challenge" indication includes (see. Figure 2c).

The message 221 is transmitted from the AAA server computer 204 to the TTLS server computer 203, which in turn is on receipt of the message 221 towards a RADIUS Aecess- Challenge message 222, which as the message elements, a "EAP-Request / TTLS "indication contains as well as further parameters" {EAP-Request / MD5 challenge} "and" {XXX-Data- cipher suite} ".

The message 222 is transmitted from the TTLS server computer 203 to the access point node calculator 202, which forms the receipt of the message 222 through a pass-through EAP-Request Naehrieht 223 and transmits to the mobile communication terminal. By the mobile communication terminal 201 is set to the

Receiving the message 223 towards an EAP-Response / TTLS message 224 formed with the indication ,, {EAP-Response / MD5-Challenge} "and transferred gene to the access point node calculator 202 that the reception of this message, a RADIUS Access-Request message 225 together with EAP-response pass through and transmitted to the server computer TTLS 203rd

Upon receipt of the message 225 towards the TTLS server computer 203 a RADIUS Access-Challenge Nachrieht forms 226 with the indication EAP-Response / MD5-Challenge, and transmits the message 226 to the AAA server computer 204th

The AAA server computer 204 forms to receiving the demand Judges 226 towards a RADIUS Access-Accept message 227 and sends it to the TTLS server computer 203 which on receiving the message 227 towards a more RADIUS Access- Accept message 228 forms with the following message parameters. "XXX Data Cipher Suite", "XXX-Data keying material", "EAP Success" message 228 is from the TTLS server computer 203 to the access point -Knotenrechner 202 transmitted which forms a EAP Success passthrough Naehrieht 229 to receipt of the message 228 back and transmitted to the mobile radio communication terminal 201 with which an overall genseitige authentication of the mobile

Communication terminal and the AAA server machine, that reaches the network.

In order to obtain communication configuration data übermit- telt the mobile communication terminal 201, a configuration tion request message as CP according to the DHCP protocol (CFG_REQUEST) as Nutzdatenelement within the range described in [21] protocol format in an EAP-Response / TTLS message 230 and transmits the message to the access point node calculator 202, which forms on the reception of the configuration request, again using the message format described in [21] a RADIUS access-request message 231st When news of parameters, the

Message 231 to an EAP-Response / TTLS pass through with an additional indication in accordance with the DHCP message element CP (CFG_REQUEST) (see. Figure 2d).

The information transmitted from the access point node calculator 202 to the TTLS server computer message 231 brings the TTLS server 203 to the configuration data available and the mobile communication terminal 201 provided in accordance with this embodiment, in particular one or more dy- namic (n) IP address (es) and transmits it using the key material in the framework of the authentication method, as described above, formed in a RADIUS Aecess-challenge message 232, which measure overall as a message parameter an EAP-Request / TTLS with the additional parameters to the DHCP Protocol "CP (CFG_REPLY)" and sends it to the access point node calculator 202nd

The access point node calculator 202 in turn determined from the message 232 in the payload CP configuration data (CFG_REPLY) contained, in particular the dynamic (n) IP address (es), which is provided for the mobile communication terminal are / and sends the configuration data in form of the DHCP message item "CP (CFG_REPLY)", packed in an EAP-response / TTLS message 233, to the mobile communication terminal two hundred and first

If the message 233 successfully to the mobile communication terminal 201 has been transferred, so this determines the configuration data from the message 233 and uses it as provided in the control program of the mobile communication terminal two hundred and first

thus occurs Clearly, the transfer of the mobile

Communication configuration data after completion of the authentication according to the method described in [21] EAP-based authentication method. In addition to the method described in [21] The method is a device of the computer according to [7] are provided to give the mobile radio communication terminal 201 as the client computer the ability to request the communi- cation configuration data by means of the CFG_REQUEST message and by means of the get CFG_REPLY message.

Except for the proprietary described in [7] message formats, the nomenclature and the device as well as the parameters of the conventional DHCP format corresponds as described for example in [3].

The transfer of the communication configuration data is thus cryptographically secured by the established TLS tunnel.

In the embodiment, the communication between the TTLS server computer 203 and the node, which provides the configuration data, such as a DHCP server or an LDAP server, not described in detail for the sake of a clearer illustration of the invention.

In an alternative embodiment, it is provided that the communication configuration data is transmitted immediately after completion of mutual authentication, for example, even within the EAP-Success message 229 to the mobile communication terminal two hundred and first

A third Ausführüngsbeispiel the invention is shown in a Naehrichtenflussdiagramm 300 in Figures 3a and 3b.

The EAP-based authentication method is formed in accordance with this embodiment according to the PANA procedure as described in [17].

According to the method described in [17] protocol is used by the PANA client computer 301, a PANA_Discover (0, 0) message is formed 303 and transmitted to the PAA server computer 302 which upon receiving the PANA_Discover (0, 0) message 303 back a response message PANA_start (x, 0) [a cookie] message 304 constitutes and the client computer 301 transmitted (see FIG. 3a).

The PANA-Client computer 301 forms to receiving the demand Judges 304 toward a PANA_start (x, y) [Cookie] message 305 and transmits it to the PAA server computer 302 which on receipt of the message 305 in the context of the EAP-based authentication process reacts with a first au- fikationsnachricht 306 PANA_auth (x + 1, y) [EAP Request {}], which is transmitted to the client computer three hundred and first

The client computer 301 forms on the receipt of the message 306 through a second authentication message 307 PANA_auth (y + l, x + l) [EAP Response {}]. The message 307 is transmitted to the PAA server computer 302nd

After receiving the message 307, a third authentication message from the PAA-server computer 302,308 PANA_auth (x + 2, y + l) [EAP {Request}] is formed and transmitted to the client computer 301, which in turn is on receipt of the message 308 toward a fourth authentication message

309 PANA_auth (y + 2, x + 2) [EAP Response {}] forms and transmitted to the PAA server computer, with which the security association

is established (PANA Security Association).

This procedure corresponds to that described in [17].

Subsequently, as also described in [17], from the PAA-server computer 302, a PANA-confirmation message 310 PANA_Success (x + 3, y + 2) [EAP {Success>, device ID, data protection, MAC] formed and transmitted to the client computer 301, which is preferably arranged as a mobile communication terminal (see FIG. 3b).

The client computer 301 is to receive the message

310 towards a PANA-Success-acknowledgment message 311 PANA_Success_ack (y + 3, x + 3) [Device id, data protection, CP (CFG_Request), MAC] and sends it to the PAA server computer 302, which in turn on receiving the message 311 towards a further PANA message 312 forms with the requested configuration data and transmitted to the client computer 301 as PANA_msg (x + 4, y + 3) [CP (CFG_Reply), MAC].

Clearly, the embodiment corresponds to the PANA protocol according to [17] with the extension that the payloads are extended to transport the address configuration messages in accordance with DHCP, alternatively according ModeConfig, according to the invention. In Figures 3a and 3b the payloads [7] was used as the configuration tionspayloads without limiting the generality, in turn, in accordance with.

The request and the response to the receipt of the communication configuration data is cryptographically protected by the MAC payload, which is realized by a Keyde-Message Digest function.

The required cryptographic keys and security parameters, ie, the cryptographic key material and security material provided by the PANA-Security Association (SA), as described by means of the EAP authentication as described above and set forth in [17] in detail, were pro- duces the.

In this document, the following publications are cited:

[1] N. Prigent et al, DHCPvδ threads, Internet Draft, May 2001.

[2] C. Schäfer, The DHCP Handbook, a guide to planning, implementation and administration of DHCP, Edison Wesley- Verlag, ISBN 3-8273-1904-8, pages 141-149, 2002;

[3] R, Droms, Dynamic Host Configuration Protocol, Request for Comments: 2131, March 1997;

[4] R. Droms et al. , Authentication for DHCP Messages, Request for Comments: 3118, June 2001;

[5] M. Richardson, A Method for Configuration for IPsec Clients Using DHCP, Internet-Draft February 2003;

[6] T. Kivinen, DHCP over IKE, Internet Draft, May 2003;

[7] D. Dukes, Configuration Payload, Internet Draft, July 2003;

[8] D. Dukes et al. , The ISAKMP Configuration Method, Inter- net-Draft, September 2001

[9] D. Harkins et al. , The Internet Key Exchange (IKE), Request for Comments: 2409, Nov. 1998;

[10] C. Kaufman, Internet Key Exchange (IKEv2) Protocol, Internet Draft, May 2003; [11] A. McAuley et al, Dynamic Registration and Configuration Protocol (DRCP), Internet Draft, January 2001.

[12] B. Mukherjee et al. , Extensions to DHCT for roaming U sers, Internet Draft, May 2001;

[13] S. Medvinsky et al. Kerberos V authentication mode for Uninitialized clients, Internet Draft, July 2000;

[14] V. Gupta, Flexible Authentication for DHCP messages, Internet-Draft February 2003;

[15] H. Tschofenig et al. EAP IKEv2 Method, Internet Draft, February 2004;

[16] L. Blunk et al. Extensible Authentication Protocol (EAP), Internet Draft, February 2004;

[17] D. Forsberg et al. , Protocol for Carrying Authentication for Network Access (PANA), Internet Draft, May 2004;

[18] M. Grayson et al. EAP authorization, Internet Draft, March 2003;

[19] T. Hiller et al, A container type for the Extensible Authentication Protocol (EAP), Internet Draft, May 2003.

[20] H. Andersson et al. , Protected EAP Protocol, Internet Draft, February 2002

[21] P. Funk, EAP tunneling TLS Authentication Protocol (EAP PTLS), Internet Draft, April 2004

Claims

claims
1. A method for forming in which, using at least one service of one unit of a link layer between a first communications unit and a second communication unit an Internet-based authentication process is carried out an encrypted message containing communication configuration data, • whereby the first communication unit and the second communication unit is formed at least one pair of cryptographic keys,
• in which using at least one cryptographic key of the at least one cryptographic key pair, the communication configuration data are encrypted by the first communication unit, with which the encrypted message is formed.
2. The method according to claim 1, wherein the Internet-based authentication method is based on an Extensible Authentication Protocol methods.
3. The method according to claim 1 or 2, wherein the communication configuration data using electronic messages in accordance with the Internet-based authentication method of the first communication unit to the second communication unit is transmitted.
4. The method according to any one of claims 1 to 3, wherein the communication configuration data using electronic messages according to any one of the following internet-based authentication method of the first communication unit to the second communication unit is transmitted: • Protected Extensible Authentication Protocol methods,
• Extensible Authentication Protocol Tunneled TLS Authentication Protocol methods, or • Protocol for Carrying Authentication for Network Access method.
5. The method according to any one of claims 1 to 4, wherein the first communication unit is a communication unit of a communication network element.
6. The method of claim 5, wherein the first communication unit is a communication unit of a communication network element in a mobile communication network.
7. A method according to any one of claims 1 to 6, wherein the second communication unit is a communication terminal.
8. The method of claim 7, wherein the second communication unit is a mobile communication terminal.
9. A method according to any one of claims 1 to 8, wherein the communication configuration data is encoded according to a protocol format of a protocol for configuring a communication terminal.
10. The method according to claim 9, wherein the communication configuration data is encoded according to a protocol format of a protocol for dynamically configuring a communication terminal.
11. The method according to claim 10, wherein the communication configuration data is encoded according to a protocol format of a Dynamic Host Configuration Protocol for dynamically configuring a communication terminal.
12. A method for decrypting an encrypted message containing communication configuration data,
• in which an Internet-based authentication method whereby at least a pair of cryptographic keys is formed for the first communication unit and the second communication unit is performed using at least one service of one unit of a link layer between a first communications unit and a second communication unit, • in which, using at least one cryptographic key of the at least one cryptographic key pair communication configuration information of the second communication unit by decrypting the encrypted message which contains the communication configuration data can be determined.
13, means for forming an encrypted message, said encrypted message communication comprising configuration data, • a key generating unit which is set up, an Internet using at least one service of one unit of a link layer between a first communications unit and a second communication unit perform based authentication method, whereby a pair of cryptographic keys is formed for the first communication unit and the second communication unit at least,
• with an encryption unit that is configured to encrypt the using at least one cryptographic key at least a cryptographic key pair, the communication configuration data, whereby the encrypted message is formed.
14, means for decrypting an encrypted message, said encrypted message communication comprising configuration data, • a key generating unit which is set up, using at least one service of one unit of a link layer between a first communications unit and a second communication unit a perform internet-based authentication method, whereby a pair of cryptographic keys is formed for the first communication unit and the second communication unit at least,
• with a decoding unit, which is designed using at least one cryptographic key to decrypt the at least one cryptographic key pair communication configuration information of the second communication unit by decrypting the encrypted message which contains the communication configuration data.
EP04766057A 2003-06-18 2004-06-17 Method and device for forming and encrypting an encrypted message containing communication configuration data Withdrawn EP1634425A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
DE10327610 2003-06-18
PCT/EP2004/051153 WO2005004433A1 (en) 2003-06-18 2004-06-17 Method and device for forming and encrypting an encrypted message containing communication configuration data

Publications (1)

Publication Number Publication Date
EP1634425A1 true EP1634425A1 (en) 2006-03-15

Family

ID=33559730

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04766057A Withdrawn EP1634425A1 (en) 2003-06-18 2004-06-17 Method and device for forming and encrypting an encrypted message containing communication configuration data

Country Status (3)

Country Link
US (1) US20070101132A1 (en)
EP (1) EP1634425A1 (en)
WO (1) WO2005004433A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005104500A1 (en) * 2004-04-23 2005-11-03 Telefonaktiebolaget Lm Ericsson (Publ) Aaa support for dhcp
US20060002557A1 (en) * 2004-07-01 2006-01-05 Lila Madour Domain name system (DNS) IP address distribution in a telecommunications network using the protocol for carrying authentication for network access (PANA)
KR100651716B1 (en) * 2004-10-11 2006-12-01 한국전자통신연구원 Bootstrapping method in mobile network based on Diameter protocol and system therein
US8539559B2 (en) 2006-11-27 2013-09-17 Futurewei Technologies, Inc. System for using an authorization token to separate authentication and authorization services
US8099597B2 (en) 2007-01-09 2012-01-17 Futurewei Technologies, Inc. Service authorization for distributed authentication and authorization servers
CN101247356B (en) * 2007-02-13 2011-02-16 华为技术有限公司 DHCP message passing method and system
US8285990B2 (en) * 2007-05-14 2012-10-09 Future Wei Technologies, Inc. Method and system for authentication confirmation using extensible authentication protocol
US8341702B2 (en) * 2007-11-01 2012-12-25 Bridgewater Systems Corp. Methods for authenticating and authorizing a mobile device using tunneled extensible authentication protocol
CN101917398A (en) * 2010-06-28 2010-12-15 北京星网锐捷网络技术有限公司 Method and equipment for controlling client access authority
US10225138B2 (en) * 2016-02-16 2019-03-05 Architecture Technology Corporation Scalable and automated network-parameter assignment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5790548A (en) * 1996-04-18 1998-08-04 Bell Atlantic Network Services, Inc. Universal access multimedia data network
US20020174335A1 (en) * 2001-03-30 2002-11-21 Junbiao Zhang IP-based AAA scheme for wireless LAN virtual operators
US20030084287A1 (en) * 2001-10-25 2003-05-01 Wang Huayan A. System and method for upper layer roaming authentication
AU2003265434A1 (en) * 2002-08-12 2004-02-25 Wireless Security Corporation Fine grained access control for wireless networks
US7961884B2 (en) * 2002-08-13 2011-06-14 Ipass Inc. Method and system for changing security information in a computer network
US7673146B2 (en) * 2003-06-05 2010-03-02 Mcafee, Inc. Methods and systems of remote authentication for computer networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005004433A1 *

Also Published As

Publication number Publication date
WO2005004433A1 (en) 2005-01-13
US20070101132A1 (en) 2007-05-03

Similar Documents

Publication Publication Date Title
Zorn et al. Diameter extensible authentication protocol (EAP) application
US7190793B2 (en) Key generation in a communication system
JP4194046B2 (en) SIM-based authentication and encryption system, apparatus and method for wireless local area network access
US7213263B2 (en) System and method for secure network mobility
AU2011201655B2 (en) Security Authentication and Key Management Within an Infrastructure-Based Wireless Multi-Hop Network
US7760710B2 (en) Rogue access point detection
CA2413944C (en) A zero-configuration secure mobility networking technique with web-base authentication method for large wlan networks
EP1500223B1 (en) Transitive authentication authorization accounting in interworking between access networks
US7107620B2 (en) Authentication in a packet data network
US8861730B2 (en) Arranging data ciphering in a wireless telecommunication system
US7760882B2 (en) Systems and methods for mutual authentication of network nodes
AU2004306553B2 (en) Apparatuses and method for authentication in heterogeneuous IP networks
CN100525300C (en) Communication between a private network and a roaming mobile terminal
US9350708B2 (en) System and method for providing secured access to services
EP1709547B1 (en) Serving network selection and multihoming using ip access network
US7188253B2 (en) Wireless authentication protocol
Congdon et al. IEEE 802.1 X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines.
US8127136B2 (en) Method for security association negotiation with extensible authentication protocol in wireless portable internet system
EP2052487B1 (en) Method and arrangement for providing a wireless mesh network
DE102006038591B4 (en) Method and device for providing a wireless mesh network
US7155526B2 (en) Method and system for transparently and securely interconnecting a WLAN radio access network into a GPRS/GSM core network
EP1529374B1 (en) Method and system for gsm authentication during wlan roaming
US20070248085A1 (en) Method and apparatus for managing hardware address resolution
US20030031151A1 (en) System and method for secure roaming in wireless local area networks
EP1422875B1 (en) Wireless network handoff key

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20051111

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (to any country) (deleted)
RIN1 Information on inventor provided before grant (corrected)

Inventor name: CUELLAR, JORGE

Inventor name: TSCHOFENIG, HANNES

RAP1 Rights of an application transferred

Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG

RAP3 Applicant data changed

Owner name: NOKIA SIEMENS NETWORKS S.P.A.

RAP3 Applicant data changed

Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG

17Q First examination report despatched

Effective date: 20080128

18D Application deemed to be withdrawn

Effective date: 20080610