JP2009522828A6 - Method and apparatus for refreshing keys within a bootstrapping architecture - Google Patents

Abstract

  An approach is provided for refreshing keys within a communication system. Application requests are transmitted to network elements configured to provide secure services. In response to the application request, a message is received indicating a refresh of the key used to provide secure communication with the network element. A refreshed key is derived based on the received message.

Description

  The present invention relates to communication, and more particularly to providing an authentication service within a communication system.

  Wireless communication systems such as cellular systems (eg, spread spectrum systems (eg, code division multiple access (CDMA) networks) or time division multiple access (TDMA) networks) allow users the convenience of mobility along with a rich service and feature set. To provide. Because of this convenience, a growing number of consumers are adopting it as a recognized communication format for business and personal use. To encourage more adoption, the telecommunications industry, from manufacturers to service providers, agrees at great expense and effort to develop standards for communication protocols that underlie various services and features. I have done it. One major area of this research effort involves key provisioning for authentication and establishing secure communications. Unfortunately, this feature is not effectively supported by current protocols.

  Thus, to facilitate bootstrapping between network elements (or devices) without the need for network elements to utilize communication protocols, thus providing key provisioning to avoid hardware upgrades / modifications There is a need for an approach.

  These and other needs are addressed by the present invention which presents one approach to more effectively support key provisioning within the bootstrapping architecture.

  These and other needs are addressed by the present invention that presents an approach for refreshing session keys within a communications network to provide secure communications.

  According to one aspect of an embodiment of the present invention, the method comprises transmitting an application request to a network element configured to provide authentication and secure services. The method also includes receiving a message indicating a refresh of the key used to provide secure communication with the network element in response to the application request. The method further comprises deriving a refreshed key based on the received message.

  According to another aspect of an embodiment of the present invention, the method includes generating a random number corresponding to the refreshed key. The method similarly includes transmitting an application request to a network element configured to provide authentication and secure services, wherein the application request specifies a transaction identifier, a random number, and an application protocol message. Also equipped. The network element is further configured to forward the authentication request to a bootstrapping network element configured to provide a bootstrapping function. The authentication request specifies a transaction identifier, a random number, and a domain name associated with the network element. The bootstrapping network element further retrieves a bootstrapping key based on the transaction identifier, generates a fresh session key based on the bootstrapping key and a random number, and a refreshed key retrieved, a fresh session generated An authentication response is generated that includes a lifetime parameter associated with the key and a user profile. Further, the method comprises receiving from the network element an application answer indicating successful authentication.

  According to another aspect of an embodiment of the present invention, the method includes generating a first random number and transmitting an application request to a network element configured to provide a secure service. Is provided. This application request specifies a transaction identifier, a random number, and an application protocol message. The network element is further configured to select a second random number. The method also includes receiving an application answer identifying a second random number from the network element. The method further comprises deriving a fresh session key based on the bootstrapping key, the first random number and the second random number, wherein the fresh session key provides secure communication with the network element. Used to do.

  According to another aspect of an embodiment of the present invention, an apparatus includes a processor configured to generate an application request for transmission to a network element configured to provide secure services. ing. The processor is further configured to receive a message indicating a refresh of a key used to provide secure communication with a network element in response to an application request. The processor is further configured to derive a refreshed key based on the received message.

  According to another aspect of an embodiment of the present invention, the apparatus comprises a processor configured to generate a random number. The apparatus also includes a transceiver configured to transmit application requests to network elements configured to provide secure services. This application request specifies a transaction identifier, a random number, and an application protocol message. The network element is further configured to forward the authentication request to a bootstrapping network element configured to provide a bootstrapping function. The authentication request specifies a transaction identifier, a random number, and a domain name associated with the network element. The bootstrapping network element further searches for a bootstrapping key based on the transaction identifier, generates a fresh session key based on the bootstrapping key and a random number, and is associated with the generated fresh session key and fresh session key. The authentication response including the lifetime parameter and the user profile is generated. The transceiver is further configured to receive an application answer from the network element indicating successful authentication.

  According to another aspect of an embodiment of the present invention, the apparatus comprises a processor configured to generate a first random number. The apparatus also includes a transceiver coupled to the processor and configured to transmit an application request for the network element, the application request specifying a transaction identifier, a random number, and an application protocol message. The network element is further configured to select a second random number. The transceiver is further configured to receive an application answer identifying a second random number from the network element. The processor is further configured to derive a fresh session key based on the bootstrapping key, the first random number, and the second random number, wherein the fresh session key provides secure communication with the network element. Has been used to provide.

  According to another aspect of an embodiment of the present invention, the method comprises receiving an application request from a user equipment. This request specifies a transaction identifier. The method also includes determining based on the received transaction identifier whether the user equipment is indicating that a new bootstrapping has been performed or whether the user equipment is about to refresh the session key. The method further comprises refreshing the session key based on this determination or using a new bootstrapping key material associated with the new bootstrapping.

  According to another aspect of an embodiment of the present invention, the system comprises means for receiving an application request from the user equipment. This request specifies a transaction identifier. The system also provides a means for determining based on the received transaction identifier whether the user equipment is indicating that a new bootstrapping has been performed or whether the user equipment is about to refresh the session key. Is also provided. Further, the system comprises means for refreshing the session key based on this determination or using a new bootstrapping key material associated with the new bootstrapping.

  Still other aspects, features and advantages of the present invention are described in the following detailed description, merely by way of illustration of certain specific embodiments and implementations, including the best mode contemplated for carrying out the invention. Will be readily apparent. The invention is likewise capable of other different embodiments, and its several details can be modified from various obvious aspects, all without departing from the spirit and scope of the invention. Accordingly, the drawings and description are to be regarded as illustrative in nature and not restrictive.

  The invention is illustrated by way of example in a non-limiting sense in the figures of the accompanying drawings in which like numerals refer to like elements.

  This application is related to US Provisional Application No. 60/720, dated September 26, 2005, entitled “Method and Apparatus for Refreshing Keys in Bootstrapping Architecture”, which is incorporated herein by reference in its entirety. 445 35U. S. C. Claiming the benefit of the earlier filing date under §119 (e).

  An apparatus, method and software for refreshing keys utilizing a general purpose bootstrapping architecture is disclosed. In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the invention. However, it will be apparent to those skilled in the art that embodiments of the invention may be practiced without these specific details or with equivalent arrangements. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring embodiments of the present invention.

  Further, although embodiments of the present invention are discussed with respect to spread spectrum systems, those skilled in the art will recognize that embodiments of the present invention are applicable to all types of wireless communication systems as well as wired networks. . Further, the protocols and processes described herein are not limited to mobile and / or wireless devices, but can be any fixed (or non-mobile) communication device (eg, desktop computer, network appliance, etc.) or network element or node. It is thought that it can be implemented by.

  Various embodiments of the present invention relate to key refresh mechanisms within spread spectrum networks such as 3GPP (Universal Mobile Telecommunication System (UMTS)) and 3GPP2 (cdma2000). The invention according to one embodiment is based on a third generation partnership project (3GPP2) general purpose bootstrapping architecture (GBA) functionality in a code division multiple access (CDMA) EV-DO (Evolution Data Only) network. Procedures are provided for cdma2000 IP data connectivity and mobility support in the network. As an example, a typical bootstrapping procedure is described in 3GPPTS 33.220, 3GPPTS 24.109 and 3GPP2S. It is defined in PO109.

  In accordance with various exemplary embodiments, although the key provisioning approach is discussed in the context of a wireless network environment, it can be applied to the interaction between CDMA2000 and WiMax (Global Interoperability for Microwave Access) or 3GPP networks. It can also be applied to other environments such as interaction between WLANIW or WiMax access.

  FIG. 1 is a diagram illustrating an exemplary bootstrapping architecture with the ability to provide key refresh, according to various embodiments of the present invention. For illustration purposes, the bootstrapping architecture 100 has been described in connection with a general purpose bootstrapping architecture (GBA) in 3GPP2 (3rd Generation Partnership Project 2). GBA is one component of the General Authentication Architecture (GAA) defined in 3GPP / 3GPP2 (3rd Generation Partnership Project / 3rd Generation Partnership Project 2). Basic elements include a UE (User Equipment) 101, a bootstrapping server function (BSF) 103 responsible for bootstrapping, and a network application function (NAF) 105. In an exemplary embodiment, NAF 105 may be hosted in any type of network element such as a server. Therefore, the NAF 105 can serve as an application server with which the UE 101 communicates using the derived security key. As used herein, the term “application” (in accordance with various embodiments) refers to a communication service and is not limited to an actual instance of an application within the application server.

  The BSF 103 processes the subscriber's bootstrapping information after the bootstrapping procedure within the system 100. The bootstrapping procedure creates a security association between UE 101 and BSF 103. Using the stored user bootstrapping information and security associations, the BSF 103 can provide secure services for network application functions (eg, NAF 105) contacted by the UE 101. As used herein, “secure service” involves providing a service in a secure manner. Bootstrapping can be performed between the UE 101 and the BSF 103 based on, for example, a long-term shared secret maintained between the UE 101 and the network. After bootstrapping is complete, the UE 101 and NAF 105 run some application specific protocol that will authenticate the message or generally its security will be based on the session key derived from the key agreed during bootstrapping. be able to. Message security includes, but is not limited to, authentication, authorization, confidentiality and integrity protection.

  The BSF 103 and the UE 101 mutually authenticate and agree on a key used to derive a session key for later use between the UE 101 and the NAF 105. The BSF 103 can limit the applicability of key material to a specific NAF (eg, NAF 105) by using a key derivation procedure. In an exemplary embodiment, after the bootstrapping procedure, both UE 101 and BSF 103 have agreed on key material (Ks), bootstrapping transaction identifier (B-ITD), key material lifetime and other parameters. , Key material corresponding to NAF 105 (denoted as “Ks_NAF”) and B-TID are used in Ua interface to mutually authenticate and optionally protect the traffic between UE 101 and NAF 105 Can be done. The terms “mobile station (MS)”, “user equipment (UE)”, “user terminal” and “mobile node (MN)” are interchangeable depending on the situation to represent any type of client device or terminal. in use. For example, the 3GPP standard uses the term UE and the 3GPP standard employs MS, while the MN is used in Internet Protocol (IP) related situations. For example, UE 101 may be a mobile communication device or a mobile phone or other wireless device. UE 101 may also be a device such as a personal digital assistant (PDA) with transceiver capability or a personal computer with transceiver capability. The UE 101 transmits and receives using a wireless communication transceiver to communicate with the BSF 103. The BSF 103 transmits / receives data to / from the home location register 109.

  As shown, a certain number of reference points Ub, Ua, Zh1, Zh2, Zh3 and Zn are defined to support the bootstrapping system 100. The reference point Ub provides mutual authentication between the UE 101 and the BSF 103 and enables the UE 101 to bootstrap the key material Ks. The Ua interface carries an application protocol that is secured by key material derived from the agreed key material Ks between UE 101 and BSF 103. The Zh1, Zh2, and Zh3 reference points use the requested authentication information and user security settings, BSF 103 and Home Subscriber System (HSS) 107 (where authentication and key agreement (AKA) are used in bootstrapping) ), Home Location Register (HLR) 109 (which can be bootstrapped using CAVE (cellular authentication and voice encryption) algorithm here), and Authentication, Authorization and Accounting (AAA) server 111 (here bootstrapping) Is used for the purpose of exchanging with the MN-AAA key. The Zn interface allows the NAF 105 to fetch the derived key material and application specific user security settings from the BSF 103.

  The GBA operation, according to an exemplary embodiment, is as follows. A bootstrapping procedure is performed between the UE 101 and the BSF 103 (in the home network). During bootstrapping, mutual authentication is performed between the MS 101 and the network based on the long-term shared secret between the MS 101 and the home network. For example, in 3GPP2, this long-term shared secret may be stored in HSS 107, HLR 109, and AAA server 111. In 3GPP, bootstrapping is based on either AKA or subscriber identity module (SIM) authentication. As a result of the bootstrapping procedure, a bootstrapping key Ks is generated by both the MS 101 and the BSF 103. Ks is also associated with a bootstrapping transaction identifier (B-TID) and a lifetime that provides a value for the expiration or duration of the key Ks.

  As the next step, the MS 101 indicates to the application function in the network called NAF 105 that the GBA can be used to provide a shared secret for the application. Alternatively, NAF 105 can indicate to MS 101 that GBA is to be used. Thereafter, the NAF 105 retrieves Ks_NAF from the BSF 103. At the same time, the MS derives the same Ks_NAF. Ks_NAF is then used as a shared secret between MS 101 and NAF 105 for any further security operations. To add security, the keys are refreshed periodically or as desired.

  The process of refreshing keys within system 100 will now be described.

  2A and 2B are flowcharts of a key refresh process according to various embodiments of the invention. As shown in FIG. 2A, the general process for refreshing a key involves determining whether the key requires refreshing, as in step 201. Next, through step 203, the bootstrapping architecture of system 100 is utilized to refresh the key without performing a new bootstrapping procedure. For example, in 3GPP2GBA, this NAF key refresh mechanism allows the NAF key to be refreshed without having to perform a new bootstrapping. Starting a new bootstrapping procedure is costly in terms of computation, air interface and other resources in both the UE 101 and the network. It is therefore important to determine when the process should bootstrap and refresh (this is described with respect to FIG. 2B).

  It has been recognized that the Ua protocol can be modified to provide an indication or identifier that instructs the MN 101 about the process to be performed (ie, performs a key refresh mechanism or performs a new bootstrap). However, under certain circumstances, the Ua protocol may not support such indications, and it may not be desirable to modify the protocol.

  The following procedure advantageously avoids protocol modifications, but addresses ambiguities within conventional approaches (eg, current GBA specifications). The MN 101 needs a valid Ks before contacting the NAF (eg, NAF 105). If there is no valid Ks, the MN 101 performs a new bootstrapping procedure before contacting the NAF 105. In this example, it is assumed that NAF 105 supports a key refresh mechanism, which is an option for MN 101.

  In step 211, the NAF 105 receives an application request from the MN 101. If the NAF 105 rejects the request from the MN 101 (including credentials), the MN 101 refreshes its key, assuming that the refresh mechanism is supported by the MN 101. Otherwise, the MN 101 performs bootstrapping. The NAF 105, in the exemplary embodiment, indicates that the MN 101 has indicated that a new bootstrapping has been performed based on a transaction identifier such as B-TID or that the MN 101 has a transaction such as B-TID. Based on the identifier, it can be determined whether the key is to be refreshed (step 213). If the B-TID is the same as that used in the preceding transaction as determined in step 215 (ie, matched), the MN 101 performs a refresh (step 217). Otherwise, a new bootstrapping procedure was performed (step 219).

FIG. 3 is a diagram of a conventional bootstrapping procedure for refreshing a session key. This approach is based on the 3GPP2 specification S.P. Following the NAF key refresh mechanism described in PO109, it will be described for purposes of comparison with the refresh mechanism shown in detail in FIGS. In the scenario of FIG. 3, UE 101 is aware from the beginning that the security material derived by GBA needs to refresh the NAF key (Ks_NAF), which will be used to secure the Ua interface. It is assumed that In step 301, the UE 101 sends an application request to the NAF 105. The request does not necessarily have to be provided explicitly, such as a transaction identifier (eg, bootstrapping transaction identifier, B-TID), an application protocol message (denoted “msg”), a message authentication code (MAC), A UE nonce (RAND _UE ) which is a random number provided by the UE 101 is included. “Msg” represents an application specific data set. The MAC is a predetermined value used to authenticate a specific message.

Next, the _NAF 105 selects a random number called RAND _NAF . At this time, the NAF 105 sends an authentication request to the BSF 103 as in step 303. The request includes B-TID, RAND _UE , RAND _NAF , and NAF_Id, which is the fully qualified domain name (FQDN) of _NAF 105. The BSF 103 searches for Ks based on the received B-TID. The BSF 103 then derives a new Ks_NAF from Ks, RAND _UE , RAND _NAF , NAF_Id and possibly other information. The BSF 103 returns the Ks_NAF along with its lifetime, and possibly the user profile, to the NAF 105 in step 305 in the authentication reply message. “Prof” indicates an application specific part (or part) of the user profile. As in step 307, the NAF 105 stores Ks_NAF, its associated lifetime, and user profile, and sends a RAND _NAF to the UE 101 in the application reply message (step 309). It is pointed out that the UE 101 can calculate the refreshed Ks_NAF only at this point when the UE 101 finally receives the RAND _NAF .

  Unfortunately, the above conventional NAF key refresh mechanism involves both a nonce from UE 101 and a nonce from NAF 105, and UE 101 must send this nonce first. Because of this inflexibility, UE 101 and NAF 105 may have to exchange a large number of messages before the NAF key can be refreshed, which not only wastes valuable radio resources, but also Introduce a large delay. In addition, the nonce must be sent within the existing Ua protocol. However, not all Ua protocols support nonce transport in both directions.

  It is pointed out that the current GBA standard is ambiguous with respect to detecting the refresh or restart of the bootstrapping process. In particular, the NAF 105 has the ability to request the UE 101 to perform a new bootstrapping. For Ua protocols that do not support explicit indications, UE 101 will not know when to refresh or when to bootstrap again. The approach according to one embodiment of the present invention eliminates this ambiguity.

  Various embodiments of the present invention provide multiple NAF key refresh mechanisms that are simplified compared to the conventional mechanism of FIG. Furthermore, this approach advantageously provides a mechanism for refreshing keys with minimal modifications to existing protocols on the Ua interface.

  4-7 illustrate various embodiments for implementing the NAF key refresh mechanism.

FIG. 4 is a diagram illustrating a procedure for refreshing a session key by using two nonces according to an embodiment of the present invention. In this embodiment, two nonces are utilized, where the NAF 105 can send one nonce first. That is, both RAND _UE and RAND _NAF are used, but _NAF 105 is allowed to send its nonce first, thus UE 101 will be able to derive refreshed Ks_NAF 105 sooner. This operation is described as follows.

In step 401, UE 101 sends an application request with a B-TID and an application protocol message (denoted as “msg” in the figure). The NAF 105 sends an application answer through step 403 with an indication that Ks_NAF should be refreshed (which may be implicit). The NAF 105 also includes its own nonce RAND _NAF “proactively” as well. The NAF 105 may also include an authentication challenge.

Next, the UE 101 selects its own random number RAND _UE . At this point, the UE 101 can derive the refreshed Ks_NAF 105. The UE 101 sends an application request with credentials based on the Ks_NAF 105 that has been refreshed in some cases (step 405). The request also includes a B-TID, an application protocol message, and a RAND _UE . In step 407, the NAF 105 then sends an authentication request to the BSF 103. The request includes B-TID, RAND _UE , RAND _NAF and NAF_Id. NAF_Id is the fully qualified domain name of NAF105.

Thereafter, the BSF 103 searches for Ks based on the received B-TID. The BSF 103 then derives a new Ks_NAF from Ks, RAND _UE , RAND _NAF , NAF_Id and possibly other information. The BSF 103 forwards Ks_NAF along with its lifetime and optionally the user profile to the NAF 105 in step 409 in the authentication reply message. As described above, “Prof” represents the application specific part or part of the user profile.

In step 411, the NAF 105 stores Ks_NAF, its associated lifetime and user profile. At this point, the NAF 105 can verify the credentials sent by the UE 101 (within step 405) using Ks_NAF. If successful, the UE 101 is authenticated and the application answer is sent back to the UE 101. By allowing the _NAF 105 or its RAND _NAF to be sent first, the Ks_NAF is available at the UE 101 earlier than the conventional approach.

In the above approach of FIG. 4, two nonces are used to efficiently provide key refresh. Alternatively, only a single nonce (either RAND _UE or RAND _NAF , but not both) can be used to refresh the session key. Thus, there are two cases: (1) RAND _UE (shown in FIG. 5) and (2) RAND _NAF (shown in FIG. 6).

FIG. 5 is a diagram illustrating a procedure for refreshing a session key by using a network application random number according to an embodiment of the present invention. This case may apply if the UE 101 does not know that Ks_NAF needs to be refreshed before contacting the NAF 105. As shown, UE 101 sends an application request with a B-TID and an application protocol message (denoted “mdg”) as in step 501. In step 503, NAF 105 sends an application answer with an indication that Ks_NAF should be refreshed (which may not be explicitly stated). NAF 105 also includes its own nonce RAND _NAF “aggressively”. The NAF 105 may also include an authentication challenge (not shown).

At this point, UE 101 can derive the refreshed Ks_NAF 105 from Ks, RAND _NAF , NAF_Id and possibly other information, but not from the RAND _UE . Thus, UE 101 may include credentials that are based on a newly refreshed Ks_NAF (not shown). UE 101 sends a new application request through step 505. The request also includes a B-TID and an application protocol message.

In step 507, the NAF 105 sends an authentication request to the BSF 103. In one example, the request includes B-TID, RAND _NAF, and NAF_Id (the fully qualified domain name of _NAF 105). The BSF 103 searches for Ks based on the received B-TID. The BSF 103 then derives a new Ks_NAF from Ks, RAND _NAF and NAF_Id. In addition to these parameters, the derivation can also be based on other information. The BSF 103 specifies the Ks_NAF, the accompanying lifetime, and the user profile (optional) in the authentication reply message for transmission to the NAF 105 (step 509).

  As in step 511, the NAF 105 stores Ks_NAF, its associated lifetime and user profile. At this point, the NAF 105 can confirm the credentials sent by the UE 101 in step 505 using Ks_NAF. If successful, the UE 101 is authenticated and an application answer is issued to the UE 101.

FIG. 6 is a diagram illustrating a procedure for refreshing a session key by utilizing a random number (eg, RAND _UE ) of a user equipment according to an embodiment of the present invention. This case may be true if UE 101 knows that it needs to refresh Ks_NAF when it contacts NAF 105. In step 601, UE 101 sends an application request with B-TID, RAND _UE and application protocol message. Basically, UE 101 wants to refresh the Ks_NAF key very first. As a result, the UE 101 is already ready to use the refreshed Ks_NAF and may therefore include credentials based on the refreshed Ks_NAF (not shown).

In step 603, the NAF 105 sends an authentication request to the BSF 103. The request includes B-TID, RAND _UE, and NAF_Id. The BSF 103 retrieves Ks based on the received B-TID, and then derives a new Ks_NAF from Ks, RAND _UE , NAF_Id and possibly other information. The BSF 103 transmits to the NAF 105 the user profile, Ks_NAF and its lifetime in one authentication reply message (step 605).

  In step 607, NAF 105 records Ks_NAF, the associated lifetime and user profile. The NAF 105 can confirm the credentials sent by the UE 101 in step 601 using Ks_NAF. If successful, the UE 101 is authenticated and an application answer is sent back to the UE 101 through step 609.

It is noted that for a given Ks and NAF 105, the same RAND _UE will result in the same Ks_NAF. Thus, it may be desirable for UE 101 not to use the same RAND _UE more than once over the lifetime of a particular 1 Ks. In some embodiments, the NAF 105 can maintain a list of RAND _UEs previously used by the UE 101 such that a particular B-TID monitors usage to avoid double usage.

  FIG. 7 is a diagram illustrating a procedure for refreshing a session key without involving the bootstrapping server function (BSF) according to an embodiment of the present invention. As shown in FIG. 7, the application key can be refreshed without even the BSF involved. This is achieved by introducing an additional level of key derivation, thus deriving the session key SK, which is the key actually used by the application, using the initial Ks_NAF as a seed. This process is described below.

  Steps 701 to 709 are similar to steps 301 to 309 in FIG. That is, these steps 701 to 709 capture a basic bootstrapping usage procedure without key refresh as currently specified in the 3GPP / 3GPP2GBA specification. At the end of step 407, both UE 101 and NAF 105 have the same Ks_NAF. That is, the UE 101 can derive Ks_NAF as in step 711. Under the approach of FIG. 7, this Ks_NAF is used as a seed to derive further session keys to be used between UE 101 and NAF 105.

If an application session has to be set up, UE 101 sends an application request to NAF 105 (step 713), which may include B-TID, protocol message, MAC and RAND _UE . Upon receiving the application request, the NAF 105 determines that Ks_NAF exists. The _NAF 105 selects RAND _NAF and derives a fresh session key SK based on Ks_NAF, RAND _UE , RAND _NAF and possibly other information (step 715). The NAF 105 transfers the RAND _NAF in the application answer to the UE 101 (Step 717).

  At this stage, the UE 101 also derives a session key SK in a manner similar to that of the NAF 105, as in step 719. From this point on, the SK can be used to establish a secure session between the UE 101 and the NAF 105. It is pointed out that the BSF 103 is not involved in this SK generation process. This approach has the additional advantage of reducing the workload of the BSF 103.

For each new session, a new SK can be generated by repeating steps 713 and 717. It is pointed out that although both RAND _UE and RAND _NAF are used in the above description, it is also possible to use a single nonce (as described above).

  By leveraging the authentication infrastructure of 3GPP and 3GPP2 networks, the general purpose bootstrapping architecture (GBA) enables shared secret bootstrapping between the UE 101 and the home network (BSF 103), which is then used to It has been recognized that additional shared secrets to be used between UE 101 and NAF 105 can be derived.

  One of ordinary skill in the art would understand the process for refreshing the key by software, hardware (eg, general purpose processor, digital signal processing (DSP) chip, application specific integrated circuit (ASTC), field programmable gate array (FPGA), etc.). It will be appreciated that it can be implemented through firmware or a combination thereof. Such exemplary hardware for performing the described functions is detailed below with respect to FIG.

  FIG. 8 illustrates exemplary hardware upon which various embodiments of the present invention may be implemented. The computing system 800 includes a bus 801 or other communication mechanism for communicating information, and a processor 803 coupled to the bus 801 for information processing. Computing system 800 also includes a main memory 805 such as a random access memory (RAM) or other dynamic storage device coupled to bus 801 for storing instructions and information to be executed by processor 803. ing. Main memory 805 can also be used to store temporary numeric variables or other intermediate information during execution of instructions by processor 803. Computing system 800 may also include a read only memory (ROM) 807 or other static storage device coupled to bus 801 for storing instructions and static information for processor 803. A storage device 809, such as a magnetic disk or optical disk, is coupled to the bus 801 for permanently storing information and instructions.

  The computing system 800 can be coupled via a bus 801 to a display 811 such as a liquid crystal display or an active matrix display for displaying information to the user. An input device 813, such as a keyboard containing alphanumeric characters and other keys, can be coupled to the bus 801 for the purpose of communicating information and command selections to the processor 803. Input device 813 may include a cursor control mechanism, such as a mouse, trackball or cursor direction key, to communicate direction information and command selection to processor 803 and to control cursor movement on display 811.

  In accordance with various embodiments of the invention, the processes described herein may be provided by computing system 800 in response to processor 803 executing an arrangement of instructions stored in main memory 805. Such instructions may be read into main memory 805 from another computer readable medium, such as storage device 809. Execution of the arrangement of instructions stored in main memory 805 causes processor 803 to perform the process steps described in this document. It is also possible to execute instructions stored in main memory 805 using one or more processors in a multiprocessing arrangement. In a variant, a wiring circuit can be used in place of or in combination with software instructions to implement embodiments of the present invention. In another example, reconfigurable hardware such as a field programmable gate array (FPGA) can be used, where the logic gate functionality and topology is typically a memory lookup. It can be customized at runtime by programming the table. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.

  Computing system 800 also includes at least one communication interface 815 coupled to bus 801. Communication interface 815 provides a two-way data communication coupling to a network link (not shown). Communication interface 815 sends and receives electrical, electromagnetic or optical communications that carry digital data streams representing various types of information. Further, the communication interface 815 may include peripheral interface devices such as a universal serial path (USB) interface, a PCMCIA (Personal Computer Memory Card International Association) interface, and the like.

  The processor 803 may execute the transmitted code during reception and / or store the code in a storage device 809 or other non-volatile storage for later execution. In this way, computing system 800 can obtain application code in the form of a carrier wave.

  The term “computer-readable medium” as used herein refers to any medium that participates in providing instructions to processor 803 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, an optical disk or a magnetic disk such as a storage device 809. Volatile media includes dynamic memory, such as main memory. The transmission medium includes a coaxial cable including a wire including the bus 801, a copper wire, and an optical fiber. Transmission media can also take the form of acoustic, light, or electromagnetic waves, such as those generated during radio frequency (RF) and infrared (IR) data communications. As a general form of the computer readable medium, for example, a floppy (registered trademark) disk, a flexible disk, a hard disk, a magnetic tape, any other magnetic medium, CD-ROM, CDRW, DVD, any other optical medium, punch Cards, paper tapes, optical mark sheets, holes or other physical media with patterns of optically recognizable indexes, RAM, PROM and EPROM, flash EPROM, any other memory chip or cartridge, carrier wave or computer Any other media that can be read is included.

  Providing instructions to the processor for execution may involve various forms of computer readable media. For example, instructions for implementing at least a portion of the present invention may initially be carried on a magnetic disk of a remote computer. In such a scenario, the remote computer loads the instructions into main memory and sends the instructions over a telephone line using a modem. The local system modem receives the data on the telephone line, uses an infrared transmitter to convert the data to an infrared signal, and transmits the infrared signal to a portable computing device such as a personal digital assistant (PDA) or laptop. To do. An infrared detector on the portable computing device receives the information and instructions carried by the infrared signal and places the data on the bus. The bus carries data to main memory from which the processor retrieves and executes instructions. The instructions received by main memory may optionally be stored on the storage device either before or after execution by the processor.

  9A and 9B are diagrams illustrating different cellular mobile telephones with the ability to support various embodiments of the invention. 9A and 9B show that the transceiver (as part of a digital signal processor (DSD)), both the installed base station and mobile station (eg, handset), semiconductor devices and / or hardware in the base station and mobile station. 1 illustrates a typical cellular mobile telephone system, each with software and integrated circuits. In one example, a wireless network may include second and third generation (2G and 3G) services as defined by the International Telecommunications Union (ITU) for a universal next generation mobile phone system 2000 (IMT-2000). Support. For purposes of explanation, wireless network carrier and channel selection will be described in the context of the cdma2000 architecture. As a third generation version of IS-95, cdma2000 is being standardized in the third generation partnership project 2 (3GPP2).

  Wireless network 900 includes a mobile station 901 (eg, any type of interface to a handset, terminal, station, unit, device, or user (eg, a “wearable” circuit) in communication with a base station subsystem (BSS) 903. )It is included. According to one embodiment of the present invention, the wireless network provides third generation (3G) services as defined by the International Telecommunications Union (ITU) for the next generation universal mobile phone system 2000 (IMT-2000). to support.

  In this example, the BSS 903 includes a transceiver base station (BTS) 905 and a base station controller (BSC) 907. Although a single BTS is shown, it is recognized that multiple BTSs are typically connected to the BSC, for example through point-to-point links. Each BSS 903 is linked to a packet data providing node (PDSN) 909 through a transmission control entity or packet control function (PCF) 911. Since PDSN 909 serves as a gateway to external networks, such as the Internet 913 or other personal consumer network 915, PDSN 909 can access, authorize, and secure to determine user identification and privileges and track each user's activities. An accounting system (AAA) 917 can be included. The network 915 includes a network management system (NMS) 931 linked to one or more databases 933 accessed through a home agent (HA) 935 secured by the home AAA 937.

  Although a single BSS 903 is shown, it is recognized that a number of BSSs 903 are typically connected to a mobile switching center (MSC) 919. The MSC 919 provides connectivity to a circuit switched telephone network such as the public switched telephone network (PSTN) 921. Similarly, it is recognized that the MSC 919 can be connected to other MSCs 919 and / or other wireless networks on the same network 900. The MSC 919 is generally collocated with a Visitor Location Register (VLR) 923 that holds temporary information about the active subscriber to the MSC 919. The data within the VLR 923 database is often a copy of the Home Location Register (HLR) 925 database that stores detailed subscriber service subscription information. In some implementations, HLR 925 and VLR 923 are the same physical database. However, HLR 925 may be located at a remote location accessed through, for example, a signaling system number 7 (SS7) network. An authentication center (AuC) 927 containing subscriber specific authentication data such as a secret authentication key is associated with the HLR 925 for the purpose of authenticating the user. In addition, the MSC 919 is connected to and from a short message service center (SMSC) 929 that stores and forwards simple messages to and from the wireless network 900.

  During standard operation of the cellular telephone system, the BTS 905 receives and demodulates the reverse link signal set from the mobile unit set 901 that makes telephone calls or other communications. Each reverse link signal received by a given BTS 905 is processed within that station. The resulting data is transferred to the BSC 907. BSC 907 provides the functionality of paging resource allocation and mobility management, including soft handoff organization between BTSs 905. The BSC 907 similarly routes received data to the MSC 919 which itself provides additional routing and / or switching for the interface with the PSTN 921. The MSC 919 is also responsible for managing call setup, call path, inter-MSC handover and supplementary services and collection, billing and accounting information. Similarly, the wireless network 900 sends a forward link message. The PSTN 921 interfaces with the MSC 919. MSC 919 further interfaces with BSC 907, which itself communicates with BTS 905, which modulates the forward link signal set and transmits it to mobile unit set 901.

  As shown in FIG. 9B, the two key elements of the General Packet Radio Service (GPRS) infrastructure 950 are a serving GPRS supporting node (SGSN) 932 and a gateway GPRS support node (GGSN) 934. Furthermore, the GPRS infrastructure includes a packet control unit PCU (1336) and a charging gateway function (CGF) 938 linked to the billing system 939. A mobile station (MS) 941 that is a GPRS uses a subscriber identity module (SIM) 943.

  The PCU 936 is a logical network element responsible for GPRS-related functions such as air interface access control, packet scheduling on the air interface and packet assembly and reassembly. In general, PCU 936 is physically integrated with BSC 945. However, it can be collocated with BTS947 or SGSN932. SGSN 932 provides functions equivalent to MSC 949, including mobility management, security, and access control functions, but in a packet-switched domain. Furthermore, the SGSN 932 has connectivity with the PCU 936, such as through a fame relay based interface using the BSSGPRS protocol (BSSGP). Although only one SGSN is shown, it is recognized that a number of SGSNs 931 are available and the service area can be divided into corresponding routing areas (RA). The SGSN / SGSN interface enables packet tunneling from the old SGSN to the new SGSN when an RA update occurs during an ongoing personal development plan (PDP) situation. Any given BSC 945 generally interfaces with one SGSN 932, although a given SGSN can serve multiple BSCs 945. Similarly, SGSN 932 is optionally connected to HLR 951 through an SS7-based interface using a GPRS enhanced mobile application part (MAP) or MSC 949 through an SS7-based interface using a signaling connection control part (SCCP). The The SGSN / HLR interface allows SGSN 932 to provide location updates to HLR 951 and to retrieve GPRS related subscription information within the SGSN service area. The SGSN / MSC interface enables coordination between packet data services and circuit switched services such as paging subscribers for voice calls. Finally, SGSN 932 interfaces with SMSC 953 to enable short message functionality on network 950.

  The GGSN 934 is a gateway to an external packet data network such as the Internet 913 or other personal customer network 955. Network 955 includes a network management system (NMS) 957 linked to one or more databases 955 accessed through PDSN 961. The GGSN 934 can also assign an Internet Protocol (IP) address and authenticate a user acting as a remote authentication dial-in user service host. The firewall at GGSN 934 also implements a firewall function to prohibit unauthorized traffic. Although only one GGSN 934 is shown, a given SGSN 932 can interface with one or more GGSNs 933 to allow user data to be tunneled between two entities as well as between networks 950. It is recognized that. When the external data network initializes a session on the GPRS network 950, the GGSN 934 queries the HLR 951 for the SGSN 932 currently serving the MS 941.

  BTS 947 and BSC 945 manage the radio interface, including control over which mobile station (MS) 941 can access the radio channel at what time. These elements basically relay messages between the MS 941 and the SGSN 932. SGSN 932 communicates with MS 941 to send and receive data and track its location. Similarly, the SGSN 932 registers the MS 941, authenticates the MS 941, and encrypts data sent to the MS 941.

  FIG. 10 is a diagram illustrating exemplary components of a mobile station (eg, handset) capable of operating within the system of FIGS. 9A and 9B, according to one embodiment of the invention. In general, radio receivers are often defined in terms of front end and back end characteristics. The receiver front end contains all of the radio frequency (RF) circuitry, while the back end contains all of the baseband processing circuitry. Relevant internal components of the phone include a main control unit (MCU) 1003, a digital signal processor (DSP) 1005, and a receiver / transmitter unit that includes a microphone gain control unit and a speaker gain control unit. A main display unit 1007 provides a display to the user in support of various applications and mobile station functions. The audio function circuit 1009 includes a microphone 1011 and a microphone amplifier that amplifies an audio signal from the microphone. The amplified audio signal output from the microphone 1011 is supplied to an encoder / decoder (CODEC) 1013.

  The radio section 1015 amplifies the output and converts the frequency via an antenna 1017 for communication with a base station included in a mobile communication system (eg, the system of FIG. 14A or 14B). The power amplifier (PA) 1019 and transmitter / modulation circuit are operatively responsive to the MCU 1003 with output from the duplexer 1021 or PA 1019 coupled to a circulator or antenna switch, as is known in the art. The PA 1019 is similarly coupled to a battery interface and power control unit 1020.

  In use, the user of mobile station 1001 speaks into microphone 1011 and the voice is converted to an analog voltage along with any detected background noise. The analog voltage is then converted to a digital signal through an analog-to-digital converter (ADC) 1023. The control unit 1003 routes the digital signal into the DSP 1005 for internal processing such as voice coding, channel coding, encryption and interleaving. In an exemplary embodiment, the processed audio signal is for a TIA / EIA / IS-95-A dual mode wideband spread spectrum cellular system of the Telecommunications Industry Association, which is incorporated herein by reference in its entirety. It is encoded by multiple units not individually shown using a code division multiple access (CDMA) cellular transmission protocol as detailed in the mobile station-base station compatibility standard.

  The encoded signal is then routed to an equalizer 1025 to compensate for any frequency dependent impairments that occur during transmission through the air, such as phase and amplitude distortion. After equalizing the bitstream, modulator 1027 combines the signal with the RF signal generated in RF interface 1029. Modulator 1027 generates a sine wave via frequency or phase modulation. To prepare the signal for transmission, the upconverter 1031 combines the sine wave output from the modulator 1027 with another sine wave generated by the synthesizer 1033 to achieve the desired transmission frequency. The signal is then sent through PA 1019 to increase this signal to the appropriate power level. In a practical system, the PA 1019 acts as a variable gain amplifier whose gain is controlled by the DSP 1005 from information received from the network base station. The signal is then filtered in duplexer 1021 and optionally sent to antenna combiner 1035 to match impedance and provide maximum power transfer. Finally, the signal is transmitted to the local base station via antenna 1017. Automatic gain control (AGC) can be provided to control the final stage gain of the receiver. The signal can be transferred from here to a remote telephone which can be another cellular telephone, other cellular telephone or a landline telephone or other telephone communication network connected to a public switched telephone network (PSTN).

  The audio signal transmitted to the mobile station 1001 is received via the antenna 1017 and immediately amplified by a low noise amplifier (LNA) 1037. Downconverter 1039 lowers the carrier frequency while demodulator 1041 strips off RF and leaves only one digital bitstream. The signal then passes through equalizer 1025 and is processed by DSP 1005. A digital-to-analog converter (DAC) 1043 converts the signal and the resulting output is transmitted to the user through a speaker 1045, all of which can be implemented as a central processing unit (CPU) (not shown). This is performed under the control of (MCU) 1003.

  The MCU 1003 receives various signals including input signals from the keyboard 1047. The MCU 1003 delivers display commands and switch commands to the display 1007 and the audio output switching controller, respectively. Further, the MCU 1003 can exchange information with the DSP 1005 and can access an arbitrarily incorporated SIM card 1049 and memory 1051. Further, the MCU 1003 performs various control functions requested from the station. The DSP 1005 may perform any of a variety of conventional digital processing functions on the audio signal, depending on the implementation. Further, the DSP 1005 determines the background noise level of the local environment from the signal detected by the microphone 1011 and sets the gain of the microphone 1011 to a level selected to compensate for the natural tendency of the user of the mobile station 1001. .

  The CODEC 1013 includes an ADC 1023 and a DAC 1043. The memory 1051 stores various data including call incoming and outgoing dial tone data, and has the ability to store other data including, for example, music data received via the global Internet. It is contemplated that the software module may reside in RAM memory, flash memory, registers, or any other form of writable storage medium known in the art. Memory device 1051 can be, but is not limited to, a single memory, CD, DVD, ROM, RAM, EEPROM, optical storage device, or any other non-volatile storage medium capable of storing digital data. Do not mean.

  An optional built-in SIM card 1049 carries important information such as, for example, cellular mobile phone numbers, carrier supply services, subscription details and security information. The SIM card 1049 serves primarily to identify the mobile station 1001 on the wireless network. Card 1049 also contains a memory for storing personal telephone directory, text messages, and user specific mobile station settings.

  FIG. 11 is a typical data communication network that can be any type of data communication network that uses packet-based and / or cell-based technologies (eg, aperiodic transfer mode (ATM), Ethernet, IP-based technologies, etc.). Indicates a corporate network. The enterprise network 1101 provides connectivity for wired nodes 1103 and wireless nodes 1105 to 1109 (fixed or mobile), each configured to implement the processes described above. The corporate network 1101 may communicate with various other networks such as a WLAN network 1111 (eg, IEEE 802.11), a cdma2000 cellular network 1113, a telephone communication network 1115 (eg, PSTN), or a public data network 1117 (eg, the Internet). it can.

  Although the present invention has been described in connection with numerous embodiments and implementations, the present invention is not limited thereto and various obvious modifications and equivalent arrangements falling within the scope of the appended claims. It is an exhaustive one. Although the features of the invention are expressed in several combinations between the claims, it is contemplated that these features can be arranged in any combination and order.

FIG. 6 illustrates an example bootstrapping architecture with the ability to provide key refresh according to various embodiments of the invention. 4 is a flowchart of a key refresh process according to various embodiments of the present invention. 4 is a flowchart of a key refresh process according to various embodiments of the present invention. 6 is a flowchart of a conventional bootstrapping procedure for refreshing a session key. FIG. 5 is a diagram illustrating a procedure for refreshing a session key by using two nonces according to an embodiment of the present invention. FIG. 6 is a diagram illustrating a procedure for refreshing a session key by using a random number of a network application according to an embodiment of the present invention. FIG. 6 is a diagram illustrating a procedure for refreshing a session key by using a random number of a user equipment according to an embodiment of the present invention. FIG. 6 illustrates a procedure for refreshing a session key without involving a bootstrapping server function (BSF) according to an embodiment of the present invention. FIG. 6 illustrates hardware that can be used to implement various embodiments of the invention. FIG. 2 illustrates different cellular mobile telephone systems with the ability to support various embodiments of the present invention. FIG. 2 illustrates different cellular mobile telephone systems with the ability to support various embodiments of the present invention. FIG. 9 illustrates an example component of a mobile station capable of operating in the system of FIGS. 9A and 9B, according to one embodiment of the invention. FIG. 2 illustrates an enterprise network capable of supporting the processes described herein according to one embodiment of the invention.

Claims (31)

Transmitting an application request to a network element configured to provide authentication and secure services;
Responsive to the application request, receiving a message indicating a refresh of a key used to provide secure communication with the network element;
Deriving a refreshed key based on the received message;
A method comprising:   The method of claim 1, wherein the message in the receiving step comprises a random number selected by the network element. Generating another random number;
Transmitting another application request to the network element, wherein the another application request identifies a credential that includes the another random number, and the random number provides a bootstrapping function. Transferring to a configured bootstrapping network element.   4. The method of claim 3, wherein the bootstrapping network element is further configured to generate an authentication answer that includes a refresh key and an application specific portion of a user profile.   The method of claim 3, further comprising the step of verifying credentials specified in the second application request.   Further comprising transmitting another application request to the network element, wherein the another application request identifies a credential including a transaction identifier and an application protocol message, the network element providing a bootstrapping function. 3. The method of claim 2, wherein an authentication request is generated for transmission to a bootstrapping network element configured to: wherein the authentication request specifies the transaction identifier, a random number, and a domain name of the network element.   The bootstrapping network element further retrieves a bootstrapping key based on the transaction identifier, generates a fresh session key based on the bootstrapping key and the random number, and the generated fresh session key; Receiving an application response from the network element configured to generate an authentication response including a lifetime parameter and a user profile associated with the retrieved refreshed key and indicating successful authentication. Item 7. The method according to Item 6.   The method of claim 1, wherein the network element is configured to communicate using spread spectrum and to operate according to a general authentication architecture. Generating a random number corresponding to the refreshed key;
Transmitting an application request to a network element configured to provide authentication and secure services, the application request identifying a transaction identifier, a random number, and an application protocol message, wherein the network element further includes booting Configured to forward an authentication request to a bootstrapping network element configured to provide a strapping function, wherein the authentication request identifies the transaction identifier, the random number, and a domain name associated with the network element And the bootstrapping network element further retrieves a bootstrapping key based on the transaction identifier, and Configured to generate a fresh session key based on the key and the random number, and to generate an authentication answer including the generated fresh session key, a lifetime parameter associated with the retrieved refreshed key, and a user profile. Step, and
Receiving an application answer from the network element indicating successful authentication;
A method comprising:   The method of claim 9, wherein the network element and the bootstrapping network element are configured to communicate using spread spectrum and operate according to a universal authentication architecture. Generating a first random number;
Transmitting an application request to a network element configured to provide secure services, wherein the application request identifies a transaction identifier, a random number, and an application protocol message, and the network element further includes a second A step configured to select a random number;
Receiving an application answer identifying a second random number from the network element;
Deriving a fresh session key based on a bootstrapping key, the first random number and the second random number, wherein the fresh session key is used to provide secure communication with the network element; And steps
A method comprising:   The method of claim 11, wherein the network element is configured to communicate using spread spectrum and operate according to a universal authentication architecture.   Configured to generate an application request for transmission to a network element configured to provide a secure service, and further used to provide secure communication with the network element in response to the application request An apparatus comprising: a processor configured to receive a message indicating a refresh of a key to be played, and further configured to derive a refreshed key based on the received message.   The apparatus of claim 13, wherein the message includes a random number selected by the network element.   The processor is further configured to generate another random number and to generate another application request for communication to the network element, the another application request including another random number. 15. The apparatus of claim 14, wherein credentials are identified and the random numbers are forwarded to a bootstrapping network element configured to provide bootstrapping functionality.   The apparatus of claim 15, wherein the bootstrapping network element is further configured to generate an authentication answer that includes a refresh key and an application specific portion of a user profile.   The apparatus of claim 15, wherein the processor is further configured to verify the credentials specified in a second application request.   The processor is further configured to generate another application request for communication to the network element, the another application request identifying a credential that includes a transaction identifier and an application protocol message; An element generates an authentication request for transmission to a bootstrapping network element configured to provide a bootstrapping function, wherein the authentication request identifies the transaction identifier, the random number, and a domain name of the network element The apparatus according to claim 14.   The bootstrapping network element further retrieves a bootstrapping key based on the transaction identifier, generates a fresh session key based on the bootstrapping key and a random number, and a retrieved refreshed key is generated Configured to generate an authentication answer that includes a lifetime parameter and a user profile associated with the fresh session key, coupled to the processor and displaying an application answer from the network element indicating successful authentication. The apparatus of claim 18, further comprising a transceiver configured to receive.   The apparatus of claim 13, wherein the network element is configured to communicate using spread spectrum and operate according to a universal authentication architecture.   A system comprising the apparatus and network element of claim 13. A processor configured to generate a random number corresponding to the refreshed key;
A transceiver configured to transmit application requests to a network element configured to provide secure services;
A device comprising:
The application request identifies a transaction identifier, the random number, and an application protocol message, and the network element further forwards an authentication request to a bootstrapping network element configured to provide a bootstrapping function. The authentication request specifies a domain name associated with the transaction identifier, the random number, and the network element;
The bootstrapping network element further searches for a bootstrapping key based on the transaction identifier, generates a fresh session key based on the bootstrapping key and the random number, and generates the fresh session key, search Is configured to generate an authentication answer including a lifetime parameter and a user profile associated with the refreshed key
The transceiver is further configured to receive an application answer from the network element indicating successful authentication.
apparatus.   23. The apparatus of claim 22, wherein the network element and the bootstrapping network element are configured to communicate using spread spectrum and operate according to a universal authentication architecture.   23. A system comprising the apparatus and network element of claim 22. A processor configured to generate a first random number;
In a transceiver coupled to the processor and configured to transmit an application request for a network element, the application request specifies a transaction identifier, the first random number, and an application protocol message, and the network element further includes a first A transceiver configured to select a random number of two;
A device comprising:
The transceiver is further configured to receive an application answer identifying the second random number from the network element;
The processor is further configured to derive a fresh session key based on a bootstrapping key, the first random number, and the second random number, wherein the fresh session key is secured with the network element. A device that is used to provide secure communication.   26. The apparatus of claim 25, wherein the network element and the bootstrapping network element are configured to communicate using spread spectrum and operate according to a universal authentication architecture.   A system comprising the apparatus and network element of claim 13. Receiving an application request identifying a transaction identifier from a user equipment;
Seeking based on the received transaction identifier whether the user equipment indicates that a new bootstrapping has been performed, or whether the user equipment is about to refresh a session key;
Refreshing the session key based on the decision or using a new bootstrapping key material associated with the new bootstrapping;
A method comprising:   30. The method of claim 28, wherein the user equipment is configured to communicate using spread spectrum and operate according to a universal authentication architecture. Means for receiving an application request identifying a transaction identifier from a user equipment;
Means for determining based on the received transaction identifier whether the user equipment is indicating that a new bootstrapping has been performed or whether the user equipment is about to refresh a session key;
Means for refreshing the session key based on the determination or using new bootstrapping key material;
A system comprising:   32. The system of claim 30, wherein the user equipment is configured to communicate using spread spectrum and operate according to a universal authentication architecture.

Images