US9270672B2 - Performing a group authentication and key agreement procedure - Google Patents

Performing a group authentication and key agreement procedure Download PDF

Info

Publication number
US9270672B2
US9270672B2 US14/119,665 US201114119665A US9270672B2 US 9270672 B2 US9270672 B2 US 9270672B2 US 201114119665 A US201114119665 A US 201114119665A US 9270672 B2 US9270672 B2 US 9270672B2
Authority
US
United States
Prior art keywords
group
key
authentication
devices
shared
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US14/119,665
Other versions
US20140075509A1 (en
Inventor
Silke Holtmanns
Da Jiang Zhang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WSOU Investments LLC
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Assigned to NOKIA CORPORATION reassignment NOKIA CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ZHANG, DAJIANG, HOLTMANNS, SILKE
Publication of US20140075509A1 publication Critical patent/US20140075509A1/en
Assigned to NOKIA TECHNOLOGIES OY reassignment NOKIA TECHNOLOGIES OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NOKIA CORPORATION
Application granted granted Critical
Publication of US9270672B2 publication Critical patent/US9270672B2/en
Assigned to OMEGA CREDIT OPPORTUNITIES MASTER FUND, LP reassignment OMEGA CREDIT OPPORTUNITIES MASTER FUND, LP SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WSOU INVESTMENTS, LLC
Assigned to WSOU INVESTMENTS, LLC reassignment WSOU INVESTMENTS, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NOKIA TECHNOLOGIES OY
Assigned to BP FUNDING TRUST, SERIES SPL-VI reassignment BP FUNDING TRUST, SERIES SPL-VI SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WSOU INVESTMENTS, LLC
Assigned to WSOU INVESTMENTS, LLC reassignment WSOU INVESTMENTS, LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: OCO OPPORTUNITIES MASTER FUND, L.P. (F/K/A OMEGA CREDIT OPPORTUNITIES MASTER FUND LP
Assigned to OT WSOU TERRIER HOLDINGS, LLC reassignment OT WSOU TERRIER HOLDINGS, LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WSOU INVESTMENTS, LLC
Assigned to WSOU INVESTMENTS, LLC reassignment WSOU INVESTMENTS, LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: TERRIER SSC, LLC
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W4/005
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Definitions

  • Embodiments of the present invention generally relate to wireless communication. More particularly, embodiments of the present invention relate to a method, an apparatus, and a computer program product for performing a group authentication and key agreement procedure on a group of communication devices, e.g., machine-type-communication devices.
  • a group of communication devices e.g., machine-type-communication devices.
  • An AKA procedure is a procedure that has been employed by many communication systems of today for the purpose of improving system security and robustness.
  • One such an AKA procedure has been detailed in 3GPP Technical Specifications 33.102 and 33.401, which are incorporated herein by reference in their entirety.
  • the AKA procedure which may involve a challenge-response authentication procedure as known in the art, will inevitably cause certain amount of signaling overhead.
  • the number of devices to be authenticated in the AKA procedure is relatively low, it will merely cause small amount of overhead for the network.
  • devices to be simultaneously authenticated are numerous, it will generate tremendous signaling overhead that may burden the bandwidth and processing capability of the network.
  • a method, an apparatus, and a computer program product are therefore provided for performing a group AKA procedure on a group of devices.
  • a method, an apparatus and a computer program product are provided where a master device in a group of devices, upon completion of its own authentication with the network (i.e., authentication entities), may authenticate other devices in the group on behalf of the network.
  • the impact of the signaling overhead on the network may be decreased without substantive modification to the existing architecture of the network.
  • One embodiment of the present invention provides a method.
  • the method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure.
  • the method also comprises performing mutual authentication between the master device and the authentication entity based upon the shared group key. Additionally, the method comprises performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
  • the master device is selected by an owner of the group of devices, an owner of the master device or a network operator.
  • a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
  • the performing mutual authentication is based upon a challenge-response authentication procedure.
  • the method further comprises sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure.
  • the method further comprises instructing, by the master device, one or more devices that have failed in the group authentication and key agreement procedure to initiate an authentication and key agreement procedure towards the authentication entity individually.
  • the method further comprises generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.
  • the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
  • the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.
  • An additional embodiment of the present invention provides an apparatus.
  • the apparatus comprises means for initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure.
  • the apparatus also comprises means for performing mutual authentication between the master device and the authentication entity based upon the shared group key.
  • the apparatus comprises means for performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
  • the master device is selected by an owner of the group of devices, an owner of the master device or a network operator.
  • a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
  • the performing mutual authentication is based upon a challenge-response authentication procedure.
  • the apparatus further comprises means for sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure.
  • the apparatus further comprises means for instructing, by the master device, one or more devices that have failed in the group authentication and key agreement procedure to initiate an authentication and key agreement procedure towards the authentication entity individually.
  • the apparatus comprises means for generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.
  • the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
  • the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.
  • the apparatus comprises at least one processor and at least one memory including compute program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform: initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
  • the computer program product comprises at least one computer readable storage medium having a computer readable program code portion stored thereon.
  • the computer readable program code portion comprises program code instructions for initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure.
  • the computer readable program code portion also comprises program code instructions for performing mutual authentication between the master device and the authentication entity based upon the shared group key.
  • the computer readable program code portion further comprises program code instructions for performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
  • the signaling overhead caused by performance of too many AKA procedures on a group of device will be decreased. Additionally, with the shared group key, secure communications between the group of devices and the network may be improved.
  • FIG. 1 exemplarily illustrates a simplified 3GPP network that provides an environment and structure for application of the principles of the present invention
  • FIG. 2 exemplarily illustrates a flow chart of a method for performing a group AKA procedure on a group of devices according to an embodiment of the present invention
  • FIG. 3 is a flow chart exemplarily illustrating a method for performing a group AKA procedure on a group of devices under a LTE network according to an embodiment of the present invention.
  • FIG. 4 is a block diagram illustrating an apparatus for performing a group AKA procedure according to an embodiment of the present invention.
  • a master device in a group of devices may initiate a group AKA procedure towards the network, e.g., an authentication entity.
  • a shared group key is predefined so as to perform mutual authentication between master device and the network.
  • the master device When the master device has been successfully authenticated, it will authenticate other devices in the group in place of the authentication entity.
  • the master device if one or more devices in the group fail in the authentication, then each of them will initiate an individual AKA procedure with the authentication entity.
  • the master device will send to the authentication entity a message regarding the results of the group AKA procedure.
  • FIG. 1 exemplarily illustrates a simplified 3GPP network 100 that provides an environment and structure for application of the principles of the present invention.
  • the network 100 as illustrated in FIG. 1 includes a MTC device 102 a , a MTC device 102 b , and a master MTC device 104 that are located at an access portion of the network 100 .
  • the network 100 includes a MME (used in a LTE system) or SGSN (used in a 3G system) 106 and a HSS/AuC 108 that are located in the 3GPP bearer as illustrated by a circle, wherein the MME or SGSN 106 and HSS/AuC 108 belong to network-side (as compared to the access portion) entities and the MME or SGSN 106 may also be referred to as an authentication entity.
  • MME used in a LTE system
  • SGSN used in a 3G system
  • HSS/AuC 108 that are located in the 3GPP bearer as illustrated by a circle, wherein the MME or SGSN 106 and HSS/AuC 108 belong to network-side (as compared to the access portion) entities and the MME or SGSN 106 may also be referred to as an authentication entity.
  • the network 100 includes a MTC server 110 a and a MTC server 110 b that are connected to the 3GPP bearer and handle various transactions regarding a group of MTC devices, e.g., the group consisting of the MTC device 102 a , 102 b and 104 as illustrated in FIG. 1 .
  • a group of MTC devices e.g., the group consisting of the MTC device 102 a , 102 b and 104 as illustrated in FIG. 1 .
  • the network 100 is provided as an example of one embodiment and should not be construed to narrow the scope or spirit of the disclosure in any way.
  • each device in a group of devices would have to initiate an AKA procedure towards the network individually.
  • the MTC devices 102 a and 102 b each initiate a AKA procedure towards the MME or SGSN 106 through their respective shared root key K i which has been stored in the USIM.
  • the MME or SGSN 106 may interact with the HSS/AuC 108 so as to perform respective challenge-response procedures for authenticating the MTC devices 102 a and 102 b .
  • MTC devices including the master MTC device
  • MTC devices there may be a group of hundreds of MTC devices in practice.
  • MTC devices initiate AKA procedures separately and simultaneously, it is unquestionable that the generated signaling overhead cause tremendous impact on the MME or SGSN 106 and HSS/AuC 108 .
  • a master MTC device 104 may be selected or designated in a group of MTC devices beforehand by a network operator, an owner of the master MTC device, or an owner of the group of MTC devices (e.g., a company, such as a power company). Then the master MTC device 104 may initiate a group AKA procedure towards the authentication entity through a predefined shared group key K group that is similar to the key K i .
  • the master MTC device 104 may authenticate other MTC devices in the group on behalf of the network-side entities.
  • other MTC devices in the group may perform individual AKA procedures no longer with network-side entities but with the master MTC device 104 .
  • the signaling overhead at the network side would be significantly decreased because the AKA procedure has been performed only once at the network side.
  • FIG. 2 exemplarily illustrates a flow chart of a method 200 according to an embodiment of the present invention.
  • the method starts at step S 201 and proceeds to step S 202 at which the method 200 initiates, by a master device in a group of devices, a group AKA procedure towards an authentication entity, wherein a shared group key is defined for use in the group AKA procedure.
  • the master device is selected by an owner of the group of devices, an owner of the master device or a network operator.
  • any one of devices in the group may play a role as the master device to initiate the group AKA procedure as needed.
  • a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
  • the method 200 Upon initiation of the group AKA procedure, the method 200 advances to step S 203 .
  • the method 200 performs mutual authentication between the master device and the authentication entity based upon the shared group key.
  • the mutual authentication may be performed based upon a challenge-response authentication procedure in which the shared group key is used instead of a conventional key.
  • the challenge-response authentication procedure is successful only when the device has authenticated the network and the network has authenticated the device.
  • step S 204 Upon authentication of the master device and the network, the method 200 proceeds to step S 204 at which the method 200 performs mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group AKA procedure.
  • the mutual authentication herein also may involve a challenge-response authentication procedure.
  • the method 200 may comprise additional steps in various embodiments.
  • the method 200 may instruct, by the master device, one or more devices that have failed in the group AKA procedure to initiate new AKA procedures towards the authentication entity individually.
  • the method 200 may send, from the master device, to the authentication entity a message regarding results of the group AKA procedure; thereby, the authentication entity can be aware of which devices in the group have passed through the group AKA procedure.
  • the method 200 may generate, for one or more devices that have been successfully authenticated in the group AKA procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key, wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
  • the existing specific key is a shared key derived from a shared root key between the device and an AuC
  • the respective new shared key is derived from the existing specific key and the intermediate group key.
  • step S 205 the method 200 ends at step S 205 .
  • FIG. 3 illustrating a method 300 for performing a group AKA procedure on a group of devices (e.g., embodied as MTC devices) under the LTE system.
  • a group of MTC devices has been registered to the network previously and each registered MTC device has a shared key K ASME with the network, though FIG. 3 only illustrates for brevity one MTC device and one master MTC device that are in a same group.
  • a group key K group dedicated for the group AKA procedure has been defined and stored in each device in the group, e.g. on the USIM.
  • Such a group key K group can be securely pushed to the device from the network based upon secure communication preestablished under the protection of the unique shared root key K i or a shared key derived from K i .
  • the method 300 starts at step S 301 , wherein the master MTC device, which can be selected from the group by an owner of the group of devices, an owner of the master device, or a network operator, sends a group AKA procedure request to the MME.
  • the MME Upon receipt of the group AKA procedure request, the MME, at step S 302 , requests an AV from the HSS/AuC. Due to the previous registration of the MTC devices to the network or an indicator indicative of the group AKA procedure in the request, the HSS/AuC determines that this request is in relation to a group AKA procedure.
  • an AV that includes, for example, four components, i.e., a RAND, an AUTN, a XRES, and a K ASME-GROUP .
  • the component K ASME-GROUP is a shared intermediate key derived from the key K group .
  • the components RAND and AUTN each of them can be substituted by new components RAND group and AUTN group dedicated for a group AKA procedure, respectively.
  • the HSS/AuC sends the AV including the above four components to the MME.
  • the MME Upon receiving the AV from the HSS/AuC, the MME, at Step S 304 , forwards the components RAND and AUTN to the master MTC device.
  • the master MTC device more particularly, its USIM, upon receipt of the RAND and AUTN, at step S 305 , first authenticates the MME by computing XMAC and comparing it with MAC included in AUTN. If XMAC equals MAC, then the master MTC device determines the MME is a trusted entity; otherwise, the master MTC device will abandon or abort the group AKA procedure this time and may attempt to reinitiate a group AKA procedure after a certain time interval.
  • a new master device when number of attempts to reinitiate the group AKA procedure exceeds a predefined limit, a new master device should be selected or assigned to initiate the group AKA procedure.
  • the master MTC device Upon successfully authenticating the MME, the master MTC device generates a response RES based upon the shared group key K group and RAND. Afterwards, the master MTC device sends the response RES back to the MME.
  • the MME To authenticate the master MTC device, the MME simply verifies that the response RES received from the master MTC device equals the XRES received in the AV. Once the response RES equals the XRES, authentication of the master MTC device towards the wireless network has been successfully completed.
  • the master MTC device may compute a new shared key K ASME ′ based upon the intermediate key K ASME-GROUP derived from K group and one or more device specific parameters.
  • the one or more device specific parameters may be one or more of an existing specific key, e.g., K ASME , or other identifies, e.g., IMSI, TMSI or IMEI.
  • the key K ASME ′ can be calculated, e.g., by an equation as below.
  • K ASME ′ K ASME ⁇ K ASME-GROUP (1)
  • the resulting K ASME ′ is used for further secure communication with the network.
  • the K ASME ′ may be used to generate keys for other layers, such as the Non-Access Stratum, Access Stratus, and user plane. It should be noted that the above generation of the key K ASME ′ is not necessary when the old K ASME is still suitable for further secure communication.
  • the master MTC device sends RAND and AUTN to others devices in the group so as to perform the mutual authentication between itself and each of other devices in the group. Similar to the step S 305 , each of other devices in the group performs authentication operations on the master MTC device to assure such a master MTC device is a trusted master device rather than a masquerader of the master device. Likewise, upon successfully authenticating the master MTC device, the MTC device in the group generates a respective response RES based upon the shared group key K group and RAND and then forwards the RES to the master MTC device. Similarly, the master MTC device determines whether the RES equals the XRES.
  • the master MTC device informs the MTC device of failure in the authentication. Then, alternatively or additionally, the MTC device that fails in the authentication may initiate an individual AKA procedure towards the network at step S 308 .
  • the MTC device may alternatively computes its own K ASME ′ based upon its own existing specific key, e.g., K ASME , which may be unusable now, or its own identifies, e.g., IMSI, TMSI or IMEI.
  • the MTC device may apply the equation ( 1 ) as discussed above with respect to the master MTC device to compute its own K ASME ′ for further secure communication with the network.
  • the master device may send to the MME a message regarding the results of the group AKA procedure so that the MME may know which devices in the group have passed through the group AKA procedure. Similar to the MTC device, the MME may also compute, at step S 311 , a respective new shared key K ASME ′ for further secure communication.
  • the present invention should not be limited thereto.
  • a person skilled in the art can understand that the above method 300 may also be implemented, for example, in a 3G system and other types of a group of devices by some modifications.
  • the above keys K ASME and K ASME-GROUP in the LTE system may be replaced by keys IK and CK, and IK group and CK group , respectively.
  • the SGSN in the 3G system will play the same role as the MME in the LTE system.
  • FIG. 4 is a schematic diagram of an apparatus 400 according to another embodiment of the present invention, which implements relevant steps of methods 200 and 300 as illustrated in FIGS. 2 and 3 .
  • the apparatus as illustrated in FIG. 4 is only an example of the electronic devices in which the present invention is implemented.
  • the apparatus as illustrated in FIG. 4 may be a personal digital assistant (PDA), a mobile phone, an electronic card reader, a sensor device, etc.
  • PDA personal digital assistant
  • FIG. 4 may be a personal digital assistant (PDA), a mobile phone, an electronic card reader, a sensor device, etc.
  • the apparatus 400 may comprise at least one processor 400 , a keyboard 401 , a codec circuitry 402 , a microphone 403 , an ear-piece 404 , a radio interface circuitry 405 , an antenna 406 , at least one memory 407 storing computer program code, an infrared port 408 , a display 409 , a smart card 410 (e.g., an USIM card according to embodiments of the present invention), and a card reader 411 .
  • Individual circuits and elements are all of a type well known in the art and some of them are omitted herein so as not to obscuring embodiments of the present invention unnecessarily.
  • the memory 407 and the computer program code as stored therein are configured to cause the processor 400 to perform relevant steps in methods 200 and 300 as described in connection with FIGS. 2 and 3 .
  • a computer program product in one embodiment of the invention comprises at least one computer readable storage medium, on which the foregoing computer program instructions are stored.
  • the computer readable storage medium can be, for example, an optical compact disk or an electronic memory device like a RAM (random access memory) or a ROM (read only memory).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network.

Description

RELATED APPLICATION
This application was originally filed as PCT Application No. PCT/CN2011/074693 filed May 26, 2011.
FIELD OF THE INVENTION
Embodiments of the present invention generally relate to wireless communication. More particularly, embodiments of the present invention relate to a method, an apparatus, and a computer program product for performing a group authentication and key agreement procedure on a group of communication devices, e.g., machine-type-communication devices.
BACKGROUND OF THE INVENTION
Various abbreviations that appear in the specification and/or in the drawing figures are defined as below:
    • 3GPP Third Generation Partnership Project
    • LTE Long Term Evolution
    • BS Base Station
    • MS Mobile Station
    • MME Mobility Management Entity
    • UE User Equipment
    • IMSI International Mobile Subscriber Identity
    • ASME Access Security Management Entity
    • TMSI Temporary Mobile Subscriber Identity
    • MTC Machine Type Communication
    • HSS Home Subscriber Server
    • IMEI International Mobile Equipment Identity
    • AV Authentication Vector
    • USIM Universal Subscriber Identity Module
    • AUTN Authentication Token
    • RAND Random Challenge
    • GPRS General Packet Radio Service
    • SGSN Serving GPRS Support Node
    • XRES Expected Response
    • CK Cipher Key
    • IK Integrity Key
    • AK Anonymity Key
    • XMAC Expected Message Authentication Code
    • MAC Message Authentication Code
    • AuC Authentication Center
    • AKA Authentication and Key Agreement
An AKA procedure is a procedure that has been employed by many communication systems of today for the purpose of improving system security and robustness. One such an AKA procedure has been detailed in 3GPP Technical Specifications 33.102 and 33.401, which are incorporated herein by reference in their entirety. The AKA procedure, which may involve a challenge-response authentication procedure as known in the art, will inevitably cause certain amount of signaling overhead. When the number of devices to be authenticated in the AKA procedure is relatively low, it will merely cause small amount of overhead for the network. However, in a situation where devices to be simultaneously authenticated are numerous, it will generate tremendous signaling overhead that may burden the bandwidth and processing capability of the network. This is especially true for machine-type communications in which many MTC devices formed in groups will initiate their own AKA procedures towards the network simultaneously and thereby make negative impact on the network. For more information regarding MTC communications, see 3GPP Technical Report 33.868, which is also incorporated herein by reference in its entirety.
Therefore, what is needed in the prior art is means for performing a group AKA procedure on a group of devices in an efficient and secure manner such that the impact of signaling overhead on the network could be decreased.
SUMMARY OF THE INVENTION
A method, an apparatus, and a computer program product are therefore provided for performing a group AKA procedure on a group of devices. In particular, a method, an apparatus and a computer program product are provided where a master device in a group of devices, upon completion of its own authentication with the network (i.e., authentication entities), may authenticate other devices in the group on behalf of the network. Thus, for example, the impact of the signaling overhead on the network may be decreased without substantive modification to the existing architecture of the network.
One embodiment of the present invention provides a method. The method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure. The method also comprises performing mutual authentication between the master device and the authentication entity based upon the shared group key. Additionally, the method comprises performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
In one embodiment, the master device is selected by an owner of the group of devices, an owner of the master device or a network operator.
In another embodiment, a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
In an additional embodiment, the performing mutual authentication is based upon a challenge-response authentication procedure.
In one embodiment, the method further comprises sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure.
In another embodiment, the method further comprises instructing, by the master device, one or more devices that have failed in the group authentication and key agreement procedure to initiate an authentication and key agreement procedure towards the authentication entity individually.
In an additional embodiment, the method further comprises generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.
In another embodiment, the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
In one embodiment, the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.
An additional embodiment of the present invention provides an apparatus. The apparatus comprises means for initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure. The apparatus also comprises means for performing mutual authentication between the master device and the authentication entity based upon the shared group key. Additionally, the apparatus comprises means for performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
In one embodiment, the master device is selected by an owner of the group of devices, an owner of the master device or a network operator.
In another embodiment, a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
In an additional embodiment, the performing mutual authentication is based upon a challenge-response authentication procedure.
In one embodiment, the apparatus further comprises means for sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure.
In another embodiment, the apparatus further comprises means for instructing, by the master device, one or more devices that have failed in the group authentication and key agreement procedure to initiate an authentication and key agreement procedure towards the authentication entity individually.
In an additional embodiment, the apparatus comprises means for generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.
In a further embodiment, the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
In one embodiment, the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.
One embodiment of the present invention provides an apparatus. The apparatus comprises at least one processor and at least one memory including compute program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform: initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
One embodiment of the present invention provides a computer program product. The computer program product comprises at least one computer readable storage medium having a computer readable program code portion stored thereon. The computer readable program code portion comprises program code instructions for initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure. The computer readable program code portion also comprises program code instructions for performing mutual authentication between the master device and the authentication entity based upon the shared group key. The computer readable program code portion further comprises program code instructions for performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure.
With certain embodiments of the present invention, the signaling overhead caused by performance of too many AKA procedures on a group of device will be decreased. Additionally, with the shared group key, secure communications between the group of devices and the network may be improved.
Other features and advantages of the embodiments of the present invention will also be understood from the following description of specific embodiments when read in conjunction with the accompanying drawings, which illustrate, by way of example, the principles of embodiments of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
A more complete understanding of various embodiments of the present invention and the advantages thereof may be acquired by referring to the following description in consideration of the accompanying drawings, in which like reference numbers indicate like features, and wherein:
FIG. 1 exemplarily illustrates a simplified 3GPP network that provides an environment and structure for application of the principles of the present invention;
FIG. 2 exemplarily illustrates a flow chart of a method for performing a group AKA procedure on a group of devices according to an embodiment of the present invention;
FIG. 3 is a flow chart exemplarily illustrating a method for performing a group AKA procedure on a group of devices under a LTE network according to an embodiment of the present invention; and
FIG. 4 is a block diagram illustrating an apparatus for performing a group AKA procedure according to an embodiment of the present invention.
 DETAILED DESCRIPTION OF EMBODIMENTS
In the following description of the various embodiments, reference is made to the accompanying drawings, which form a part thereof, and in which is shown by way of illustration various embodiments in which the present invention may be practiced. It is to be understood by those skilled in the art that other embodiments may be utilized and structural and functional modifications may be made without departing from the scope and spirit of the present invention.
In one embodiment of the present invention, a master device in a group of devices may initiate a group AKA procedure towards the network, e.g., an authentication entity. For the group AKA procedure, a shared group key is predefined so as to perform mutual authentication between master device and the network. When the master device has been successfully authenticated, it will authenticate other devices in the group in place of the authentication entity. In another embodiment of the present invention, if one or more devices in the group fail in the authentication, then each of them will initiate an individual AKA procedure with the authentication entity. In an additional embodiment of the present invention, the master device will send to the authentication entity a message regarding the results of the group AKA procedure.
FIG. 1 exemplarily illustrates a simplified 3GPP network 100 that provides an environment and structure for application of the principles of the present invention. The network 100 as illustrated in FIG. 1 includes a MTC device 102 a, a MTC device 102 b, and a master MTC device 104 that are located at an access portion of the network 100. Additionally, the network 100 includes a MME (used in a LTE system) or SGSN (used in a 3G system) 106 and a HSS/AuC 108 that are located in the 3GPP bearer as illustrated by a circle, wherein the MME or SGSN 106 and HSS/AuC 108 belong to network-side (as compared to the access portion) entities and the MME or SGSN 106 may also be referred to as an authentication entity. Furthermore, the network 100 includes a MTC server 110 a and a MTC server 110 b that are connected to the 3GPP bearer and handle various transactions regarding a group of MTC devices, e.g., the group consisting of the MTC device 102 a, 102 b and 104 as illustrated in FIG. 1. It should be understood that the network 100 is provided as an example of one embodiment and should not be construed to narrow the scope or spirit of the disclosure in any way.
In a conventional AKA procedure, each device in a group of devices would have to initiate an AKA procedure towards the network individually. As illustrated with dotted lines in FIG. 1, the MTC devices 102 a and 102 b each initiate a AKA procedure towards the MME or SGSN 106 through their respective shared root key Ki which has been stored in the USIM. Upon receipt of the AKA procedure requests, the MME or SGSN 106, as an intermediate party, may interact with the HSS/AuC 108 so as to perform respective challenge-response procedures for authenticating the MTC devices 102 a and 102 b. Although only three MTC devices (including the master MTC device) are illustrated herein for exemplary purpose, there may be a group of hundreds of MTC devices in practice. When such a number of MTC devices initiate AKA procedures separately and simultaneously, it is unquestionable that the generated signaling overhead cause tremendous impact on the MME or SGSN 106 and HSS/AuC 108.
An efficient way to alleviate the above impact on the network is to decrease the number of performed AKA procedures at the network side. To this end, embodiments of the present application propose performing a group AKA procedure on a group of devices, e.g., MTC devices. In the group AKA procedure, a master MTC device 104 may be selected or designated in a group of MTC devices beforehand by a network operator, an owner of the master MTC device, or an owner of the group of MTC devices (e.g., a company, such as a power company). Then the master MTC device 104 may initiate a group AKA procedure towards the authentication entity through a predefined shared group key Kgroup that is similar to the key Ki.
Upon completion of the AKA procedure between the master MTC device 104 and network-side entities, i.e., MME or SGSN 106 and HSS/AuC 108, the master MTC device 104 may authenticate other MTC devices in the group on behalf of the network-side entities. In other words, other MTC devices in the group may perform individual AKA procedures no longer with network-side entities but with the master MTC device 104. As such, the signaling overhead at the network side would be significantly decreased because the AKA procedure has been performed only once at the network side.
FIG. 2 exemplarily illustrates a flow chart of a method 200 according to an embodiment of the present invention. The method starts at step S201 and proceeds to step S202 at which the method 200 initiates, by a master device in a group of devices, a group AKA procedure towards an authentication entity, wherein a shared group key is defined for use in the group AKA procedure. In one embodiment, the master device is selected by an owner of the group of devices, an owner of the master device or a network operator. In other words, any one of devices in the group may play a role as the master device to initiate the group AKA procedure as needed. In another embodiment, a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
Upon initiation of the group AKA procedure, the method 200 advances to step S203. At step S203, the method 200 performs mutual authentication between the master device and the authentication entity based upon the shared group key. In one embodiment, the mutual authentication may be performed based upon a challenge-response authentication procedure in which the shared group key is used instead of a conventional key. As is known to those skilled in the art, the challenge-response authentication procedure is successful only when the device has authenticated the network and the network has authenticated the device.
Upon authentication of the master device and the network, the method 200 proceeds to step S204 at which the method 200 performs mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group AKA procedure. Like step S203, the mutual authentication herein also may involve a challenge-response authentication procedure.
Although not shown in FIG. 2, the method 200 may comprise additional steps in various embodiments. For example, in one embodiment, the method 200 may instruct, by the master device, one or more devices that have failed in the group AKA procedure to initiate new AKA procedures towards the authentication entity individually. In another embodiment, the method 200 may send, from the master device, to the authentication entity a message regarding results of the group AKA procedure; thereby, the authentication entity can be aware of which devices in the group have passed through the group AKA procedure. In an additional embodiment, the method 200 may generate, for one or more devices that have been successfully authenticated in the group AKA procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key, wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device. In one embodiment, the existing specific key is a shared key derived from a shared root key between the device and an AuC, and the respective new shared key is derived from the existing specific key and the intermediate group key.
Finally, the method 200 ends at step S205.
For a better understanding of the embodiments of the present invention, a more complete and detailed example of a group AKA procedure will now be described with reference to FIG. 3, illustrating a method 300 for performing a group AKA procedure on a group of devices (e.g., embodied as MTC devices) under the LTE system. For proper implementation of the method 300, it is assumed that a group of MTC devices has been registered to the network previously and each registered MTC device has a shared key KASME with the network, though FIG. 3 only illustrates for brevity one MTC device and one master MTC device that are in a same group. Further, it is assumed that a group key Kgroup dedicated for the group AKA procedure has been defined and stored in each device in the group, e.g. on the USIM. Such a group key Kgroup can be securely pushed to the device from the network based upon secure communication preestablished under the protection of the unique shared root key Ki or a shared key derived from Ki.
Based upon the above assumptions or a scenario established thereby, the method 300 starts at step S301, wherein the master MTC device, which can be selected from the group by an owner of the group of devices, an owner of the master device, or a network operator, sends a group AKA procedure request to the MME. Upon receipt of the group AKA procedure request, the MME, at step S302, requests an AV from the HSS/AuC. Due to the previous registration of the MTC devices to the network or an indicator indicative of the group AKA procedure in the request, the HSS/AuC determines that this request is in relation to a group AKA procedure. Thus, in order to assist in the group AKA procedure, it will generate an AV that includes, for example, four components, i.e., a RAND, an AUTN, a XRES, and a KASME-GROUP. The component KASME-GROUP is a shared intermediate key derived from the key Kgroup. Regarding how to derive such a shared intermediate key, reference may be made to for example Annex of 3GPP TS 33.401. Alternatively, with respect to the components RAND and AUTN, each of them can be substituted by new components RANDgroup and AUTNgroup dedicated for a group AKA procedure, respectively. At step S303, in response to the request from the MME, the HSS/AuC sends the AV including the above four components to the MME.
Upon receiving the AV from the HSS/AuC, the MME, at Step S304, forwards the components RAND and AUTN to the master MTC device. The master MTC device, more particularly, its USIM, upon receipt of the RAND and AUTN, at step S305, first authenticates the MME by computing XMAC and comparing it with MAC included in AUTN. If XMAC equals MAC, then the master MTC device determines the MME is a trusted entity; otherwise, the master MTC device will abandon or abort the group AKA procedure this time and may attempt to reinitiate a group AKA procedure after a certain time interval. In one embodiment, when number of attempts to reinitiate the group AKA procedure exceeds a predefined limit, a new master device should be selected or assigned to initiate the group AKA procedure. Upon successfully authenticating the MME, the master MTC device generates a response RES based upon the shared group key Kgroup and RAND. Afterwards, the master MTC device sends the response RES back to the MME.
To authenticate the master MTC device, the MME simply verifies that the response RES received from the master MTC device equals the XRES received in the AV. Once the response RES equals the XRES, authentication of the master MTC device towards the wireless network has been successfully completed. Alternatively, subsequent to the above mutual authentication, the master MTC device may compute a new shared key KASME′ based upon the intermediate key KASME-GROUP derived from Kgroup and one or more device specific parameters. The one or more device specific parameters may be one or more of an existing specific key, e.g., KASME, or other identifies, e.g., IMSI, TMSI or IMEI. For example, the key KASME′ can be calculated, e.g., by an equation as below.
KASME′=KASME⊕KASME-GROUP  (1)
The resulting KASME′ is used for further secure communication with the network. For example, the KASME′ may be used to generate keys for other layers, such as the Non-Access Stratum, Access Stratus, and user plane. It should be noted that the above generation of the key KASME′ is not necessary when the old KASME is still suitable for further secure communication.
Having been successfully authenticated, the master MTC device, at step S306, sends RAND and AUTN to others devices in the group so as to perform the mutual authentication between itself and each of other devices in the group. Similar to the step S305, each of other devices in the group performs authentication operations on the master MTC device to assure such a master MTC device is a trusted master device rather than a masquerader of the master device. Likewise, upon successfully authenticating the master MTC device, the MTC device in the group generates a respective response RES based upon the shared group key Kgroup and RAND and then forwards the RES to the master MTC device. Similarly, the master MTC device determines whether the RES equals the XRES. If this is the case, it indicates that the MTC device passes through the authentication; otherwise, optionally, at step S307, the master MTC device informs the MTC device of failure in the authentication. Then, alternatively or additionally, the MTC device that fails in the authentication may initiate an individual AKA procedure towards the network at step S308. Upon successful authentication by the master MTC device, at step S309, the MTC device may alternatively computes its own KASME′ based upon its own existing specific key, e.g., KASME, which may be unusable now, or its own identifies, e.g., IMSI, TMSI or IMEI. Alternatively, the MTC device may apply the equation (1) as discussed above with respect to the master MTC device to compute its own KASME′ for further secure communication with the network.
The master device, at step S310, may send to the MME a message regarding the results of the group AKA procedure so that the MME may know which devices in the group have passed through the group AKA procedure. Similar to the MTC device, the MME may also compute, at step S311, a respective new shared key KASME′ for further secure communication.
Although the foregoing has taken the LTE system and the group of the MTC devices as an example to describe an embodiment of the present invention, the present invention should not be limited thereto. A person skilled in the art can understand that the above method 300 may also be implemented, for example, in a 3G system and other types of a group of devices by some modifications. For example, when the method 300 is implemented in the 3G system, the above keys KASME and KASME-GROUP in the LTE system may be replaced by keys IK and CK, and IKgroup and CKgroup, respectively. Similarly, the SGSN in the 3G system will play the same role as the MME in the LTE system. In addition, in view of the fact that a person skilled in the art, based upon the disclosure and teaching of the present application, can implement the embodiments of the present invention without any additional efforts, further details regarding how to derive and use keys of various levels are omitted herein for not obscuring embodiments of the present invention unnecessarily with the prior art.
FIG. 4 is a schematic diagram of an apparatus 400 according to another embodiment of the present invention, which implements relevant steps of methods 200 and 300 as illustrated in FIGS. 2 and 3. The apparatus as illustrated in FIG. 4 is only an example of the electronic devices in which the present invention is implemented. In certain embodiments, the apparatus as illustrated in FIG. 4 may be a personal digital assistant (PDA), a mobile phone, an electronic card reader, a sensor device, etc. As illustrated in FIG. 4, the apparatus 400 may comprise at least one processor 400, a keyboard 401, a codec circuitry 402, a microphone 403, an ear-piece 404, a radio interface circuitry 405, an antenna 406, at least one memory 407 storing computer program code, an infrared port 408, a display 409, a smart card 410 (e.g., an USIM card according to embodiments of the present invention), and a card reader 411. Individual circuits and elements are all of a type well known in the art and some of them are omitted herein so as not to obscuring embodiments of the present invention unnecessarily. As illustrated in FIG. 4, the memory 407 and the computer program code as stored therein are configured to cause the processor 400 to perform relevant steps in methods 200 and 300 as described in connection with FIGS. 2 and 3.
In addition, exemplary embodiments of the present invention have been described above with reference to block diagrams and flowchart illustrations of methods, apparatuses (i.e., systems). It should be understood that each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by various means including computer program instructions. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks.
The foregoing computer program instructions can be, for example, sub-routines and/or functions. A computer program product in one embodiment of the invention comprises at least one computer readable storage medium, on which the foregoing computer program instructions are stored. The computer readable storage medium can be, for example, an optical compact disk or an electronic memory device like a RAM (random access memory) or a ROM (read only memory).
Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these embodiments of the invention pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the embodiments of the invention are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (18)

The invention claimed is:
1. A method, comprising:
initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure;
performing mutual authentication between the master device and the authentication entity based upon the shared group key;
performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and
in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.
2. The method as recited in claim 1, wherein the master device is selected by an owner of the group of devices, owner of the master device or a network operator.
3. The method as recited in claim 1, wherein a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
4. The method as recited in claim 1, wherein the performing mutual authentication is based upon a challenge-response authentication procedure.
5. The method as recited in claim 1, further comprising:
sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure.
6. The method as recited in claim 1, further comprising:
generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.
7. The method as recited in claim 6, wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
8. The method as recited in claim 7, wherein the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.
9. An apparatus, comprising:
at least one processor, and
at least one memory including computer program code,
the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform:
initiating, by the apparatus in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure;
performing mutual authentication between the apparatus and the authentication entity based upon the shared group key;
performing mutual authentication between the authenticated apparatus and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and
in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.
10. The apparatus as recited in claim 9, wherein the apparatus is selected by an owner of the group of devices, owner of the apparatus or a network operator.
11. The apparatus as recited in claim 9, wherein a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.
12. The apparatus as recited in claim 9, wherein the performing mutual authentication is based upon a challenge-response authentication procedure.
13. The apparatus as recited in claim 9, wherein the apparatus is further caused to perform:
sending to the authentication entity a message regarding results of the group authentication and key agreement procedure.
14. The apparatus as recited in claim 9, wherein the apparatus is further caused to perform:
generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.
15. The apparatus as recited in claim 14, wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.
16. The apparatus as recited in claim 15, wherein the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.
17. The apparatus as recited in claim 9, wherein the apparatus is a master device for a group of devices.
18. A non-transitory computer readable medium storing a program of instructions, execution of which by at least one processor configures an apparatus to perform at least:
initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure;
performing mutual authentication between the master device and the authentication entity based upon the shared group key;
performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and
in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.
US14/119,665 2011-05-26 2011-05-26 Performing a group authentication and key agreement procedure Active US9270672B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/074693 WO2012159272A1 (en) 2011-05-26 2011-05-26 Performing a group authentication and key agreement procedure

Publications (2)

Publication Number Publication Date
US20140075509A1 US20140075509A1 (en) 2014-03-13
US9270672B2 true US9270672B2 (en) 2016-02-23

Family

ID=47216530

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/119,665 Active US9270672B2 (en) 2011-05-26 2011-05-26 Performing a group authentication and key agreement procedure

Country Status (4)

Country Link
US (1) US9270672B2 (en)
EP (1) EP2716093A4 (en)
CN (1) CN103688563A (en)
WO (1) WO2012159272A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180115539A1 (en) * 2016-10-26 2018-04-26 Futurewei Technologies, Inc. System and Method for Massive loT Group Authentication
NL2031140A (en) 2021-03-02 2022-12-14 Univ Istanbul Teknik A method for creating a group key

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013113162A1 (en) * 2012-02-02 2013-08-08 Nokia Siemens Networks Oy Group based bootstrapping in machine type communication
EP2944107A2 (en) * 2013-01-10 2015-11-18 NEC Corporation GROUP AUTHENTICATION IN BROADCASTING FOR MTC GROUP OF UEs
JP6165483B2 (en) * 2013-03-27 2017-07-19 株式会社Nttドコモ COMMUNICATION SYSTEM, RELAY DEVICE, AND COMMUNICATION METHOD
EP3576447A1 (en) * 2013-06-28 2019-12-04 NEC Corporation Security for prose group communication
EP3025404B1 (en) * 2013-07-23 2021-06-23 Nokia Technologies Oy Methods, apparatuses and computer program products of secure charging for device-to-device service
US11570161B2 (en) * 2013-07-31 2023-01-31 Nec Corporation Devices and method for MTC group key management
CN104661171B (en) * 2013-11-25 2020-02-28 中兴通讯股份有限公司 Small data secure transmission method and system for MTC (machine type communication) equipment group
JP6254675B2 (en) * 2014-02-18 2017-12-27 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Authentication method and authentication system
US10756804B2 (en) * 2014-05-08 2020-08-25 Apple Inc. Lawful intercept reporting in wireless networks using public safety relays
US9992670B2 (en) * 2014-08-12 2018-06-05 Vodafone Ip Licensing Limited Machine-to-machine cellular communication security
CN105792095A (en) * 2014-12-23 2016-07-20 中兴通讯股份有限公司 Secret key negotiation method and system for MTC (Machine Type Communication) packet communication and network entity
WO2016132718A1 (en) * 2015-02-16 2016-08-25 日本電気株式会社 Communication system, communication terminal, authentication method and non-transitory computer-readable medium storing program for same
CN106034027A (en) * 2015-03-12 2016-10-19 中兴通讯股份有限公司 Method and system for realizing packet authentication
KR101675088B1 (en) 2015-04-30 2016-11-10 성균관대학교산학협력단 Mutual authentication method and system with network in machine type communication
JPWO2016181586A1 (en) * 2015-05-08 2018-02-22 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Authentication method and authentication system
CN106209802A (en) * 2016-06-30 2016-12-07 全球能源互联网研究院 A kind of electric power 4G network security certification based on group policy and cryptographic key negotiation method
CN107579826B (en) 2016-07-04 2022-07-22 华为技术有限公司 Network authentication method, transit node and related system
CN108616354B (en) * 2018-04-27 2021-10-26 北京信息科技大学 Key negotiation method and device in mobile communication
CN109873801B (en) 2018-12-12 2020-07-24 阿里巴巴集团控股有限公司 Method, device, storage medium and computing equipment for establishing trusted channel between user and trusted computing cluster
CN109861980B (en) 2018-12-29 2020-08-04 阿里巴巴集团控股有限公司 Method, device, storage medium and computing equipment for establishing trusted computing cluster
JP7124975B2 (en) * 2019-04-08 2022-08-24 日本電気株式会社 Procedures for providing integrity protection for UE parameters during UE configuration update procedures
RS66015B1 (en) * 2022-05-25 2024-10-31 Gurulogic Microsystems Oy Methods and arrangements for enabling secure digital communications among a group

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050187966A1 (en) * 2004-02-23 2005-08-25 Sony Corporation Data communicating apparatus, data communicating method, and program
CN101106449A (en) 2006-07-13 2008-01-16 华为技术有限公司 System and method for realizing multi-party communication security
JP2009027513A (en) 2007-07-20 2009-02-05 National Institute Of Information & Communication Technology Authentication system, authentication method, and program
CN101399661A (en) 2007-09-27 2009-04-01 华为技术有限公司 Legal neighbor authentication method and device in group key management
WO2010117310A1 (en) 2009-04-07 2010-10-14 Telefonaktiebolaget L M Ericsson (Publ) Attaching a sensor to a wsan
CN102143491A (en) 2010-01-29 2011-08-03 华为技术有限公司 MTC (machine type communication) equipment authentication method, MTC gateway and relevant equipment
CN102215474A (en) 2010-04-12 2011-10-12 华为技术有限公司 Method and device for carrying out authentication on communication equipment

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050187966A1 (en) * 2004-02-23 2005-08-25 Sony Corporation Data communicating apparatus, data communicating method, and program
US7620824B2 (en) * 2004-02-23 2009-11-17 Sony Corporation Data communicating apparatus, data communicating method, and program
CN101106449A (en) 2006-07-13 2008-01-16 华为技术有限公司 System and method for realizing multi-party communication security
US8209532B2 (en) * 2006-07-13 2012-06-26 Huawei Technologies Co., Ltd System and method for implementing security of multi-party-communication
JP2009027513A (en) 2007-07-20 2009-02-05 National Institute Of Information & Communication Technology Authentication system, authentication method, and program
CN101399661A (en) 2007-09-27 2009-04-01 华为技术有限公司 Legal neighbor authentication method and device in group key management
US20100185850A1 (en) * 2007-09-27 2010-07-22 Ya Liu Method and device for authenticating legal neighbor in group key management
WO2010117310A1 (en) 2009-04-07 2010-10-14 Telefonaktiebolaget L M Ericsson (Publ) Attaching a sensor to a wsan
US20120023564A1 (en) * 2009-04-07 2012-01-26 Telefonaktiebolaget L M Ericsson (Publ) Attaching a sensor to a wsan
CN102143491A (en) 2010-01-29 2011-08-03 华为技术有限公司 MTC (machine type communication) equipment authentication method, MTC gateway and relevant equipment
EP2530963A1 (en) 2010-01-29 2012-12-05 Huawei Technologies Co., Ltd. Authentication method for machine type communication device, machine type communication gateway and related devices
CN102215474A (en) 2010-04-12 2011-10-12 华为技术有限公司 Method and device for carrying out authentication on communication equipment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 10)", 3GPP TS 33.401 V10.0.0, Mar. 2011, 113 pgs.
"MTC group based authentication, Huawei, 3GPP TSG-SA3(Security)", S3-101276, Nov. 2010, 2 pgs.
"Solution-MTC group based authentication, Huawei, 3GPP TSG-SA3(Security)", S3-110076, Jan. 2011, 2 pgs.
International Search Report received for corresponding Patent Cooperation Treaty Application No. PCT/CN2011/074693, dated Mar. 8, 2012, 3 pages.

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180115539A1 (en) * 2016-10-26 2018-04-26 Futurewei Technologies, Inc. System and Method for Massive loT Group Authentication
US10887295B2 (en) * 2016-10-26 2021-01-05 Futurewei Technologies, Inc. System and method for massive IoT group authentication
NL2031140A (en) 2021-03-02 2022-12-14 Univ Istanbul Teknik A method for creating a group key

Also Published As

Publication number Publication date
WO2012159272A1 (en) 2012-11-29
EP2716093A4 (en) 2015-04-08
CN103688563A (en) 2014-03-26
US20140075509A1 (en) 2014-03-13
EP2716093A1 (en) 2014-04-09

Similar Documents

Publication Publication Date Title
US9270672B2 (en) Performing a group authentication and key agreement procedure
US11863982B2 (en) Subscriber identity privacy protection against fake base stations
US10849191B2 (en) Unified authentication for heterogeneous networks
CN101931955B (en) Authentication method, device and system
KR102112542B1 (en) Method and system for generating session key using Diffie-Hellman procedure
US9467431B2 (en) Application specific master key selection in evolved networks
US11343673B2 (en) Enhanced aggregated re-authentication for wireless devices
EP3340690A1 (en) Access method, device and system for user equipment (ue)
EP2854329B1 (en) Method, system, and device for securely establishing wireless local area network
US20110312301A1 (en) Authenticity Verification of Authentication Messages
El Idrissi et al. Security analysis of 3GPP (LTE)—WLAN interworking and a new local authentication method based on EAP-AKA
WO2012174959A1 (en) Group authentication method, system and gateway in machine-to-machine communication
CN101951590B (en) Authentication method, device and system
CN109788480B (en) Communication method and device
AU2017313215B2 (en) Authentication server of a cellular telecommunication network and corresponding UICC
US20210297400A1 (en) Secured Authenticated Communication between an Initiator and a Responder
US20170223531A1 (en) Authentication in a wireless communications network
US12231586B2 (en) UE challenge to a network before authentication procedure
KR101431214B1 (en) Mutual authentication method and system with network in machine type communication, key distribution method and system, and uicc and device pair authentication method and system in machine type communication
WO2025177147A1 (en) Authentication between user equipment and network using a hybrid key exchange
WO2007124657A1 (en) A method, system and device for authenticating

Legal Events

Date Code Title Description
AS Assignment

Owner name: NOKIA CORPORATION, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HOLTMANNS, SILKE;ZHANG, DAJIANG;SIGNING DATES FROM 20131121 TO 20131122;REEL/FRAME:031660/0559

AS Assignment

Owner name: NOKIA TECHNOLOGIES OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NOKIA CORPORATION;REEL/FRAME:035414/0601

Effective date: 20150116

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: OMEGA CREDIT OPPORTUNITIES MASTER FUND, LP, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:WSOU INVESTMENTS, LLC;REEL/FRAME:043966/0574

Effective date: 20170822

Owner name: OMEGA CREDIT OPPORTUNITIES MASTER FUND, LP, NEW YO

Free format text: SECURITY INTEREST;ASSIGNOR:WSOU INVESTMENTS, LLC;REEL/FRAME:043966/0574

Effective date: 20170822

AS Assignment

Owner name: WSOU INVESTMENTS, LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NOKIA TECHNOLOGIES OY;REEL/FRAME:043953/0822

Effective date: 20170722

AS Assignment

Owner name: BP FUNDING TRUST, SERIES SPL-VI, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:WSOU INVESTMENTS, LLC;REEL/FRAME:049235/0068

Effective date: 20190516

AS Assignment

Owner name: WSOU INVESTMENTS, LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:OCO OPPORTUNITIES MASTER FUND, L.P. (F/K/A OMEGA CREDIT OPPORTUNITIES MASTER FUND LP;REEL/FRAME:049246/0405

Effective date: 20190516

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: OT WSOU TERRIER HOLDINGS, LLC, CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNOR:WSOU INVESTMENTS, LLC;REEL/FRAME:056990/0081

Effective date: 20210528

AS Assignment

Owner name: WSOU INVESTMENTS, LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:TERRIER SSC, LLC;REEL/FRAME:056526/0093

Effective date: 20210528

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FEPP Fee payment procedure

Free format text: 7.5 YR SURCHARGE - LATE PMT W/IN 6 MO, LARGE ENTITY (ORIGINAL EVENT CODE: M1555); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8