WO2000014895A2 - Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen - Google Patents
Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen Download PDFInfo
- Publication number
- WO2000014895A2 WO2000014895A2 PCT/DE1999/002836 DE9902836W WO0014895A2 WO 2000014895 A2 WO2000014895 A2 WO 2000014895A2 DE 9902836 W DE9902836 W DE 9902836W WO 0014895 A2 WO0014895 A2 WO 0014895A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile radio
- radio network
- sres
- sim
- rand
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the invention relates to a method for increasing the security of authentication methods in digital mobile radio systems according to the preamble of patent claim 1.
- Modern mobile radio networks include special security measures, which include protection against misuse of equipment by other than the authorized subscribers, as well as protection against possible eavesdropping on the radio interface.
- the security measures relate to the protection of the relationship between the mobile network and the authorized subscriber.
- Authentication of participants is intended to prevent a third party from faking the identity of an authorized participant. To do this, a subscriber must use the data and functions stored on his subscriber identity module (SIM) to compare himself to SIM.
- SIM subscriber identity module
- the mobile radio network uses special algorithms and a SIM-specific, secret key KI to determine an authentication result SRES and a temporary key KC from a random value RAND.
- the mobile network maintains a certain number of RAND / SRES / KC triplets. if a subscriber wants to log in, the mobile radio network sends a random number RAND to the subscriber identity module SIM.
- the SIM uses the same special algorithm and its SIM-specific, secret key KI to determine an associated SRES / KC pair and sends the determined SRES back to the mobile radio network.
- the mobile radio network compares the received SRES with the available SRES for agreement, whereby the subscriber is considered authenticated if the subscriber matches. The one calculated on both sides
- Key KC is used on both sides to encrypt the transmission.
- the method currently used offers the possibility of spying on the key KI in order to gain unauthorized access to the mobile radio network.
- the present invention is therefore based on the object of proposing a method for increasing the security of authentication methods in digital mobile radio systems, by means of which it is almost impossible to spy out the secret key. This object is achieved by the characterizing features of patent claim 1.
- the invention is based on the fact that several different secret, SIM-specific keys KI are kept in the mobile radio network and on the subscriber identity module, and a key is selected for performing the authentication from the plurality of kept secret keys during authentication between the subscriber identity module and the mobile radio network.
- Another important advantage of this method is that a change in the interfaces of the mobile radio network, in particular the air interface, is not necessary, and likewise no changes need to be made in the end devices. Only local software changes to individual network components of the mobile radio network and to the SIM are required, which can be carried out with little effort and almost without additional costs.
- the key KI used is advantageously selected by the SIM at random.
- the mobile radio network uses special algorithms, specifying a random number RAND for each SIM-specific key KI of a subscriber, to determine an SRES / KC pair and forms the so-called RAND / SRES / KC triplets with the RAND used in each case. These triplets are held in the cellular network and can be called up for future authentication procedures.
- the mobile radio network sends a random value RAND of one of these triplets to the subscriber identity module SIM, the
- Subscriber identity module selects an available key on the basis of the transmitted RAND and calculates the associated values for the response SRES and the key KC on the basis of this selected key KI and sends the response SRES back to the mobile radio network.
- the mobile radio network will now advantageously use the KC belonging to the matching SRES to encrypt the transmission, the identical key KC being present in the SIM and also being used there to encrypt the transmission.
- FIG. 1 shows a simplified representation of an authentication procedure according to the inventive method.
- a number of secret keys KI must be stored for each subscriber in the mobile radio network and on the subscriber-specific SIM.
- the three possible keys KI 1, KI 2 and KI 3 are also stored in the subscriber identity module for subscriber X.
- the authentication procedure must first be carried out be as indicated in Figure 1.
- the subscriber identity module first sends the subscriber identity number IMSI to the mobile radio network via a corresponding terminal. If this IMSI is recognized as permissible, then the mobile radio network selects a random value, for example RAND 3, from the random values RAND held for subscriber X and sends it back to the subscriber identity module.
- the subscriber identity module selects one of the subscriber-specific, secret keys KI, for example KI 2, and calculates the associated SRES response and the key KC from the RAND 3 and the KI 2 received from the mobile radio network.
- the SRES response which was formed from the key KI 2 and the RAND 3, is sent back to the mobile radio network and compared there with the SRES value for KI 2 and RAND 3. If these SRES values match, the subscriber is considered authenticated and can log into the mobile network.
- the key KC on both sides is used to encrypt the data transmission during the newly established connection.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP99955670A EP1112666B1 (de) | 1998-09-07 | 1999-09-07 | Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen |
PL99347024A PL347024A1 (en) | 1998-09-07 | 1999-09-07 | Method for improving the security of authentication procedures in digital mobile radio telephone systems |
AU12592/00A AU1259200A (en) | 1998-09-07 | 1999-09-07 | Method for improving the security of authentication procedures in digital mobileradio telephone systems |
CA002343180A CA2343180C (en) | 1998-09-07 | 1999-09-07 | Method for improving the security of authentication procedures in digital mobile radio telephone systems |
US09/786,164 US6934531B1 (en) | 1998-09-07 | 1999-09-07 | Method for improving the security of authentication procedures in digital mobile radio telephone systems |
DE59914284T DE59914284D1 (de) | 1998-09-07 | 1999-09-07 | Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19840742A DE19840742B4 (de) | 1998-09-07 | 1998-09-07 | Verfahren zur Erhöhung der Sicherheit von Authentisierungsverfahren in digitalen Mobilfunksystemen |
DE19840742.4 | 1998-09-07 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2000014895A2 true WO2000014895A2 (de) | 2000-03-16 |
WO2000014895A3 WO2000014895A3 (de) | 2000-07-13 |
Family
ID=7880053
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE1999/002836 WO2000014895A2 (de) | 1998-09-07 | 1999-09-07 | Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen |
Country Status (9)
Country | Link |
---|---|
US (1) | US6934531B1 (de) |
EP (1) | EP1112666B1 (de) |
AT (1) | ATE358955T1 (de) |
AU (1) | AU1259200A (de) |
CA (1) | CA2343180C (de) |
CZ (1) | CZ299977B6 (de) |
DE (2) | DE19840742B4 (de) |
PL (1) | PL347024A1 (de) |
WO (1) | WO2000014895A2 (de) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2362543A (en) * | 2000-05-16 | 2001-11-21 | Sagem | Provision of a password to gain access to a computer network from a cellular telephone |
WO2006036521A1 (en) * | 2004-09-08 | 2006-04-06 | Qualcomm Incorporated | Bootstrapping authentication using distinguished random challenges |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10022014A1 (de) * | 2000-05-05 | 2001-11-08 | Kryptografics Gmbh | Verfahren und Vorrichtung zur Sicherung der Vertraulichkeit und Abhörsicherheit bei der Kommunikation zwischen Rechnernetzen |
DE10025271A1 (de) | 2000-05-22 | 2001-11-29 | Siemens Ag | Verfahren zum Aufbau einer Verbindung zwischen einem Endgerät und einem bedienenden Mobilfunknetz, Mobilfunknetz und Endgerät dafür |
FI111208B (fi) * | 2000-06-30 | 2003-06-13 | Nokia Corp | Datan salauksen järjestäminen langattomassa tietoliikennejärjestelmässä |
US7248896B2 (en) * | 2004-11-12 | 2007-07-24 | Spreadtrum Communications Corporation | Desktop cellular phone having SIM card-related security features |
US8850230B2 (en) * | 2008-01-14 | 2014-09-30 | Microsoft Corporation | Cloud-based movable-component binding |
EP2471291B1 (de) | 2009-08-25 | 2020-03-25 | Deutsche Telekom AG | Verfahren, Client und System zur Authentifizierung eines Clients mit niedriger Sicherheit und einem Clienten mit hoher Sicherheit in einem mobilen Radiofunknetz |
GB2486461B (en) * | 2010-12-15 | 2015-07-29 | Vodafone Ip Licensing Ltd | Key derivation |
US8887258B2 (en) * | 2011-08-09 | 2014-11-11 | Qualcomm Incorporated | Apparatus and method of binding a removable module to an access terminal |
US11438168B2 (en) * | 2018-04-05 | 2022-09-06 | T-Mobile Usa, Inc. | Authentication token request with referred application instance public key |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0506637A2 (de) * | 1991-03-29 | 1992-09-30 | Ericsson Inc. | Zellularsystem zur Verifizierung und zur Gültigkeitserklärung |
EP0653895A2 (de) * | 1993-11-12 | 1995-05-17 | Alcatel N.V. | Eine für Mobilfunkanwendungen geeignete Methode zur Authentifizierung einer Identität und Telefonapparat dafür |
US5661806A (en) * | 1994-03-29 | 1997-08-26 | France Telecom | Process of combined authentication of a telecommunication terminal and of a user module |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0673178B1 (de) * | 1994-03-17 | 2005-02-16 | Kokusai Denshin Denwa Co., Ltd | Authentifizierungsverfahren für mobile Kommunikation |
US5887251A (en) * | 1996-10-30 | 1999-03-23 | Ericsson Inc. | Authentication key management for mobile stations |
EP0840477B1 (de) * | 1996-10-31 | 2012-07-18 | Panasonic Corporation | Hochsicheres Verfahren zur geheimen Schlüsselübertragung mit Beschränkung des Schadens bei Bekanntwerden oder Dekodierung des geheimen Schlüssels |
JP4268690B2 (ja) * | 1997-03-26 | 2009-05-27 | ソニー株式会社 | 認証システムおよび方法、並びに認証方法 |
DE19718827C2 (de) * | 1997-05-05 | 2000-01-05 | Deutsche Telekom Mobil | Verfahren und Vorrichtung zum Authentisieren von Mobilfunkteilnehmern |
DE19756587C2 (de) * | 1997-12-18 | 2003-10-30 | Siemens Ag | Verfahren und Kommunikationssystem zur Verschlüsselung von Informationen für eine Funkübertragung und zur Authentifikation von Teilnehmern |
US6665529B1 (en) * | 1998-03-26 | 2003-12-16 | Ericsson Inc. | System and method for authenticating a cellular subscriber at registration |
DE19823532C2 (de) * | 1998-05-26 | 2003-08-21 | T Mobile Deutschland Gmbh | Verfahren zur Steuerung eines Teilnehmeridentitätsmoduls (SIM) in Mobilfunksystemen |
-
1998
- 1998-09-07 DE DE19840742A patent/DE19840742B4/de not_active Expired - Lifetime
-
1999
- 1999-09-07 WO PCT/DE1999/002836 patent/WO2000014895A2/de active IP Right Grant
- 1999-09-07 US US09/786,164 patent/US6934531B1/en not_active Expired - Lifetime
- 1999-09-07 CZ CZ20010810A patent/CZ299977B6/cs not_active IP Right Cessation
- 1999-09-07 AT AT99955670T patent/ATE358955T1/de active
- 1999-09-07 AU AU12592/00A patent/AU1259200A/en not_active Abandoned
- 1999-09-07 PL PL99347024A patent/PL347024A1/xx not_active Application Discontinuation
- 1999-09-07 DE DE59914284T patent/DE59914284D1/de not_active Expired - Lifetime
- 1999-09-07 EP EP99955670A patent/EP1112666B1/de not_active Expired - Lifetime
- 1999-09-07 CA CA002343180A patent/CA2343180C/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0506637A2 (de) * | 1991-03-29 | 1992-09-30 | Ericsson Inc. | Zellularsystem zur Verifizierung und zur Gültigkeitserklärung |
EP0653895A2 (de) * | 1993-11-12 | 1995-05-17 | Alcatel N.V. | Eine für Mobilfunkanwendungen geeignete Methode zur Authentifizierung einer Identität und Telefonapparat dafür |
US5661806A (en) * | 1994-03-29 | 1997-08-26 | France Telecom | Process of combined authentication of a telecommunication terminal and of a user module |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2362543A (en) * | 2000-05-16 | 2001-11-21 | Sagem | Provision of a password to gain access to a computer network from a cellular telephone |
GB2362543B (en) * | 2000-05-16 | 2003-12-03 | Sagem | Assembly of a cellular telephone and means for connection to a computer network |
WO2006036521A1 (en) * | 2004-09-08 | 2006-04-06 | Qualcomm Incorporated | Bootstrapping authentication using distinguished random challenges |
US8611536B2 (en) | 2004-09-08 | 2013-12-17 | Qualcomm Incorporated | Bootstrapping authentication using distinguished random challenges |
Also Published As
Publication number | Publication date |
---|---|
WO2000014895A3 (de) | 2000-07-13 |
DE59914284D1 (de) | 2007-05-16 |
EP1112666A2 (de) | 2001-07-04 |
DE19840742A1 (de) | 2000-03-09 |
PL347024A1 (en) | 2002-03-11 |
ATE358955T1 (de) | 2007-04-15 |
CZ299977B6 (cs) | 2009-01-14 |
US6934531B1 (en) | 2005-08-23 |
CZ2001810A3 (cs) | 2001-07-11 |
CA2343180C (en) | 2007-01-09 |
CA2343180A1 (en) | 2000-03-16 |
AU1259200A (en) | 2000-03-27 |
DE19840742B4 (de) | 2006-04-20 |
EP1112666B1 (de) | 2007-04-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE19722424C1 (de) | Verfahren zum Sichern eines Zugreifens auf ein fernab gelegenes System | |
DE602004003856T2 (de) | Verfahren und Vorrichtung zur Authentifizierung in einem Kommunikationssystem | |
DE69736384T2 (de) | Verwaltung von authentifizierungsschlüsseln in einem mobilen kommunikationssystem | |
DE69929574T2 (de) | Verfahren zur Sicherung einer Funkverbindung in einem drahtlosen System | |
DE69937322T2 (de) | Verfahren zum Aktualisieren von geheimen gemeinsam genutzten Daten in einem drahtlosen Kommunikationssystem | |
DE69914999T2 (de) | Verfahren zur Authentisierung und Absprache zwischen zwei Teilnehmern | |
DE69921039T2 (de) | Verfahren zur Erstellung eines Schlüssels unter Verwendung einer Funkkommunikation und eines Kennwortprotokolls | |
WO1990016124A1 (de) | Schlüsselverteilung in offenen kommunikationsnetzen unter berücksichtigung von sicherheitsabstufungen | |
DE4406602C2 (de) | Sicherheitssystem zum Identifizieren und Authentisieren von Kommunikationspartnern | |
DE19718827C2 (de) | Verfahren und Vorrichtung zum Authentisieren von Mobilfunkteilnehmern | |
DE60129311T2 (de) | Teilnehmerauthentifizierung | |
EP2443853A1 (de) | Verfahren zum einbuchen eines mobilfunkgeräts in ein mobilfunknetz | |
EP1290905B1 (de) | Verfahren zur kryptografischen identifikation einer physikalischen einheit in einem drahtlosen telekommunikationsnetzwerk | |
EP1449324A1 (de) | Nutzung eines public-key-schlüsselpaares im endgerät zur authentisierung und autorisierung des telekommunikations-teilnehmers gegenüber dem netzbetreiber und geschäftspartnern | |
EP0995288B1 (de) | Verfahren und vorrichtung zur gegenseitigen authentisierung von komponenten in einem netz mit dem challenge-response-verfahren | |
WO1998048389A2 (de) | Verfahren zur gegenseitigen authentifizierung zweier einheiten | |
EP1112666B1 (de) | Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen | |
DE3410937C2 (de) | ||
DE3922642C2 (de) | ||
DE69801096T2 (de) | Leistungsfähige Benutzung von Wählziffern zur Erzeugung eines Telefonrufs | |
DE10200041B4 (de) | Authentifizierungssystem und -verfahren zwischen zwei Kommunikationseinheiten | |
DE102005003208A1 (de) | Authentisierung eines Benutzers | |
EP0756410A2 (de) | Verfahren zur Authentisierung von Fernsprechdienste-Benutzern | |
DE102012009128A1 (de) | Verfahren zur Kommunikation zwischen einem mobilen Endgerät und einem Gerät der Gebäudesystemtechnik oder der Türkommunikation | |
EP1955515A1 (de) | Erzeugung von identitäten von klienten in einem kommunikationssystem |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref country code: AU Ref document number: 2000 12592 Kind code of ref document: A Format of ref document f/p: F |
|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CZ DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CZ DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: PV2001-810 Country of ref document: CZ |
|
ENP | Entry into the national phase |
Ref document number: 2343180 Country of ref document: CA Ref country code: CA Ref document number: 2343180 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1999955670 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09786164 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1999955670 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: PV2001-810 Country of ref document: CZ |
|
WWG | Wipo information: grant in national office |
Ref document number: 1999955670 Country of ref document: EP |