WO2001078306A1 - Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification - Google Patents

Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification Download PDF

Info

Publication number
WO2001078306A1
WO2001078306A1 PCT/EP2000/003093 EP0003093W WO0178306A1 WO 2001078306 A1 WO2001078306 A1 WO 2001078306A1 EP 0003093 W EP0003093 W EP 0003093W WO 0178306 A1 WO0178306 A1 WO 0178306A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
sequence number
value
general information
user
Prior art date
Application number
PCT/EP2000/003093
Other languages
English (en)
Inventor
Valtteri Niemi
Shreekanth Lakshmeshwar
Tero Kovanen
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to CA002402934A priority Critical patent/CA2402934C/fr
Priority to EP00925175A priority patent/EP1273126A1/fr
Priority to PCT/EP2000/003093 priority patent/WO2001078306A1/fr
Priority to JP2001575043A priority patent/JP3701913B2/ja
Priority to AU43984/00A priority patent/AU4398400A/en
Publication of WO2001078306A1 publication Critical patent/WO2001078306A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the invention relates to a method and system for performing an authentication, and to a method for generating a sequence number to be used for authentication.
  • Section 6 "Authentication and key agreement” deals with a method and system for performing an authentication between a mobile station (MS) and a network, ⁇ wherein a serving network (SN) having a visitor location register (VLR) (or other support node like SGSN which is serving GPRS support node) is sending an authentication data request, to an home environment (HE) having a home location register (HLR) which responds by sending back an authentication data response comprising a batch of authentication vectors.
  • SN serving network
  • VLR visitor location register
  • HLR home location register
  • the serving network (SN) For performing an authentication between the serving network (SN) and the mobile station (MS), the serving network (SN) is sending a user authentication request which contains a random number and an authentication information (authentication token) generated based on a sequence number which is formed in the home environment according to a below defined strategy.
  • the mooile station verifies the received authentication information, thus authenticating the network, and computes an answer which is sent back to the serving network and compared therein with an expected answer. If the received response corresponds to the expected response, the subscriber authentication is successfully performed, and keys internally generated in the mobile station and the serving network depending on a secret key are used for ciphering and integrity purposes .
  • Annex C of the above-mentioned document 3G TS 33.102 V3.3.1 describes the manner of generating sequence numbers in the authentication centre. These sequence numbers are used for generating the authentication vectors in the authentication centre and are stored in individual counters (one counter per user) .
  • a global counter e.g. a clock giving universal time.
  • the home environment retrieves the user-specific value of the counter from the database and creates a new sequence number based on a predefined strategy.
  • the user-specific counter is reset to the new sequence number, i.e. the new sequence number is stored in the database.
  • Each generation of sequence number is therefore accompanied by corresponding writing accesses to the database.
  • These database writing operations require time and CPU capacity.
  • GSM Global System for Mobile Telecommunication
  • UMTS Universal Mobile Telecommunications System
  • sequence numbers used for authentication should be individual ones because of re- synchronisation, and should therefore be stored after every authentication vector generation. This writing causes a high database load and may also decrease the reliability of the database .
  • a sequence number is used in the authentication centre (AuC) when an authentication vector, or a batch of authentication vectors, is generated.
  • the USIM User Service Identity Module
  • the USIM sends a re- synchronisation message to the authentication centre together with a new sequence number.
  • the authentication centre checks if re-synchronisation is necessary, and, if yes, authenticates the USIM and re-synchronises the sequence number. This re- synchronisation means that the sequence number stored in the authentication centre is reset to the sequence number received from the USIM.
  • the invention provides a solution to the above described problem of high amount of database writing operations, and describes a new mechanism for generating sequence numbers usable for authentication purpose.
  • the invention provides a method and system for performing an authentication wherein a sequence number is used for generating an authentication information transmitted to the user equipment for authentication purpose.
  • the authentication may be performed between any two or more entities requiring or requesting an identity check.
  • the authentication may be performed between an user equipment and a network entity of a communication network
  • the sequence number is generated on the basis of a general information which changes in a defined manner, and a value stored in a memory.
  • the value preferably, but not necessarily is a user-specific value, and will be used several times for generating several different sequence numbers.
  • the value is preferably calculated based on the difference between a previously used sequence number and the general information .
  • the general information may be derived from an standardized, for instance international or global, parameter such as a global counter counting a universal time (global clock) .
  • the user-specific value is changed only in a re- synchronisation procedure so that the database writing operations are reduced to a minimum.
  • the re-synchronisation procedure may be effected when the difference between the user- specific value and the general information exceeds a certain limit, or when the previously used sequence number is higher than ne general information, or when the sequence number received by the MS is not m acceptable range.
  • the previously used sequence number may be stored in a storage (e.g. a chip or disk memory) of the user equipment, and may be compared with an actually received sequence number for deciding on the necessity of a re-synchronisation procedure.
  • a storage e.g. a chip or disk memory
  • a preferred easy and swift manner of generating the sequence number is to add the user-specific value to the general information .
  • an index number may be concatenated to the sequence number for forming a batch of different authentication vectors.
  • index numbers are generated consecutive sequence numbers for forming a batch of different authentication vectors.
  • the initial values of the user-specific values may be originally set to zero but are preferably individually set.
  • the invention provides a method and system for generating sequence numbers usable for performing an authentication e.g. between an user equipment and a network entity of a communication network.
  • the sequence numbers are generated on the basis of a general information which changes in a defined manner, and a value stored in a memory. The value will be used several times for generating several different sequence numbers.
  • the described mechanism for generating sequence numbers is usable for authentication purpose and eventually also for key agreement .
  • the invention is applicable to any system in which a sequence- numbei -based authentication scheme is used, and a possibility for re-synchrom sation may be provided, and may for instance be used in an UMTS system..
  • the invention reduces the amount of writing operations of the database storing the information for generating the sequence number (s) significantly. This also leads to a corresponding decrease of the processor load handling the writing operations, and of the necessary performance time. In addition, the reliability of the database and of the system is increased.
  • Fig. 1 shows a basic structure of a system according to one embodiment of the invention
  • Fig. 2 illustrates the generation of authentication vectors in an authentication centre and shows details of generation of authentication information and of the authentication vectors using a sequence number SQN;
  • Fig. 3 shows the processes of authentication and key agreement performed between a mobile station, a serving network, and an home environment, and illustrates the basic concept of handling of authentication requests and responses;
  • Fig. 4 illustrates the user authentication function performed in the mobile station and shows details of the generation of a response and further data in a mobile station
  • Fig. 5 illustrates the generation of an authentication response by the mobile station and shows details of construction of a parameter AUTS sent from the user equipment (mobile station) to the network for requesting a re-synchronisation ;
  • Fig. 6 illustrates the re-synchronisation mechanism and shows the message transmission between a user equipment, a serving network, and an authentication centre of a home network (home location register) .
  • FIG. 1 shows a basic structure of an embodiment of a system according to the invention.
  • a mobile station (MS) 1 may be or comprise any type of user equipment such as a mobile phone, a 5 terminal, data equipment or the like.
  • the MS 1 is equipped or co-operates with a memory 2 storing a user-specific sequence number SQN USIM .
  • the mobile station 1 communicates with a serving network SN 3 having a . visitor location register VLR (or some other support node like SGSN) .
  • the serving network 3 communicates, as indicated by a double-headed arrow, with a home environment or home network 4 having a home location register, an authentication centre AuC not separately shown, and the like.
  • the home environment HE 4 may be or comprise any type of user equipment such as a mobile phone, a 5 terminal, data equipment or the like.
  • the MS 1 is equipped or co-operates with a memory 2 storing a user-specific sequence number SQN USIM .
  • the mobile station 1 communicates
  • -.-> is equipped with a database or storage 5 which stores, for each user registered in the home environment and/or the home location register, an individual user-specific information D.
  • the home environment 4 is equipped with a global 30 counter 6 which here is a global clock (universal time) GLC, and a sequence number calculating section 7.
  • GLC global clock (universal time) GLC
  • the described method and system use a global sequence number SQN G C which is calculated or derived from the global clock GLC (counter 6) and a subscriber-specific difference D (store ⁇ in memory of the authentication centre) to the global sequence number
  • the S N is generated by using the global clock (GLC) .
  • the actual value of SQN G - is, in this embodiment, the time gap from an initial time point (e.g. 01.01.2000, 00:00.00) to the current time.
  • the rate of the GLC counter 6 is defined in such a manner that SQN GLC or any other SQN will not wrap around. If, for example, the clock rate of the global clock is one second, a 32-bit counter wraps around only in about 136 years and will thus not provide any problems.
  • the SQN GLC IS calculated in the following way: SQN GLC GLC now - GLC I ⁇ IT- GLC N o IS tne actual giooal rime, GLC INIT is the initial time.
  • Every subscriber has an individual value D.
  • This value D is the difference between a previously used sequence number SQN which is stored m memory 2 of mobile station 1, i.e. in the USIM thereof (SQN USIM ) , and the SQN GLC .
  • SQN USIM previously used sequence number
  • D may be set to 0, and will be changed in a re- synchronisation process only. It is also possible to set the initial values of D individually. This is an useful option if the sequence numbers are preferred to be individually distinguished from user to user, or at least from some user groups to some user groups.
  • the parameter D may have a positive or negative value, and is stored in the authentication database (memory 5) . The value of D is changed only in a re- synchronisation procedure.
  • a re-synchronisation is performed only when the value SQNusiy stored in memory 2 is bigger than SQN, or when SQN U ⁇ IM is much smalle- than the actually generated SQN, i.e. SQN - SQN us ⁇ > X wherein X stands for a threshold value which preferably is rather large such as about, e.g., 1,700,000 (which approximately corresponds to the number of seconds contained in a time period of twenty days) .
  • the threshold value can also be set to smaller or even larger values, and will also depend on the clock rate (in the above example, a clock rate of one second has been assumed) . In any case, the threshold should be selected in such a manner that a re-synchronisation is occurring only very rarely m a normal situation.
  • the final sequence number SQN which the authentication centre calculates (in section 7) and sends to the USIM of MS 1 via SN/VLR 3, for authentication and key agreement, is calculated in the following way:
  • the index IND is concatenated to the end of the sequence number, i.e. is added as the final least significant bits of the sequence number.
  • the index IND is used to indicate the index of the authentication vectors in a set (batch) . In one set there can be, for instance, one to five authentication vectors, i.e. the index IND is running from one to five.
  • SQN may be calculated in the following manner:
  • SQN SQN GLC + D + X, with ⁇ having consecutive values from 1 to 5 when a set of authentication vectors comprises up to five authentication vectors.
  • the system ensures that no further batches of authentication vectors are delivered for the same subscriber during a short time interval. If, for instance, the clock unit is one second, and the batch size is five, this forbidden interval is five seconds. Hence, batches of authentication vector for a user (USIM) are generated with a time interval of at least five seconds. Otherwise, when not providing such a forbidden time interval, there is a possibility that two authentication vectors will be generated having the same sequence number which might lead to an individual authentication failure.
  • a writing operation for writing to the authentication database (storage 5) is necessary only when a re-synchronisation of the sequence number is requested.
  • the user- specific value of D will simply be read from the storage 5 and added to the global sequence number SQN GL c calculated from the actual time. Using this mechanism, there is no need to store the calculated sequence number SQN in the authentication centre (storage 5 ) .
  • Fig. 2 illustrates the generation of authentication vectors by the home environment HE such as the home network comprising an authentication centre and a home location register (HE/HLR 4 in Fig. 1) .
  • the authentication centre of the home environment 4 starts, for generating one or several authentication vectors AV, with the generation of a fresh sequence number SQN ("Generate SQN") in the above discussed manner, and an unpredictable challenge RAND (“Generate RAND”) which may be a randomly selected or generated number.
  • SQN fresh sequence number
  • RAND unpredictable challenge RAND
  • the authentication centre of the home environment does no longer need to keep track of a counter counting a specific count value for each user.
  • the authentication centre merely needs the user-specific information D stored in memory 5 for generating a plurality of sequence numbers SQN.
  • sequence number SQN is preferably generated in such a way that it does not expose the identity and location of the user.
  • an anonymity key AK may be used to conceal it.
  • sequence number generation mechanism allows protection against wrap around in a USIM, i.e. the sequence number is long enough and only relatively small jumps ahead are acceptable.
  • An authentication and key management field AMF is generated in a manner known per se, and is included in the authentication token AUTN of each authentication vector.
  • Example uses of the AMF field are given in the above cited document.
  • K represents, as known, a long-term secret key shared between the USIM and the authentication centre.
  • the concealment of the sequence number is to protect against passive attacks. If no concealment is necessary, no anonymity key AK is generated, and the authentication token AUTN contains the sequence number SQN in unchanged form.
  • AUTN SQN ® AK
  • MAC authentication token
  • an authentication vector AV (or a set of AVs) is generated as indicated in Fig. 2:
  • Fig. 3 illustrates the information flow for authentication and key agreement.
  • the method is chosen in such a way as to achieve maximum compatibility with the current GSM (Global System for Mobile Telecommunication) security architecture and facilitate migration from GSM to UMTS (or any other network type such as packet-switched system GPRS (General Packet Radio Service)).
  • the method is composed of a challenge/response protocol identical to the GSM subscriber authentication and key establishment protocol combined with a sequence number-based one-pass protocol for network authentication.
  • the authentication centre of the home environment HE 4 Upon receipt of an "authentication data request" from a serving network or a support node (such as a serving GPRS support node SGSN) initiated by the visitor location register VLR for instance, the authentication centre of the home environment HE 4 generates authentication vectors AV (l...n) in the above described manner, and sends an ordered array of n authentication vectors (the equivalent of a GSM "triplet") to the SN/VLR 3 ("Authentication data response AV(l...n)".
  • a serving network or a support node such as a serving GPRS support node SGSN
  • Each authentication vector AV consists of the components shown in Fig. 2. Each authentication vector is good for one authentication and key agreement between the serving network SN 3 (for instance the VLR or SGSN) and the USIM or other authentication equipment of the mobile station MS 1. 0
  • the SN/VLR 3 When the SN/VLR 3 initiates an authentication and key agreement, it selects the next authentication vector AV( ⁇ ) from the stored array and sends the parameters RAND and AUTN to the user as shown in Fig. 3.
  • the USIM checks whether AUTN can be 5 accepted (“Verify AUTN( ⁇ )”) and, if so, produces a response RES ("Compute RES( ⁇ )") which is sent back to the SN/VLR 3 as "User authentication response”.
  • the MS 1 furthermore computes CK( ⁇ ) and IK( ⁇ ).
  • the SN/VLR 3 (or any VLR/SGSN serving for authentication purpose) compares the received response RES with 0 XRES. If they match, the VLR/SGSN 3 considers the authentication and key agreement exchange to be successfully completed.
  • the established keys CK and IK will then be transferred by the USIM and the VLR/SGSN 3 to the entities which performs ciphering and integrity functions.
  • Fig. 4 shows details of the user authentication function performed in the mobile station, e.g. in the USIM thereof.
  • the mobile station 1, e.g. the USIM thereof, that the receive ⁇ sequence number SQN is in the correct range. If the user considers the sequence number not to be in the correct range, he sends a "Synchronisation failure" message back to SN/VLR 3 including an appropriate parameter AUTS as shown m Figs. 5 and 6, and abandons the procedure.
  • SN/VLR 3 including an appropriate parameter AUTS as shown m Figs. 5 and 6, and abandons the procedure.
  • AUTS SQN MS ® AK
  • MACS f1 * ⁇ ( SQN MS
  • AMF message authentication code
  • RAND is the random value received in the current user authentication request
  • fl* is a message authentication code (MAC) function with the property that no valuable information can be inferred from the function values of fl* aoout tnose of fi, ..., f5 and vice-versa.
  • MAC message authentication code
  • the sequence number generation mechanism is adapted to allow a re-synchronisation procedure in the home environment as described below.
  • Fig. 6 illustrates the re-synchronisation procedure which is performed when the sequence number SQN contained in the authentication vector is either smaller than SQN USIM stored in memory 2 or is much larger than SQN USIM - This situation will normally occur only in rare cases so that a re-synchronisation procedure will be performed only rarely.
  • the serving network SN 3 in charge of the visitor location register, or any support node handling the connections, may send two types of "authentication data requests" to the authentication centre of the home network (HE 4), i.e. the regular one shown in Fig. 1, and one used in case of synchronisation failures which is described below.
  • HE 4 authentication centre of the home network
  • the serving network Upon receiving a synchronisation failure message containing AUTS from the user (MS 1), the serving network sends an
  • the authentication centre resets the value of D to the new value calculated in step 2 and stores this new value of D 0 in memory 5;
  • the authentication centre of the home network 4 (HLR/AuC) sends an authentication data response with a new batch of authentication vectors ⁇ QiSymbol 125 ⁇ f "Symbol" ⁇ s 12 to tne VLR or SGSN of the serving network 3. 5
  • the mobile station 1 may be adapted to perform the calculation of D according to the above equation (SQN USIM - SQN GLG ) if it has access to a global clock counter, and to send back this value of D (possibly concealed) instead of SQN USI when requesting a re-synchronisation procedure.
  • the authentication centre of the home network will then store this value D in its storage 5.
  • the mobile station 1 When first receiving a SQN value from the home environment 4 (via the serving network 3) , the mobile station 1 may be adapted to store this received SQN value in memory 2 as "SQN U IM " .
  • the system may also be adapted to use a predetermined sequence number as "SQN USIM " which will be stored in the memory 2 and be used in the calculation section 7 for calculating D.
  • the serving network 3 having a visitor location register as shown in Fig. 1 can be any serving module handling the communication between the mobile station 1 and the home network 4, i.e. can be an interrogating network, a mobile switching centre (or the VLR thereof) as shown in Fig. 6, or any support node such as an SGSN .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé et un système permettant d'exécuter une authentification, de préférence, entre un équipement utilisateur et une entité de réseau d'un réseau de communication; lequel procédé consiste à utiliser des numéros de séquence pour produire des informations d'authentification qui peuvent être transmises à l'équipement utilisateur à des fins d'authentification. Ces numéros de séquence sont produits à partir d'informations générales changeant de manière définie, telles qu'une horloge globale, et une valeur stockée dans une base de données. Afin de réduire le nombre d'opérations d'écriture dans une base de données, la valeur est utilisées plusieurs fois de manière à produire une multitude de numéros de séquence différents. La valeur propre à l'utilisateur peut être calculée à partir de la différence entre un numéro de séquence précédemment utilisé ou prédéterminé et les informations générales, et elle est modifiée uniquement dans une procédure de re-synchronisation. Une telle procédure de re-synchronisation peut être exécutée lorsque la différence susmentionnée dépasse une certaine limite, ou lorsque le numéro de séquence précédemment utilisé ou prédéterminé est plus élevé que les informations générales.
PCT/EP2000/003093 2000-04-06 2000-04-06 Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification WO2001078306A1 (fr)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CA002402934A CA2402934C (fr) 2000-04-06 2000-04-06 Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification
EP00925175A EP1273126A1 (fr) 2000-04-06 2000-04-06 Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification
PCT/EP2000/003093 WO2001078306A1 (fr) 2000-04-06 2000-04-06 Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification
JP2001575043A JP3701913B2 (ja) 2000-04-06 2000-04-06 認証に使用されるシーケンス番号を発生する方法及びシステム
AU43984/00A AU4398400A (en) 2000-04-06 2000-04-06 Method and system for generating a sequence number to be used for authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2000/003093 WO2001078306A1 (fr) 2000-04-06 2000-04-06 Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification

Publications (1)

Publication Number Publication Date
WO2001078306A1 true WO2001078306A1 (fr) 2001-10-18

Family

ID=8163904

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/003093 WO2001078306A1 (fr) 2000-04-06 2000-04-06 Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification

Country Status (5)

Country Link
EP (1) EP1273126A1 (fr)
JP (1) JP3701913B2 (fr)
AU (1) AU4398400A (fr)
CA (1) CA2402934C (fr)
WO (1) WO2001078306A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006064359A1 (fr) * 2004-12-17 2006-06-22 Telefonaktiebolaget Lm Ericsson (Publ) Authentification mutuelle resistant au clone dans un reseau de radio communication
EP1768426A1 (fr) * 2005-06-04 2007-03-28 Huawei Technologies Co., Ltd. Procede d'authentification et procede de transmission d'informations correspondant
WO2007041933A1 (fr) * 2005-10-10 2007-04-19 Huawei Technologies Co., Ltd. Procédé de mise à jour de clés secrètes contrôlées et appareil idoine
WO2007096735A2 (fr) * 2006-02-22 2007-08-30 Axalto S.A. Jeton d'authentification permettant d'identifier une attaque de clonage sur ledit jeton d'authentification
CN100373973C (zh) * 2004-08-23 2008-03-05 中兴通讯股份有限公司 移动通信系统单板预定义定时器管理方法
DE102006060967A1 (de) * 2006-12-20 2008-06-26 Vodafone Holding Gmbh Überprüfung von Authentisierungsfunktionen
EP2445241A2 (fr) * 2009-06-16 2012-04-25 KT Corporation Procédé d'authentification d'un module universel d'identité d'abonné et système lié
CN104333864A (zh) * 2014-11-05 2015-02-04 中国联合网络通信集团有限公司 一种鉴权重同步方法及装置
WO2020150697A1 (fr) * 2019-01-18 2020-07-23 Qualcomm Incorporated Amélioration de la protection de numéros de séquence dans un protocole d'authentification et d'accord de clé

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8094817B2 (en) * 2006-10-18 2012-01-10 Telefonaktiebolaget Lm Ericsson (Publ) Cryptographic key management in communication networks
US8265593B2 (en) * 2007-08-27 2012-09-11 Alcatel Lucent Method and system of communication using extended sequence number

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5799084A (en) * 1996-05-06 1998-08-25 Synacom Technology, Inc. System and method for authenticating cellular telephonic communication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5799084A (en) * 1996-05-06 1998-08-25 Synacom Technology, Inc. System and method for authenticating cellular telephonic communication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3RD GENERATION PARTNERSHIP PROJECT;TECHNICAL SPECIFICATION GROUP SERVICES AND SYSTEM ASPECTS; 3G SECURITY; SECURITY ARCHITECTURE (RELEASE 1999)", 3GPP TS 33.102 V3.4.0 (2000-3), March 2000 (2000-03-01), XP002155078 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100373973C (zh) * 2004-08-23 2008-03-05 中兴通讯股份有限公司 移动通信系统单板预定义定时器管理方法
WO2006064359A1 (fr) * 2004-12-17 2006-06-22 Telefonaktiebolaget Lm Ericsson (Publ) Authentification mutuelle resistant au clone dans un reseau de radio communication
EP1768426A1 (fr) * 2005-06-04 2007-03-28 Huawei Technologies Co., Ltd. Procede d'authentification et procede de transmission d'informations correspondant
US7773973B2 (en) 2005-06-04 2010-08-10 Huawei Technologies Co., Ltd. Method for authentication between a mobile station and a network
EP1768426A4 (fr) * 2005-06-04 2008-02-20 Huawei Tech Co Ltd Procede d'authentification et procede de transmission d'informations correspondant
WO2007041933A1 (fr) * 2005-10-10 2007-04-19 Huawei Technologies Co., Ltd. Procédé de mise à jour de clés secrètes contrôlées et appareil idoine
WO2007096735A3 (fr) * 2006-02-22 2007-12-06 Axalto Sa Jeton d'authentification permettant d'identifier une attaque de clonage sur ledit jeton d'authentification
WO2007096735A2 (fr) * 2006-02-22 2007-08-30 Axalto S.A. Jeton d'authentification permettant d'identifier une attaque de clonage sur ledit jeton d'authentification
US8689309B2 (en) 2006-02-22 2014-04-01 Gemalto Sa Authentication token for identifying a cloning attack onto such authentication token
DE102006060967A1 (de) * 2006-12-20 2008-06-26 Vodafone Holding Gmbh Überprüfung von Authentisierungsfunktionen
EP2445241A2 (fr) * 2009-06-16 2012-04-25 KT Corporation Procédé d'authentification d'un module universel d'identité d'abonné et système lié
EP2445241A4 (fr) * 2009-06-16 2015-01-21 Kt Corp Procédé d'authentification d'un module universel d'identité d'abonné et système lié
CN104333864A (zh) * 2014-11-05 2015-02-04 中国联合网络通信集团有限公司 一种鉴权重同步方法及装置
CN104333864B (zh) * 2014-11-05 2018-04-10 中国联合网络通信集团有限公司 一种鉴权重同步方法及装置
WO2020150697A1 (fr) * 2019-01-18 2020-07-23 Qualcomm Incorporated Amélioration de la protection de numéros de séquence dans un protocole d'authentification et d'accord de clé
CN113287334A (zh) * 2019-01-18 2021-08-20 高通股份有限公司 改进对认证和密钥协商协议中的序列号的保护

Also Published As

Publication number Publication date
CA2402934A1 (fr) 2001-10-18
CA2402934C (fr) 2006-12-05
JP3701913B2 (ja) 2005-10-05
JP2004518309A (ja) 2004-06-17
EP1273126A1 (fr) 2003-01-08
AU4398400A (en) 2001-10-23

Similar Documents

Publication Publication Date Title
US9032205B2 (en) Robust authentication and key agreement protocol for net-generation wireless networks
EP0856233B1 (fr) Authentification d'abonne dans un systeme mobile de communications
EP0976278B1 (fr) Prevention de l'emploi abusif d'une identite d'abonne copiee dans un systeme de telecommunications mobiles
US5319711A (en) Wireless device for verifying identification
CN101053273B (zh) 用于采用修改的消息认证代码的相互认证的方法、设备和系统
AU731100B2 (en) Finding copied SIM cards
EP1603361B1 (fr) Protocole auto-synchronisant pour l'authentification et l'accord de clé
US20040162998A1 (en) Service authentication in a communication system
US7131006B1 (en) Cryptographic techniques for a communications network
US20080052399A1 (en) System and method for protecting emergency response services in telecommunication networks from attack
WO2009048574A2 (fr) Communication sans fil sécurisée
US11115195B2 (en) Authentication server of a cellular telecommunication network and corresponding UICC
CA2402934C (fr) Procede et systeme permettant de produire un numero de sequence devant etre utilise a des fins d'authentification
EP1992185A2 (fr) Procédé de réauthentification rapide dans un umts
WO2020147856A1 (fr) Procédé et dispositif de traitement d'authentification, support de stockage, et dispositif électronique
US7570764B2 (en) Sequence number calculation and authentication in a communications system
Park et al. An authentication mechanism for the UMTS-WiFi networks
WO2013095168A1 (fr) Procédé d'envoi d'un code à usage unique sous une forme alphanumérique

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2402934

Country of ref document: CA

ENP Entry into the national phase

Ref country code: JP

Ref document number: 2001 575043

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2000925175

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000925175

Country of ref document: EP