WO2002102103A2 - Procede d'authentification - Google Patents

Procede d'authentification Download PDF

Info

Publication number
WO2002102103A2
WO2002102103A2 PCT/EP2002/006397 EP0206397W WO02102103A2 WO 2002102103 A2 WO2002102103 A2 WO 2002102103A2 EP 0206397 W EP0206397 W EP 0206397W WO 02102103 A2 WO02102103 A2 WO 02102103A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
parameter
rand
subscriber identification
key
Prior art date
Application number
PCT/EP2002/006397
Other languages
German (de)
English (en)
Other versions
WO2002102103A3 (fr
Inventor
Harald Vater
Markus Bockes
Ulrich Heckmanns
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Priority to EP02743179A priority Critical patent/EP1400142A2/fr
Priority to AU2002345028A priority patent/AU2002345028A1/en
Publication of WO2002102103A2 publication Critical patent/WO2002102103A2/fr
Publication of WO2002102103A3 publication Critical patent/WO2002102103A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to a method for generating an authentication response parameter for authenticating a subscriber identification unit in a network at a service provider. Furthermore, the invention relates to an authentication method for a network using such a method for generating the authentication response parameter, a subscriber identification unit and an authentication center for carrying out the method, and a computer program with corresponding program code means to carry out the method by means of a computer.
  • One goal is the authentication and thus the access control of the individual subscriber to the service offered, for example in the case of the mobile radio network the establishment of a connection to another telephone subscriber.
  • Another main goal is the protection of the transmitted information itself.
  • the purpose of authentication is to verify the identity and authenticity of a communication partner. It is sufficient if one-sided authentication is carried out, that is, if the network or the service provider can determine the authenticity of the subscriber or the terminal or a subscriber identification unit located therein, which is located, for example, on a chip card.
  • the two communication participants must have a shared secret that is checked using an authentication method. This can be, for example, a password or the like.
  • an authentication method can be, for example, a password or the like.
  • a dynamic method for authentication is designed in such a way that it is protected against an attack by re-importing recorded data from previous sessions, since a different data basis is used for each individual authentication.
  • the network or the service provider sends a specific request parameter (challenge) to the subscriber identification unit, which is encrypted in the subscriber identification unit with a secret authentication key that is only known to the subscriber identification unit and the network or the service provider is.
  • the encryption result is then sent back in a second step and compared by the network or the service provider with a response parameter (response) generated in parallel from the sent request parameter and the common key.
  • This principle is referred to as the so-called “challenge and response principle”. It is the usual principle of authentication in the chip card area. As a rule, a random number is generated as the request parameter is not intended to limit the use of a random number as a query parameter.
  • the transmission of data between the terminal and the network or the service provider is preferably secured by a suitable message and encryption, with a new key being used here for each connection.
  • a suitable message and encryption with a new key being used here for each connection.
  • the request parameter (or the random number) which the network or the service provider sends to the subscriber identification unit, which is initially used for the authentication is additionally used to provide a (temporary) message coding key for encrypting the transmitted data produce.
  • GSM Global System for Mobile Communications
  • a GSM mobile radio network is made up of several Base Station Systems (BSS), which are managed by a Mobile Switching Center (MSC), which has a so-called Authentication Center (AUC) as a special component.
  • BSS Base Station Systems
  • MSC Mobile Switching Center
  • AUC Authentication Center
  • the AUC is a special security entity that has the necessary keys and algorithms for the authentication of the mobile radio devices or the subscriber identification units located therein.
  • a mobile radio device essentially consists of the actual device itself, which has the radio part, a coding / decoding unit (codec) for processing, in particular for encrypting and decrypting the transmitted data, a keyboard, a display and other customary components.
  • codec coding / decoding unit
  • Another essential component of the mobile radio device is a subscriber identification unit, which is called SIM (Subscriber Identity Module) in the GSM system.
  • SIM Subscriber Identity Module
  • the SIM is usually located on a chip card, which is inserted into the actual device. The mobile device can only be used when the SIM is inserted.
  • SIM Subscriber authentication Key
  • IMSI International Mobile Subscriber Identity
  • Ki Subscriber authentication Key
  • the authentication center (AUC) of the respective mobile radio network has a database in which the identification numbers (IMSI) are stored together with the assigned authentication keys (Ki).
  • a mobile radio device hereinafter also referred to as a mobile station
  • the IMSI is first transmitted to the mobile radio network by the mobile station or SIM.
  • the mobile station is thus clearly identified in the mobile radio network.
  • a randomly generated number (generally referred to as RAND or RND) is transmitted from the mobile radio network to the mobile station.
  • Both the SIM of the mobile station and the authentication center generate an authentication response parameter (generally called Signed Response; SRES) from this random number by means of a defined algorithm, which is called "A3" in the GSM system, using the SIM's secret individual authentication key Ki
  • SRES Signed Response
  • the random number has a length of 128 bits
  • the authentication key usually has a length of 128 bits
  • the result of the authentication response parameter SRES generated with the A3 algorithm is 32 bits in the current standard is transmitted from the SIM to the mobile network, where the response with the authentication response generated in parallel by the Authentication Center AUC parameter is compared. If there is a match, it can be assumed that the SIM has the correct key Ki. It is therefore authenticated.
  • both the SIM and the Authentication Center AUC have a so-called A8 algorithm.
  • a message coding key (cipher key; Kc; length: 64 bits) is generated from the random number, again using the authentication key Ki of the respective SIM.
  • Kc cipher key
  • This message coding key Kc is used to encrypt the (voice) data to be transmitted during the connection between the mobile station and the mobile radio network and thus to protect it against eavesdropping.
  • the message coding key Kc is consequently generated anew with each authentication process depending on the random number RAND, which considerably increases the security of the transmission against eavesdropping.
  • the encryption unit located in the codec of the mobile radio device is able to encrypt or decrypt the voice data in real time with the message coding key Kc using a so-called A8 algorithm.
  • the transmitted data is encrypted or decrypted accordingly in the mobile radio network using the identical key generated in parallel there.
  • a so-called “triplet” of three parameters - the random number (RAND), the derived authentication response parameter (SRES) and the message coding key (Kc) - is required for each new registration of a mobile station in a mobile radio network, only the Random number is sent from the mobile network to the mobile station and this the authentication response parameters ter sends back.
  • Each triplet (RAND, SRES, Kc) is used only once and then discarded.
  • triplets are usually generated by the authentication center AUC for each subscriber of the associated mobile radio network at a specific point in time and stored in a special security parameter file. Since these three parameters (RAND, SRES, Kc) are completely sufficient to authenticate a specific SIM and establish an encrypted connection, there is thus the possibility of external GSM networks from
  • an authentication center can provide various service providers or different independent servers with a number of triplets for a specific subscriber identification unit, with which they are then able to authenticate a specific subscriber identification unit and to exchange encrypted data.
  • closed, secured networks e.g. B. ATM networks are used.
  • a special A3 algorithm for generating an authentication response parameter for authenticating a subscriber identification unit in a GSM network is described in WO 97/15161. According to the method mentioned there, it is provided that the 128-bit random number is first converted into a 152-bit parameter using a special algorithm. This input parameter is fed to a so-called CAVE algorithm, which generates an 18-bit output parameter from it. This 18-bit output parameter is then converted into a 32-bit authentication response parameter.
  • the method described there has the purpose of making the CA VE algorithm used in American mobile radio standards usable for the GSM standard. However, the method has the disadvantage that the entire algorithm is fixed and can only be varied with great effort.
  • the invention is therefore based on the object of providing a corresponding method for generating the authentication response parameter, which can be individually and easily changed at low cost. Furthermore, there is the task of a corresponding authentication method as well as a subscriber identification unit and a to provide the centralization center for carrying out the method.
  • the method for generating the authentication response parameter from the request parameter is individualized in that an individual modification parameter assigned to the respective service provider is used in the calculation in at least one method step.
  • an additional parameter is introduced which is used at a specific point in the algorithm.
  • the change in this modification parameter consequently also means a change in the algorithm. In this way it is possible to provide individual authentication methods for a large number of different service providers, which are just as secure and fast as the methods carried out with the unchanged algorithm.
  • the modification parameter can be generated, for example, with a random number generator. This can be carried out, for example, by a manufacturer of the subscriber identification units, in particular a chip card manufacturer, who generally also identifies the identification number. mern and generated the authentication keys for the individual subscriber identification units in a secure environment and implemented in the subscriber identification units. Likewise, the modification parameter from the manufacturer of the subscriber identification units, just like the algorithm, the identification numbers and the authentication key for the subscriber identification units, can be transmitted to the authentication center in a secure manner on the one hand and stored in a secure environment on the other.
  • the modification parameter can be included, for example, by logically linking it to the request parameter before encryption. Of course, it is also possible to link the modification parameter with an intermediate result in the course of the method or to use the modification parameter several times within the procedure.
  • the request parameter is broken down into at least two parts and the parts are used in the calculation in different procedural steps. This results in additional mixing of the request parameter.
  • an output or intermediate result is used to calculate the message coding key when calculating the authentication response parameter. In this way, the overall algorithm for generating the Encryption result more complicated and therefore more secure without additional effort.
  • An authentication method for a network has the following method steps. First, a query parameter, preferably a random number (in the following, a random number is again assumed as a query parameter without restricting the invention). This can be done either in an authentication center or in a separate random generator. This random number is then transmitted over the network to a subscriber identification unit of a user's terminal. The authentication response parameter and possibly the message coding key are then generated in the subscriber identification unit using the previously explained method according to the invention. This authentication response parameter is transmitted back to the network and is compared there with the authentication response parameter determined in parallel by the authentication center using the same authentication key. If the two parameters match, the subscriber or the corresponding subscriber identification unit is regarded as identified.
  • a query parameter preferably a random number (in the following, a random number is again assumed as a query parameter without restricting the invention). This can be done either in an authentication center or in a separate random generator.
  • This random number is then transmitted over the network to a subscriber identification unit of a user's terminal.
  • a subscriber identification unit must first have storage means in which an individual authentication key assigned to the respective subscriber identification unit and a modification parameter assigned to the service provider are stored.
  • the memory means can be completely separate memories, but also memory areas within an overall memory. It makes sense for this to be a non-volatile memory.
  • the subscriber identification unit must have means for generating an authentication response parameter from a random number using the method according to the invention.
  • This can be a special hardware circuit which, for example, executes the algorithm directly in binary.
  • Such a special hardware structure of the circuit is complex, but very powerful in terms of computing speed. In the simpler case, it can be a CPU, for example in a microcontroller, in which the method is implemented in software in the form of a computer program with suitable program code means.
  • such a subscriber identification unit can be a chip card, for example a SIM card in the case of the GSM system.
  • An authentication center according to the invention in a network must accordingly have storage means with a database of different authentication devices assigned to the individual subscriber identification units. key and with a modification parameter assigned to the respective service provider.
  • this authentication center also requires means for generating an authentication response parameter from a random number using the method according to the invention.
  • the method can be implemented either by setting up a special circuit or by a computer with a suitable software program.
  • the authentication center is the usual AUC.
  • Other networks can be an independent authentication center, which takes over the authentication as a service provider for various service providers and has corresponding, particularly secure zones for storing the various keys.
  • individual service providers can have their own authentication center, each of which communicates via the Internet with a subscriber identification unit located on the subscriber's terminal.
  • the subscriber identification unit for example within a chip card, and accordingly to integrate a chip card reader on the terminal, for example a PC, with which the subscriber identification unit is accessed.
  • authentication in mobile radio networks is a main area of application of the method according to the invention. Another area of application is authentication against certain service providers on the Internet. Of course, authentication also comes with this This method in other networks, for example in networks of ATMs or other systems, such as access control systems or the like, in question.
  • Figure 1 is a schematic representation of the sequence of the inventive method according to a first embodiment.
  • FIG. 2 shows a schematic illustration of the sequence of the method according to the invention in accordance with a second exemplary embodiment
  • Fig. 3 is a schematic representation of the sequence of the inventive method according to a third embodiment.
  • FIG. 1 A relatively simple version of the method according to the invention is shown in FIG.
  • the random number RAND is first linked to the modification parameter AM (Algorithm Modifier).
  • this link is an XOR (exclusive OR) i
  • Such an XOR operation corresponds to a bit-wise addition of the two binary numbers, the combinations 1 + 1 and 0 + 0 each giving 0 and exclusively the combination 1 + 0 and 0 + 1 each giving 1.
  • a modification parameter 000 ... 0 therefore does not change the basic algorithm.
  • 000 ... 0 is set to different bit sequences defined for each service provider, the data for each service provider network can be individually encrypted while maintaining the same basic algorithm.
  • the modification parameter AM has the same bit length as the random number RAND.
  • the modification parameter AM in the exemplary embodiment according to FIG. 1, like the random number RAND, has the length of 128 bits.
  • Encryption method encrypted using the individual authentication key Ki of the subscriber identification unit is a so-called symmetrical encryption method that is used relatively frequently in the chip card area (that is, the same key is used for encryption and decryption).
  • the key length is usually 64 bits, although in the DES method, however, every eighth bit is usually a parity bit, which is only used to control the other bits in the key and therefore not significant for the result. If a 128-bit key Ki is used, which does not contain any parity bits (for example keys in the GSM system), every eighth bit is simply ignored in the encryption provided.
  • the DES encryption process is considered to be extremely secure. The only promising attack against such a system to date is a very complex search for the key by trial and error, which requires enormous computing capacity.
  • the triple DES method is therefore used, in which three DES operations with alternating encryption and decryption are connected in series.
  • three different keys can also be used.
  • the authentication key Ki consists of 128 bits, the 64 most significant bits (msb) forming a first key Kl, which is used for encryption within the triple DES method, and the lower-order 64 bits (least significant bits; lsb) of Ki form the second key K2, which is used for the decryption within the Triple-DES method.
  • OUTS RE S The result of the combination of the random number RAND and the modification parameter AM encoded in this way is referred to in FIG. 1 as OUTS RE S.
  • This result OUTSRES has the same bit length as the input parameters, ie 128 bits in the present exemplary embodiment.
  • the authentication response parameter SRES only has a bit length of 32 bits. Therefore, only the low-order 32 bits of the encryption result OUTSRES are used as authentication response parameters SRES.
  • the DES is operated in the so-called CBC mode (cipher block chaining). If the input parameters are only 64 bits long, work in non-chained DES mode.
  • the random number RAND is first divided into a higher value part R ⁇ and a lower value part R2 of the same bit length broken down.
  • the parts R ⁇ and R2 are each 64 bits long when using the method according to the GSM standard.
  • the modification parameter AM also has a length of 64 bits.
  • the linking result is then encrypted using a triple DES method using the authentication key Ki of the subscriber identification unit.
  • the encryption result T ⁇ obtained therefrom which in turn has a length of 64 bits, is first linked in a further method step with the higher-value portion R1 of the random number RAND, and this linking result is repeated using the authentication key Ki with a triple DES method encrypted.
  • the authentication response parameter SRES is only obtained from this double-encrypted method, in which the random number RAND has been mixed together.
  • only the least significant 32 bits of the last encryption result OUTSRES, also called T2 in FIG. 2 are used as authentication response parameters SRES.
  • FIG. 3 shows a further embodiment of the method according to FIG. 2, in which a message coding key Kc is simultaneously generated from the random number RAND.
  • the encryption result T2 obtained according to the method in FIG. 2 is again linked to the low-value part R2 of the random number RAND by means of an XOR operation.
  • Link result is then again using the authentication key Ki encrypted with a triple DES method.
  • the message coding key Kc is then obtained from the encryption result Out ⁇ c.
  • Either the message coding key Kc consists of the 54 most significant bits of the encryption result Out ⁇ c and the ten least significant bits of the message coding key Kc are set to 0, or the entire encryption result Out ⁇ c is used unchanged as the message coding key Kc.
  • flag bit is set as an indicator (not shown) and this flag bit is automatically queried before the message coding key Kc is output. If the flag bit is 0, if the last bits of Out ⁇ c are automatically set to 0, if the flag bit is 1, Out ⁇ c remains unchanged.
  • AM modification parameter (Algorithm Modifier) Ki authentication key ⁇ first encryption result
  • SIM Subscriber Identity Module subscriber identification unit in the GSM system
  • BSS Base Station System BSS Base Station System
  • AUC Authentication Center authentication center in the GSM system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé pour générer un paramètre de réponse d'authentification (SRES) servant à authentifier une unité d'identification d'abonné dans un réseau, notamment un réseau GSM, auprès d'un prestataire de services. Selon ce procédé, le paramètre de réponse d'authentification (SRES) est calculé au moyen d'une clé d'authentification (Ki) individuelle, associée à l'unité d'identification d'abonné, à partir d'un paramètre de demande (RAND). Au cours d'au moins une étape du procédé, il est fait appel, lors de ce calcul, à un paramètre de modification (AM) associé au prestataire de services.
PCT/EP2002/006397 2001-06-12 2002-06-11 Procede d'authentification WO2002102103A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP02743179A EP1400142A2 (fr) 2001-06-12 2002-06-11 Procede d'authentification
AU2002345028A AU2002345028A1 (en) 2001-06-12 2002-06-11 Authentication method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10128300A DE10128300A1 (de) 2001-06-12 2001-06-12 Authentisierungsverfahren
DE10128300.8 2001-06-12

Publications (2)

Publication Number Publication Date
WO2002102103A2 true WO2002102103A2 (fr) 2002-12-19
WO2002102103A3 WO2002102103A3 (fr) 2003-12-11

Family

ID=7687916

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2002/006397 WO2002102103A2 (fr) 2001-06-12 2002-06-11 Procede d'authentification

Country Status (4)

Country Link
EP (1) EP1400142A2 (fr)
AU (1) AU2002345028A1 (fr)
DE (1) DE10128300A1 (fr)
WO (1) WO2002102103A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8611536B2 (en) * 2004-09-08 2013-12-17 Qualcomm Incorporated Bootstrapping authentication using distinguished random challenges
CN105722085A (zh) * 2016-03-28 2016-06-29 宇龙计算机通信科技(深圳)有限公司 伪基站识别方法、伪基站识别装置和终端
CN107959935A (zh) * 2017-11-09 2018-04-24 广德宝达精密电路有限公司 一种新型伪基站识别设备
US11115185B2 (en) * 2019-03-22 2021-09-07 Rosemount Aerospace Inc. Highly secure WAIC baseband signal transmission with byte displacement approach

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1005244A1 (fr) 1998-11-25 2000-05-31 ICO Services Ltd. Authentification d'une connexion dans un réseau mobile

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5594795A (en) * 1994-07-05 1997-01-14 Ericsson Inc. Method and apparatus for key transforms to discriminate between different networks
FI109864B (fi) * 2000-03-30 2002-10-15 Nokia Corp Tilaajan autentikaatio

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1005244A1 (fr) 1998-11-25 2000-05-31 ICO Services Ltd. Authentification d'une connexion dans un réseau mobile

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8611536B2 (en) * 2004-09-08 2013-12-17 Qualcomm Incorporated Bootstrapping authentication using distinguished random challenges
CN105722085A (zh) * 2016-03-28 2016-06-29 宇龙计算机通信科技(深圳)有限公司 伪基站识别方法、伪基站识别装置和终端
WO2017166419A1 (fr) * 2016-03-28 2017-10-05 宇龙计算机通信科技(深圳)有限公司 Procédé d'identification de fausse station de base, dispositif identifiant une fausse station de base, et terminal
CN107959935A (zh) * 2017-11-09 2018-04-24 广德宝达精密电路有限公司 一种新型伪基站识别设备
US11115185B2 (en) * 2019-03-22 2021-09-07 Rosemount Aerospace Inc. Highly secure WAIC baseband signal transmission with byte displacement approach

Also Published As

Publication number Publication date
EP1400142A2 (fr) 2004-03-24
DE10128300A1 (de) 2003-01-09
AU2002345028A1 (en) 2002-12-23
WO2002102103A3 (fr) 2003-12-11

Similar Documents

Publication Publication Date Title
DE60314402T2 (de) System und methode zum speichern sowie abrufen kryptographischer geheimnisse von unterschiedlichen kundenendgeräten in einem netzwerk
DE69921039T2 (de) Verfahren zur Erstellung eines Schlüssels unter Verwendung einer Funkkommunikation und eines Kennwortprotokolls
DE69727641T2 (de) Verfahren zum Senden einer sicheren Botschaft in einem Telekommunikationssystem
DE69525912T2 (de) Benachrichtigungsverfahren in einem kommunikationssystem
DE69706867T2 (de) Vorrichtung zur wiedergewinnung eines geheimschlüssels
DE69534012T2 (de) Authentifizierungsverfahren für mobile Kommunikation
DE69018452T2 (de) Telefonanlage für das Fernladen von Fernsprechabonnement-Daten einer autonomen Station.
DE69925920T2 (de) Sichere verarbeitung für die authentifizierung eines drahtlosen kommunikationsgeräts
EP0872076B1 (fr) Procede d'echange assiste par ordinateur de codes cryptographiques entre un premier et un second ordinateur
DE60302276T2 (de) Verfahren zur ferngesteuerten Änderung eines Kommunikationspasswortes
DE69518521T2 (de) Verfahren und einrichtung zur schlüsselumwandlung zur unterscheidung zwischen veschiedenen netzen
DE60028900T2 (de) Automatische Neusynchronisation einer Geiheimsynchronisationsinformation
EP1080557B1 (fr) Procede et dispositif d'echange assiste par ordinateur de cles cryptographiques entre une premiere unite d'ordinateur et une seconde unite d'ordinateur
DE602004012233T2 (de) Verfahren zur Bereitstellung eines Signierungsschlüssels zur digitalen Signierung, Überprüfung oder Verschlüsselung von Daten
CH656761A5 (de) Datenuebertragungsanlage, die eine verschluesselungs/entschluesselungs-vorrichtung an jedem ende wenigstens einer datenverbindung aufweist.
DE60037390T2 (de) Authentifikation in einem mobilen kommunikationssystem
DE10026326B4 (de) Verfahren zur kryptografisch prüfbaren Identifikation einer physikalischen Einheit in einem offenen drahtlosen Telekommunikationsnetzwerk
DE60116195T2 (de) Vorrichtung und Verfahren zur Verschleierung von Eingangsparametern
DE112012000971B4 (de) Datenverschlüsselung
DE10393847T5 (de) Verfahren und Vorrichtung zum Auffinden einer gemeinsam genutzten vertraulichen Information ohne Beeinträchtigung nicht-gemeinsam genutzter vertraulicher Informationen
WO1998048389A2 (fr) Procede d'authentification mutuelle de deux unites
DE10124427A1 (de) System und Verfahren für einen sicheren Vergleich eines gemeinsamen Geheimnisses von Kommunikationsgeräten
EP0923826B1 (fr) Dispositif et procede destines au traitement cryptographique d'un flux de donnees numeriques qui presente un nombre quelconque de donnees
DE60224391T2 (de) Sicherer Zugang zu einem Teilnehmermodul
EP1400142A2 (fr) Procede d'authentification

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2002743179

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002743179

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP