WO2005060150A1 - Method and apparatus for authenticating subscriber and network in wireless internet system - Google Patents

Method and apparatus for authenticating subscriber and network in wireless internet system Download PDF

Info

Publication number
WO2005060150A1
WO2005060150A1 PCT/KR2004/002118 KR2004002118W WO2005060150A1 WO 2005060150 A1 WO2005060150 A1 WO 2005060150A1 KR 2004002118 W KR2004002118 W KR 2004002118W WO 2005060150 A1 WO2005060150 A1 WO 2005060150A1
Authority
WO
WIPO (PCT)
Prior art keywords
nurber
encryption key
network
random
private key
Prior art date
Application number
PCT/KR2004/002118
Other languages
English (en)
French (fr)
Inventor
Mun-Kyu Lee
Do-Woo Kim
Sung-Ik Jun
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Priority to EP04774379A priority Critical patent/EP1695480A4/en
Priority to CN2004800417230A priority patent/CN1918843B/zh
Publication of WO2005060150A1 publication Critical patent/WO2005060150A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • H04W48/10Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Definitions

  • the present invention relates to a method and an apparatus for authenticating a subscriber and a network, by which the subscriber and the network are provided with mutual authentication and share a key in a wireless Internet system.
  • Subscriber authentication is usually performed using an ID and a password in wireless Internet.
  • This method has two problems. Firstly, since a password is transmitted without being coded, the method is fatally vulnerable in terms of security. Secondly, the method just allows a network to authenticate a subscriber but does not provide a function that allows the subscriber to authenticate the network. That is, the method does not provide mutual authentication. Accordingly, a subscriber is always exposed to the danger of malicious use of an ID/password and the danger of revealing personal information to fake servers. Disclosure of Invention Technical Problem
  • the present invention provides a method and an apparatus for enabling mutual authentication between a network and a user under an existing subscriber identity module (SIM) structure in a wireless Internet system with a minimuri nutrber of messages between the subscriber and the network.
  • SIM subscriber identity module
  • a method of authenticating a subscriber and a network in a wireless Internet system includes a wireless Internet gateway broadcasting an agent advertisement to its subnetwork; a mobile station transmitting a network access identifier containing a first random nutrber and a mobile subscriber identity to the gateway, when entering the sub-network of the gateway ; the gateway transmitting the mobile subscriber identity and the first random n rber to an authentication server; the authentication server extracting a private key using the mobile subscriber identity, generating RES1 using the private key and the first random number, and generating XRES2 using the private key and a second random nurber; the authentication server transmitting the RES1, the second random nurber, and the XRES2 to the gateway; the gateway storing the XRES2 and transmitting the RES 1 and the second random nurber to the mobile station; the mobile station generating XRES1 using the private key and the first random number that are stored therein and comparing the X
  • an apparatus for authenticating a subscriber and a network in a wireless Internet system includes a mobile station which transmits a network access identifier containing a first random nurber and a mobile subscriber identity to a gateway when entering a sub- network of the gateway, generates XRES1 using a private key and the first random number that are stored therein, compares the XRES1 with RES1 received from the gateway to authenticate the network, generates RES2 using the private key and a second random nurber received from the gateway, and transmits the RES2 to the gateway; the gateway which broadcasts an agent advertisement to the sub-network, extracts the mobile subscriber identity and the first random nurber from the network access identifier received from the mobile station entering the sub-network, transmits the mobile subscriber identity and the first random nurber to an authentication server, stores XRES2 received from the authentication server, transmits the RES 1 and the second random nurber to the mobile station, and compares the
  • a n authentication server including a private key extractor which fetches a private key from a DB using a received mobile subscriber identity; a first signal generator which generates a first encryption key and RES1, which is used by a mobile station for network authentication, using the private key and a received first random nurber; a random number generator which generates a second random nutrber; a second signal generator which generates a second encryption key and XRES2, which is used for subscriber authentication, using the private key and the second random nurber; and an encryption key generator which generates a third encryption key by combining the first encryption key and the second encryption key.
  • an apparatus for authenticating a network in a mobile station receives RES 1 and a second random number and includes a random number generator which generates a first random number; a first signal generator which generates a first encryption key and network authentication information XRES 1 using a private key stored therein and the first random nurber; a comparator which compares the XRES 1 with the received RES 1 to authenticate the network; a second signal generator which generates a second encryption key and subscriber authentication information XRES2 using the private key and the received second random number; and an encryption key generator which generates a third encryption key by combining the first encryption key and the second encryption key.
  • a subscriber and a network can mutually authenticate each other using only two pairs of request and reply messages. Also, the subscriber and the network can share a 128-bit encryption key for secure communication using an authentication algorithm used in a conventional SIM-type mobile communication network without any change. Accordingly, security of a wireless Internet network is enhanced at a rninii im cost, and mobile c ⁇ rmunication network and wireless Internet network co-work effectively.
  • FIG. 1 illustrates an entire system including a mobile ccxrmunication network and a wireless Internet network , according to an errbodiment of the present invention
  • FIG. 2 illustrates a protocol for mutual authentication between a mobile station and a wireless Internet network
  • FIG. 3 illustrates a data format of a temporary network access identifier (TNAI);
  • FIG. 4 is a block diagram of an authentication, authorization & accounting server in home side (AAAH).
  • FIG. 5 is a block diagram of an apparatus for authenticating a network in a mobile station. Best Mode [15]
  • errbodiments of the present invention will be described in detail with reference to the accompanying drawings.
  • FIG. 1 illustrates an entire system including a mobile c ⁇ rmunication network and a wireless Internet network , according to an errbodiment of the present invention.
  • a subscriber identity module (SIM) 11 shown in FIG. 1 is inserted into a mobile station (MS) 10.
  • MS mobile station
  • the MS 10 When using the mobile c ⁇ rmunication network, the MS 10 is authenticated by a home location register (HLR) 14 via a base station (BS) 12 and a mobile switching center (MSC) 13.
  • HLR home location register
  • MSC mobile switching center
  • the MS 10 is authenticated by an authentication, authorization & accounting server in home side (AAAH) 18 connected to an access point (AP) 15 via a home agent (HA) 17 and a foreign agent (FA) 16.
  • AAAH authentication, authorization & accounting server in home side
  • AP access point
  • HA home agent
  • FA foreign agent
  • the HLR 14 and the AAAH 18 should be able to access a database (DB) storing a private key corresponding to the SIM 11.
  • DB database
  • a wireless c ⁇ rmunication system e.g., a 3G packet network supporting a mobile Internet protocol (IP)
  • IP mobile Internet protocol
  • two types of Internet access gateways are present as network devices that can allocate an IP address to the MS 10.
  • One is a packet data service node (PDSN) referred to as an FA
  • the other is an HA.
  • the FA allocates an IP address to an MS requesting a simple IP service
  • the HA allocates an IP address to an MS requesting a mobile IP service.
  • the IP address allocated by the FA is discarded after the service ends while the IP address allocated by the HA is valid as far as the MS does not move to an area of another HA.
  • Packet c ⁇ rmunication systems supporting a dynamic IP service are configured based on a domain and are connected to each other through the Internet.
  • Each domain includes a mobile c ⁇ rmunication system and network devices for a packet call service.
  • the mobile c ⁇ rmunication system includes a base transceiver system (BTS) and a base station controller (BSC), which are used in a digital cellular network, a personal c ⁇ rmunications service (PCS) network, and a next generation of a mobile communication network, International Mobile Teleccmnunications (IMT)-2000 (e.g., CDMA2000 or UMTS).
  • the network devices for a packet call service include an HA supporting a dynamic IP service, a PDSN, an authentication, authorization & accounting (AAA) server, a domain name system (DNS) server, and a dynamic host configuration protocol (DHCP) server.
  • AAA authentication, authorization & accounting
  • DNS domain name system
  • DHCP dynamic host configuration
  • An MS accesses a PDSN through a wireless channel.
  • the PDSN or an HA allocates an IP address to the MS requesting a packet call.
  • the IP address allocated by the PDSN is changed when the MS moves to an area of another PDSN, but the IP address allocated by the HA is fixed within a current domain.
  • An AAA server performs authentication, authorization, and accounting with respect to wireless c ⁇ rmunications network subscribers.
  • a security channel is formed between AAA servers.
  • An AAA server identifies a subscriber using a network access identifier (NAI), associates the NAI with a DNS server, and updates a DNS server through the security channel when an IP address is allocated dynamically.
  • NAI network access identifier
  • a host wanting c ⁇ rmunication with a mobile host cannot know a dynamically allocated IP address of the mobile host, and therefore, the DNS server needs to be updated dynamically.
  • a DNS server is a distributed naming system that maps a domain name to an IP address.
  • the DNS server dynamically updates domain names at the requests of network devices so that a fixed domain name is mapped to a changing IP address.
  • a domain name is an address expressed in text to identify a host accessing the Internet and is easier to memorize and more intuitive than an IP address configured with numerals.
  • FIG. 2 illustrates a protocol for mutual authentication between an MS 10 and a wireless Internet network.
  • An FA 16 connected to the wireless Internet network continuously broadcasts an agent advertisement (AA) 20 to its sub-network according to a mobile IP protocol. If the MS 10 enters the sub-network of the FA 16, the MS 10 recognizes the AA 20. Then, the MS 10 generates a first random nurber (RAND1) in step 211 and transmits a registration request (R_Req) 21 to the FA 16.
  • the R_Req 21 contains a care-of-address (Co A) received from the FA 16 and an NAI corresponding to a subscriber's ID.
  • the FA 16 transmits the R_Req 21 as an R_Req 22 to an HA 17.
  • a new type of NAI i.e., a temporary NAI (TNAI)
  • TNAI temporary NAI
  • FIG. 3 illustrates a data format of a TNAI contained in an R_Req message that is generated by the MS 10 and then transmitted sequentially to the FA 16 and HA 17.
  • the TNAI includes an international mobile subscriber identity (IMSI) 31, a first random number (RAND1) that has a length of 128 bits and is generated by an SIM 11 for network authentication, and a Realm 34 indicating a domain to which a subscriber belongs.
  • IMSI international mobile subscriber identity
  • RAND1 first random number
  • Realm 34 indicating a domain to which a subscriber belongs.
  • a tag 30 indicates the authentication method which is intended to be used, and a separator 33 is a mark that separates the IMSI 31 from the Realm 34.
  • the tag 30 and the separator 33 are encoded into, for example, 1-byte ASCII codes corresponding to 9 and @, respectively.
  • the IMSI 31 is encoded into a 15-byte text string where each byte is composed of one of ASCII codes 0x30-0x39 corresponding to 0-9.
  • the RAND1 32 is set by encoding a 128-bit random number to a length of 22 bytes using BASE-64 encoding.
  • the Realm 34 is encoded into a text string corresponding to the domain name.
  • the HA 17 having received the R_Req 22 from the FA 16 extracts the IMSI 31 and the RAND1 32 from the TNAI, generates and transmits an authentication request (A_Req) 23 to an AAAH 18.
  • the AAAH 18 extracts subscriber information and a private key Ki from a DB using the IMSI 31, generates RESl, RAND2, XRES2, and Kc in step 231, and transmits them as an authentication reply (A_Reply) 24 to the HA 17.
  • the HA 17 transmits the A_Reply 24, received from the AAAH 18 as a registration reply (R_Reply) 25 to the FA 16.
  • RESl indicates information used by the MS 10 to authenticate the network
  • XRES2 indicates information used by the FA 16 to authenticate the subscriber.
  • RAND2 is a second random number randomly generated to have 128 bits in length by the AAAH 18.
  • Kc is a 128-bit encryption key generated by combining a 64-bit encryption key Kcl generated using Ki and RAND1 and a 64-bit encryption key Kc2 generated using Ki and RAND2.
  • FIG. 4 is a block diagram illustrating operations of the AAAH 18 while the above- described authentication protocol is performed.
  • Subscriber information and a private key Ki are extracted from a DB 41 using an IMSI received from the HA 17.
  • a first signal generator 42 generates a 64-bit encryption key Kcl in a block 421 and RESl in a block 422 based on the private key Ki and RAND1.
  • a second signal generator 43 generates a 64-bit encryption key Kc2 in a block 431 and XRES2 in a block 432 based on the private key Ki and RAND2.
  • the A8 algorithm used in the blocks 421 and 431 and the A3 algorithm used in the blocks 422 and 432 are predefined authentication/ encryption algorithms in a mobile c ⁇ rmunication network.
  • the RAND2 is a random number generated by a random nurber generator 45.
  • FIG. 5 is a block diagram of an apparatus for authenticating a network in the MS 10 while the authentication protocol is performed.
  • the SIM 11 shown in FIG. 1 included within the MS 10 receives the RESl and the RAND2 from the FA 16. Then, a first signal generator 52 generates authentication information XRES 1 in a block 522 using the private key Ki and the RAND1 that have been stored in the MS 10 in step 213.
  • a comparator 54 compares the XRES1 with the RESl received from the FA 16 in step 215 to authenticate the network.
  • the RAND1 is a random nurber that have been generated by a random number generator 51.
  • the first signal generator 52 generates a 64-bit encryption key Kcl in a block 521.
  • a second signal generator 53 generates subscriber authentication information RES2 in a block 532 and a 64-bit encryption key Kc2 in a block 531 using the RAND2 received from the FA 16 and the private key Ki. Then, in step 217, the RES2 is transmitted to the FA 16, and the encryption keys Kcl and Kc2 are combined to generate a 128-bit encryption key Kc.
  • the RES2 generated by the SIM 11 of the MS 10 is errbedded into an A_Req 27 and transmitted to the FA 16.
  • the FA 16 compares the RES2 received from the MS 10 with the XRES2 stored therein in step 221 to authenticate the subscriber. If authentication succeeds, a SUCCESS message is embedded into an A_Reply 28 and transmitted to the MS 10.
  • an MS 10
  • the MS transmits an NAI containing a first random nurber and an IMSI to the gateway, generates XRES1 using a private key and the first random number that are stored therein, compares the XRES 1 with RES 1 received from the gateway to authenticate a network, generates RES2 using the private key and a second random nurber received from the gateway, and transmits the RES2 to the gateway.
  • a gateway (16, 17) broadcasts an AA to its sub-network, extracts an IMSI and a first random number from an NAI received from an MS entering the sub-network, transmits the IMSI and the first random number to an AAAH (or an authentication server), stores XRES2 received from the AAAH, transmits RESl and a second random number to the MS, and compares RES2 received from the MS with XRES2 stored therein to authenticate a subscriber.
  • AAAH or an authentication server
  • the AAAH ( 18) fetches a private key from a DB using IMSI, generates RES 1 using the private key and a first random nutrber, generates XRES2 using the private key and a second rand n nurber, and transmits the RESl, the second randan number, and the XRES2 to a gateway.
  • the AAAH (18) generates a first encryption key using the private key and the first randan nurber, generates a second encryption key using the private key and the second random nurber, generates a third encryption key by combining the first and second encryption keys, and transmits the third encryption key to the gateway.
  • the gateway stores the third encryption key
  • the MS generates a fourth encryption key using the private key and the first random nurber stored therein, generates a fifth encryption key using the private key and the second random nurber, and generates a sixth encryption key by combining the fourth and fifth encryption keys.
  • the third encryption key generated by the AAAH (18) and the sixth encryption key generated by the MS (10) share the same value.
  • messages transferred between the MS 10 and the FA 16 for mutual authentication between a subscriber and a network include the A A 20 periodically broadcasted by the FA 16 and two pairs of request and reply messages, i.e., R_Req 21, R_Reply 26, A_Req 27, and A_Reply 28.
  • the MS 10 and the FA 16 share the 128-bit encryption key Kc.
  • the mutual authentication between the subscriber and the network can be accomplished using only two pairs of request and reply messages transferred between the MS 10 and the FA 16 in addition to the A A periodically broadcasted by the FA 16 in a wireless Internet network.
  • an algorithm of generating an encryption key is repeated two times in the SIM 11, an effective encryption key is lengthened.
  • the invention can also be embodied as computer readable codes on a computer readable recording medium.
  • the computer readable recording medium is any data storage device that can store data which can be thereafter read by a computer system. Examples of the computer readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, and carrier waves (such as data transmission through the Internet).
  • ROM read-only memory
  • RAM random-access memory
  • CD-ROMs compact discs
  • magnetic tapes magnetic tapes
  • floppy disks optical data storage devices
  • carrier waves such as data transmission through the Internet
  • a subscriber and a network can mutually authenticate each other using only two pairs of request and reply messages. Also, the subscriber and the network can share a 128-bit encryption key for secure c ⁇ rmunication using an authentication algorithm used in a conventional SIM- type mobile c ⁇ rmunication network without any change. Accordingly, security of a wireless Internet network is enhanced at a minimun cost, and mobile communication network and wireless Internet network co-work effectively.
  • the present invention provides mutual authentication between a subscriber and a network using an SIM and a means for allowing a key to be shared by the subscriber and the network.
  • the subscriber and the network in a wireless Internet system exchange miniinum nurber of request and reply messages and can use an authentication algorithm used in a conventional SIM-type mobile c ⁇ rmunication network.
  • the present invention modifies a subscriber authentication method based on an SIM in a second generation mobile communication network, thereby enabling network authentication, and enhances security by increasing the nurber of effective bits of an encryption key shared by a subscriber and a network after authentication. According to the present invention, an unauthorized user is prevented fr ⁇ n using a network through subscriber authentication, and a subscriber's personal information is protected from being revealed to a fake server through authentication of a network and a server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/KR2004/002118 2003-12-17 2004-08-23 Method and apparatus for authenticating subscriber and network in wireless internet system WO2005060150A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP04774379A EP1695480A4 (en) 2003-12-17 2004-08-23 METHOD AND APPARATUS FOR AUTHENTICATING A SUBSCRIBER AND A NETWORK IN A WIRELESS INTERNET SYSTEM
CN2004800417230A CN1918843B (zh) 2003-12-17 2004-08-23 用于在无线因特网系统中鉴别用户和网络的方法和装置

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020030092564A KR100546778B1 (ko) 2003-12-17 2003-12-17 무선 인터넷 가입자 인증 방법 및 그 장치
KR10-2003-0092564 2003-12-17

Publications (1)

Publication Number Publication Date
WO2005060150A1 true WO2005060150A1 (en) 2005-06-30

Family

ID=36693406

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2004/002118 WO2005060150A1 (en) 2003-12-17 2004-08-23 Method and apparatus for authenticating subscriber and network in wireless internet system

Country Status (4)

Country Link
EP (1) EP1695480A4 (ko)
KR (1) KR100546778B1 (ko)
CN (1) CN1918843B (ko)
WO (1) WO2005060150A1 (ko)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1788754A3 (en) * 2005-11-16 2007-12-19 LG - Nortel Co., Ltd. Mobile communication terminal for wireless internet access and wireless internet access method
WO2008153456A1 (en) * 2007-06-11 2008-12-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for certificate handling
CN101635710B (zh) * 2009-08-25 2011-08-17 西安西电捷通无线网络通信股份有限公司 一种基于预共享密钥的网络安全访问控制方法及其系统
US20110283106A1 (en) * 2009-01-22 2011-11-17 Zte Corporation Method for realizing authentication center and authentication system
US9614842B2 (en) * 2014-07-31 2017-04-04 Samsung Electronics Co., Ltd. Device and method of setting or removing security on content

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100790495B1 (ko) * 2006-03-07 2008-01-02 와이즈와이어즈(주) 암호화 알고리즘을 이용한 이동통신 단말기 제어를 위한인증 방법, 시스템, 서버 및 기록매체
KR100745617B1 (ko) * 2006-11-17 2007-08-03 주식회사 유비닉스 가입자 인증 시스템 및 이를 이용한 가입자 인증 방법
KR100934309B1 (ko) * 2007-12-05 2009-12-29 유비벨록스(주) 통합 가입자 인증 시스템 및 이를 이용한 가입자 인증 방법
CN107294712B (zh) * 2017-07-24 2020-01-31 北京中测安华科技有限公司 一种密钥协商的方法及装置
KR102553166B1 (ko) * 2018-10-19 2023-07-06 주식회사 케이티 비프록시 기반 다중 경로 전송 시스템, 그리고 이의 세션 연결을 위한 인증 방법

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1040699A1 (de) * 1997-12-18 2000-10-04 Siemens Aktiengesellschaft Verfahren und kommunikationssystem zur verschlüsselung von informationen für eine funkübertragung und zur authentifikation von teilnehmern
EP1076887A1 (de) * 1998-05-07 2001-02-21 Giesecke & Devrient GmbH Verfahren zur authentisierung einer chipkarte innerhalb eines nachrichtenübertragungs-netzwerks
EP1175765A1 (en) * 1999-05-03 2002-01-30 Nokia Corporation SIM BASED AUTHENTICATION MECHANISM FOR DHCRv4/v6 MESSAGES
US6363151B1 (en) * 1996-07-31 2002-03-26 Siemens Aktiengesellschaft Method and system for subscriber authentification and/or encryption of items of information
US20020169958A1 (en) * 2001-05-14 2002-11-14 Kai Nyman Authentication in data communication
US20030028763A1 (en) * 2001-07-12 2003-02-06 Malinen Jari T. Modular authentication and authorization scheme for internet protocol

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2790177B1 (fr) * 1999-02-22 2001-05-18 Gemplus Card Int Authentification dans un reseau de radiotelephonie
FI20000760A0 (fi) * 2000-03-31 2000-03-31 Nokia Corp Autentikointi pakettidataverkossa
FI111208B (fi) * 2000-06-30 2003-06-13 Nokia Corp Datan salauksen järjestäminen langattomassa tietoliikennejärjestelmässä

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6363151B1 (en) * 1996-07-31 2002-03-26 Siemens Aktiengesellschaft Method and system for subscriber authentification and/or encryption of items of information
EP1040699A1 (de) * 1997-12-18 2000-10-04 Siemens Aktiengesellschaft Verfahren und kommunikationssystem zur verschlüsselung von informationen für eine funkübertragung und zur authentifikation von teilnehmern
EP1076887A1 (de) * 1998-05-07 2001-02-21 Giesecke & Devrient GmbH Verfahren zur authentisierung einer chipkarte innerhalb eines nachrichtenübertragungs-netzwerks
EP1175765A1 (en) * 1999-05-03 2002-01-30 Nokia Corporation SIM BASED AUTHENTICATION MECHANISM FOR DHCRv4/v6 MESSAGES
US20020169958A1 (en) * 2001-05-14 2002-11-14 Kai Nyman Authentication in data communication
US20030028763A1 (en) * 2001-07-12 2003-02-06 Malinen Jari T. Modular authentication and authorization scheme for internet protocol

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1695480A4 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1788754A3 (en) * 2005-11-16 2007-12-19 LG - Nortel Co., Ltd. Mobile communication terminal for wireless internet access and wireless internet access method
WO2008153456A1 (en) * 2007-06-11 2008-12-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for certificate handling
US20110283106A1 (en) * 2009-01-22 2011-11-17 Zte Corporation Method for realizing authentication center and authentication system
US8527762B2 (en) * 2009-01-22 2013-09-03 Zte Corporation Method for realizing an authentication center and an authentication system thereof
CN101635710B (zh) * 2009-08-25 2011-08-17 西安西电捷通无线网络通信股份有限公司 一种基于预共享密钥的网络安全访问控制方法及其系统
US8646055B2 (en) 2009-08-25 2014-02-04 China Iwncomm Co., Ltd. Method and system for pre-shared-key-based network security access control
US9614842B2 (en) * 2014-07-31 2017-04-04 Samsung Electronics Co., Ltd. Device and method of setting or removing security on content
US9852279B2 (en) 2014-07-31 2017-12-26 Samsung Electronics Co., Ltd. Device and method of setting or removing security on content
US11057378B2 (en) 2014-07-31 2021-07-06 Samsung Electronics Co., Ltd. Device and method of setting or removing security on content

Also Published As

Publication number Publication date
CN1918843A (zh) 2007-02-21
KR100546778B1 (ko) 2006-01-25
EP1695480A4 (en) 2012-08-29
CN1918843B (zh) 2011-02-09
KR20050060839A (ko) 2005-06-22
EP1695480A1 (en) 2006-08-30

Similar Documents

Publication Publication Date Title
US10425808B2 (en) Managing user access in a communications network
EP1095533B1 (en) Authentication method and corresponding system for a telecommunications network
ES2349292T3 (es) Procedimiento y servidor para proporcionar una clave de movilidad.
KR101148543B1 (ko) 통신 인증 방법 및 네트워크 수립 방법
US7065067B2 (en) Authentication method between mobile node and home agent in a wireless communication system
AU2003294330B2 (en) Methods and apparatus for dynamic session key generation and rekeying in mobile IP
JP4965671B2 (ja) 無線通信ネットワークにおけるユーザ・プロファイル、ポリシー及びpmipキーの配布
US8230212B2 (en) Method of indexing security keys for mobile internet protocol authentication
US8112065B2 (en) Mobile authentication through strengthened mutual authentication and handover security
EP1886459B1 (en) Method for auto-configuration of a network terminal address
JP5119242B2 (ja) モバイルipキーを提供する方法とシステム
CN101160924A (zh) 在通信系统中分发证书的方法
EA013147B1 (ru) Способ и система для обеспечения специфических для доступа ключей
CN101300815A (zh) 用于提供移动性密钥的方法和服务器
US20020169958A1 (en) Authentication in data communication
KR100546778B1 (ko) 무선 인터넷 가입자 인증 방법 및 그 장치
KR100968522B1 (ko) 상호 인증 및 핸드오버 보안을 강화한 모바일 인증 방법
Hamandi et al. W-AKA: Privacy-enhanced LTE-AKA using secured channel over Wi-Fi
KR20060117812A (ko) 이동 아이피를 지원하는 무선 네트워크에서 보안 장치 및방법
Georgiades et al. Distributed authentication protocol for the security of binding updates in mobile IPv6

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200480041723.0

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004774379

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWP Wipo information: published in national office

Ref document number: 2004774379

Country of ref document: EP