WO2006096017A1 - Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil - Google Patents

Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil Download PDF

Info

Publication number
WO2006096017A1
WO2006096017A1 PCT/KR2006/000836 KR2006000836W WO2006096017A1 WO 2006096017 A1 WO2006096017 A1 WO 2006096017A1 KR 2006000836 W KR2006000836 W KR 2006000836W WO 2006096017 A1 WO2006096017 A1 WO 2006096017A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
message
key
subscriber station
base station
Prior art date
Application number
PCT/KR2006/000836
Other languages
English (en)
Inventor
Seok-Heon Cho
Sung-Cheol Chang
Chul-Sik Yoon
Original Assignee
Electronics And Telecommunications Research Institute
Samsung Electronics Co., Ltd.
Kt Corporation
Sk Telecom Co., Ltd.
Hanaro Telecom, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020060007226A external-priority patent/KR100704675B1/ko
Application filed by Electronics And Telecommunications Research Institute, Samsung Electronics Co., Ltd., Kt Corporation, Sk Telecom Co., Ltd., Hanaro Telecom, Inc. filed Critical Electronics And Telecommunications Research Institute
Priority to EP06716286.7A priority Critical patent/EP1864426A4/fr
Priority to JP2008500632A priority patent/JP4649513B2/ja
Priority to US11/817,859 priority patent/US20090019284A1/en
Priority to CN2006800160911A priority patent/CN101176295B/zh
Publication of WO2006096017A1 publication Critical patent/WO2006096017A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to an authentication method of a wireless portable Internet system. More particularly, the present invention relates to an authentication method of a wireless portable Internet system and key generation method for generating various keys concerning the authentication method.
  • a wireless portable Internet supports mobility for local area data communication such as a conventional wireless local access network (LAN) that uses a fixed access point.
  • LAN wireless local access network
  • the above-described IEEE 802.16 supports a metropolitan area network (MAN) representing an information communication network covering the LAN and the wide area network (WAN).
  • MAN metropolitan area network
  • WAN wide area network
  • PLMv2 Privacy Key Management Version 2
  • the conventional PKMv2 can performs subscriber station or base station equipment authentication and user authentication by variously combining the mutual RSA (Rivest Shamir Adleman)-based authentication method for the subscriber station and base station and the EAP (Extensible Authentication Protocol)-based authentication method using a higher authentication protocol.
  • RSA Raster Shamir Adleman
  • EAP Extensible Authentication Protocol
  • the subscriber station and the base station exchange an authentication request message and authentication response message to perform the mutual authentication for the subciber station and base station. Also, when the authentication process is finished, the subscriber station informs the base station of all subscriber station-supportable security-related algorithms (Security_Capabilities) and the base station negotiates all the subscriber station-supportable security-related algorithms and provides the SA (Security Association) information to the subscriber station.
  • SA Security Association
  • the messages including the information transmitted between the subscriber station and the base station are transmitted/received wirelessly without additional message authentication functions, and accordingly, there is a problem in that such information is not secured.
  • an additional SA-TEK SA-Traffic Encryption Key
  • SA-TEK SA-Traffic Encryption Key
  • the EAP-based authentication process is finished and again the SA-TEK process is performed while the SA information is provided to the sucriber station according to the RSA-based authentication process, and accordingly, the subcrbier station receives all the subcrbier station-related SA information twice from the base station through the RSA-based authentication process and the SA-TEK process. Therefore, there are problems in that the SA information process is unnecessarily repeated, radio resources are wasted, and the authentication process becomes longer. Thus, the conventional authentication method is not performed hierarchically and uniformally.
  • the present invention has been made in an effort to provide an authentication method having advantages of providing a hierarchical and efficient authentication method based on PKMv2-based authentication scheme in the wireless portable Internet system.
  • the present invention has been made in an effort to provide a key generation method for generating an authorization key having a hierarchical structure for authorizised subscriber station.
  • the present invention has been made in an effort to provide a message authentication key generation method based on authorization key.
  • the present invention has been made in an effort to provide a traffic data encryption key generation and transmission method for stably transmitting traffic data between authorized subscriber station and base station.
  • An exemplary authentication method performs an authentication process at a first node being a base station or a subscriber station while linking a second node being the subscriber station or the base station in a wireless portable Internet system.
  • the the authentication method includes a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node; b) obtaining one or more basic key for generating an authorization key shared with the second node according to the authentication process; c) generating an authorization key based on a first node identifier, a second node identifier, and the basic key; and d) exchanging a security algorithm and SA (security association) information based on additional authentication process messages including the authorization key-related parameter and security-related parameter.
  • SA security association
  • an exemplary authentication method performs an authentication process at a first node being a base station or a subscriber station while linking a second node being the subscriber station or the base station in a wireless portable Internet system.
  • the authentication method includes a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node; b) obtaining one or more basic keys for generating an authorization key shared between the first and second nodes according to the authentication process; and c) exchanging a security algorithm and SA (Security Association) information with the second node based on additional authentication process messages including the authorization key-related parameter and security-related parameter, wherein the step c) further comprises generating an authorization key based on the first node identifier, a first random number that the first node randomly generates, the basic key, the second node identifier, and a second random number that the second node randomly generates.
  • SA Security Association
  • an exemplary authentication method performs an authentication process at a first node being a base station or a subscriber station while linking a second node being the subscriber station or the base station in a wireless portable Internet system.
  • the authentication method includes a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node; b) obtaining an authorization key shared between the first and second nodes according to the authentication process; and c) exchanging a security algorithm and SA (Security Association) information with the second node based on additional authentication process messages including the authorization key-related parameter and security-related parameter.
  • SA Security Association
  • an exemplary key generation method generates authentication-related keys when a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system.
  • the key generation method includes a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node and obtaining a first basic key for generating an authorization key; b) generating a second basic key from the first basic key; and c) generating the authorization key by performing a key generation algorithm using the second basic key as an input key and using the first node identifier, the second node identifier, and a predetermined string word as input data.
  • an exemplary key generation method generates authentication-related keys when a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system.
  • the key generation method includes a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node and obatininging a first basic key for generating an authorization key; b) generating a second basic key from the first basic key; and c) generating the authorization key by performing a key generation algorithm using the second basic key as the input key and using a first node identifier, a first random number that the first node randomly generates, a second node identifier, a second random number that the second node randomly generates, and predetermined string word as the input data.
  • An exemplary authorization key generation method generates a message authentication key parameters for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system.
  • the authorization key generation method includes a) when an authentication process performs an authenticated EAP-based authentication process after an RSA-based authentication process according to a negotiation between the first node and the second node, the first node obtaining a basic key shared with the second nodes through an RSA-based authentication process; b) obtaining result data by performing a key generation algorithm using the basic key as an input key and using a first node identifier, a second node identifier, and a predetermined string word as input data; c) extracting predetermined bits of the result data and using first predetermined bits of the extracted bits as message authentication keys for generating message authentication code parameter of an uplink message; and d) extracting predetermined bits of the result data and generating second predetermined bits of the extracted bit as a message authentication keys for generating a message authentication code parameter of a downlink message.
  • FIG. 1 is a diagram schematically showing a structure of a wireless portable Internet system according to an exemplary embodiment of the present invention.
  • FIG. 2 is a table showing an internal parameter configuration of a PKMv2 RSA-Request message used in an RSA-based authentication method according to an exemplary embodiment of the present invention.
  • FIG. 3 is a table showing an internal parameter configuration of a PKMv2 RSA-Reply message used in an RSA -based authentication method according to an exemplary embodiment of the present invention.
  • FIG. 4 is a table showing an internal parameter structure of a PKMv2 RSA-Reject message used in an RSA -based authentication method according to an exemplary embodiment of the present invention.
  • FIG. 5 is a table showing an internal parameter structure of a PKMv2
  • FIG. 6 is a table showing an internal parameter structure of a PKMv2 EAP-Transfer message used in an EAP-based authentication method according to an exemplary embodiment of the present invention.
  • FIG. 7 is a table showing an internal parameter structure of a PKMv2 Authenticated-EAP-Transfer message used in an authenticated EAP-based authentication method according to an exemplary embodiment of the present invention.
  • FIG. 8 is a table showing an internal parameter structure of a PKMv2
  • SA-TEK-Challenge message used in a SA-TEK process according to an exemplary embodiment of the present invention.
  • FIG. 9 is a table showing an internal parameter structure of a PKMv2 SA-TEK-Request message used in a SA-TEK process according to an exemplary embodiment of the present invention.
  • FIG. 10 is a table showing an internal parameter structure of a PKMv2 SA-TEK-Response message used in a SA-TEK process according to an exemplary embodiment of the present invention.
  • FIG. 11 is a flowchart of an authentication method performing only an RSA-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 12 is a flowchart for generating authorization key in an authentication method performing only an RSA-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 13 is a flowchart of an authentication method performing only an EAP-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 14 is a flowchart for generating authorization key in an authentication method performing only an EAP-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 15 is a flowchart of an authentication method sequentially performing an RSA-based authentication process and EAP-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 16 is a flowchart for generating authorization key in an authentication method sequentially performing an RSA-based authentication process and an EAP-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 17 is a flowchart of an authentication method sequentially performing an RSA-based authentication process and an authenticated EAP-based authentication process according to a first exemplary embodiment of the present invention.
  • FIG. 18 is a flowchart of an authentication method according to a second exemplary embodiment of the present invention, and particularly, a flowchart showing a SA-TEK process.
  • FIG. 19 is a flowchart for generating authorization key in an authentication method performing only an RSA-based authentication process according to a second exemplary embodiment of the present invention.
  • FIG. 20 is a flowchart for generating authorization key in an authentication method performing only an EAP-based authentication process according to a second exemplary embodiment of the present invention.
  • FIG. 21 is a flowchart for generating authorization key in an authentication method sequentially performing an RSA-based authentication process and an EAP-based authentication process according to a second exemplary embodiment of the present invention.
  • FIG. 22 is a flowchart for generating an HMAC key or a CMAC key for authenticating a message using an EIK according to first and second exemplary embodiments of the present invention.
  • FIG. 23 is a table showing an internal parameter structure of a PKMv2 Key-Request message among messages used in a traffic encryption key generation and distribution process according to exemplary embodiments of the present invention.
  • FIG. 24 is a table showing an internal parameter structure of a PKMv2 Key-Reply message among messages used in a traffic encryption key generation and distribution process according to exemplary embodiments of the present invention.
  • FIG. 25 is a table showing an internal parameter structure of a PKMv2 Key-Reject message among messages used in a traffic encryption key generation and distribution process according to exemplary embodiments of the present invention.
  • FIG. 26 is a table showing an internal parameter structure of a PKMv2
  • FIG. 27 is a table showing an internal parameter structure of a PKMv2 TEK-lnvalid message among messages used in a traffic encryption key error informing process according to exemplary embodiments of the present invention.
  • FIG. 28 is a flowchart showing a traffic encryption key generation and distribution process according to exemplary embodiments of the present invention.
  • FIG. 1 is a diagram schematically showing a structure of a wireless portable Internet system according to an exemplary embodiment of the present invention.
  • the wireless portable Internet system basically includes a subscriber station 100, base stations 200 and 210 (hereinafter, selectively denoted by "200" for convenience of description), routers 300 and 310 connected to the base station through a gateway, and an Authentication Authorization and Accounting (AAA) server 400 for authenticating the subscriber station 100, connected to the routers 300 and 310.
  • AAA Authentication Authorization and Accounting
  • the subscriber station 100 and the base station 200 or 210 try to communicate with each other, they negotiate an authentication mode for authenticating the subscriber station 100 and perform an authentication process in the selected authentication mode.
  • RSA Rivest Shamir Adleman
  • MAC Media Access Control
  • EAP Extensible Authentication Protocol
  • a higher EAP authorization protocol layer of the respective nodes is placed on the higher layer than the MAC layer so that it performs an EAP authorization process, and it includes an EAP layer as a transmission protocol of various authentication protocols and an authentication protocol layer for performing an actual authentication such as a TLS (Transport Level Security) or TTLS (Tunneled TLS) protocol.
  • TLS Transport Level Security
  • TTLS Transmission Layer Switch
  • the higher EAP authorization protocol layer performs an EAP authorization with data transmitted from the MAC layer and transmits the the EAP authentication information to the MAC layer. Therefore, the information is processed into various message formats relating to the EAP authentication through the MAC layer and is then transmitted to the other node.
  • the MAC layer performs a total control for the wireless communication and is functionally divided into a MAC Common Part Sublayer (hereinafter, referred to as "MAC CPS") for charging system access, bandwidth allocation, traffic connection addition and maintenance, and Quality of Service (QoS) managing functions, and a Service Specific Convergence Sublayer (hereinafter, referred to as "MAC CS”) charging payload header suppression and QoS mapping functions.
  • MAC CPS MAC Common Part Sublayer
  • QoS Quality of Service
  • MAC CS Service Specific Convergence Sublayer
  • a Security Sublayer for performing a subscriber station or base staton equipment authentication function and a security function including a security key exchange function and an encryption function may be defined in the MAC common part sublayer, but is not limited thereto.
  • An authentication policy performed between the subscriber station 100 and the base station 200 according to the exemplary embodiment of the present invention is based on authentication policies according to the PKMv2.
  • the authentication policies according to the PKMv2 are classified into four types according to a combination of an RSA-based authentication method, an EAP-based authentication method, and an authenticated EAP-based authentication method.
  • the first type is a Rivest Shamir Adleman (RSA)-based authentication method for performing mutual equipment authorization of the subscriber station and the base station
  • the second type is an Extensible Authentication Protocol (EAP)-based authentication method for performing equipment authentication of the subscriber station and the base station and a user authentication by using a higher EAP protocol.
  • EAP Extensible Authentication Protocol
  • the third type there is a combination of the two methods, in which the RSA-based authentication for the mutual equipment authentication of the subscriber station and the base station is performed and then the EAP-based authentication for the user authentication is performed.
  • the authenticated EAP-based authorization method is the same as the EAP-based authorization method in that the authenticated EAP-based authorization method uses a higher EAP protocol, but authenticates a message used when the subscriber station and base station transmit the higher EAP protocol, unlike the EAP-based authorization method.
  • the authenticated EAP-based authorization method determines a Message Authentication Code mode (MAC mode) to be used to perform a message authentication function between the subscriber station and base station through a subscriber station basic capability negotiation process before the subscriber station and base station perform an actual authentication process.
  • a Hash Message Authentication Code (HMAC) or a Cipher-based Message Authentication Code (CMAC) is determined according to the MAC mode.
  • one authentication method selected among the four authentication methods described above is performed in response to the negotiation between the subscriber station and base station.
  • the subscriber station and base station performs a SA_TEK process so as to exchange a subscriber station security algorithm and SA information after one authentication method selected among the four authentication methods described above is performed.
  • the subscriber station and base station provide a PKMv2 framework to use a Primary Authorization Key (PAK) obtained through the RSA-based authentication process or a Pairwise master Key (PMK) obtained through the EAP-based authorization process or authenticated EAP-based authorization, a subscriber station identifier, that is, a subscriber station MAC address, and a base station identifier (BS ID), in order to generate an Authorization Key (AK).
  • PAK Primary Authorization Key
  • PMK Pairwise master Key
  • AK base station identifier
  • the subscriber station and base station provide a PKMv2 framework to use a subscriber station random number (MS_ Random) and a base station random number (BS_Random) which are included during the SA_TEK process and randomly generated as well as a primary authorization key (PAK) obtained through the RSA-based authentication process or a pairwise master key (PMK) obtained through the EAP-based authorization process or authenticated EAP-based authorization, a subscriber station identifier, that is, a subscriber station MAC address, and a base station identifier (BS ID), in order to generate the authorization key.
  • MS_ Random subscriber station random number
  • BS_Random base station random number
  • PMK pairwise master key
  • BS ID base station identifier
  • the subscriber station MAC address is used as the subscriber station identifier, but is not limited thereto. Therefore, other information that is capable of distinguishing the corresponding subscriber station may be used instead of the subscriber station MAC address so as to generate the authorization key.
  • FIG. 2 is a table showing an internal parameter structure of a PKMv2 RSA-Request message used in an RSA-based authentication method according to an exemplary embodiment of the present invention.
  • a PKMv2 RSA-Request message is used when the subscriber station requests a subscriber station equipment authentication for the base station, and it may be referred to as an "RSA authentication request message.”
  • the PKMv2 RSA-Request message includes a subscriber station random number (MS_Random), a subscriber station certificate (MS_Certificate), and a message authentication parameter (SigSS).
  • MS_Random subscriber station random number
  • MS_Certificate subscriber station certificate
  • SigSS message authentication parameter
  • the subscriber station random number (MS_Random) is a value (i.e., of 64 bits) that the subscriber station randomly generates, and is for preventing a replay attack from an illegal attacker.
  • the subscriber station certificate includes a Public Key of the subscriber station.
  • the base station receives the subscriber station certificate, it performs an authorization for subscriber station equipment based on the subscriber station certificate.
  • the message authentication parameter (SigSS) is used to authenticate the PKMv2 RSA-Request message itself.
  • the subscriber station generates the message authentication parameter (SigSS) by applying other parameters of the PKMv2 RSA-Request message excluding the SigSS to the Message Hash function (i.e., RSA algorithm) based on a subscriber station Private Key.
  • FIG. 3 is a table showing an internal parameter structure of a PKMv2 RSA-Reply message used in an RSA-based authentication method according to an exemplary embodiment of the present invention.
  • the PKMv2 RSA-Reply message is used in the case that the base station requests a base station equipment authentication of the subscriber station when the subscriber station equipment authentication is successfully performed according to the PKMv2 RSA-Request message, and may be referred to as an "RSA authentication response message.”
  • the PKMv2 RSA-Reply message includes a subscriber station random number (MS_Random), a base station random number
  • BS_Certificate a base station certificate
  • SigBS message authentication parameter
  • the subscriber station random number (MS_Random) is equal to the subscriber station random number (MS_Random) included in the PKMv2 RSA-Request message.
  • the base station random number (BS_Random) is a value (i.e., of 64 bits) that the base station randomly generates.l
  • Such subscriber station random number (MS_Random) and base station random number (BS_Random) are parameters for preventing a replay attack from an illegal attacker.
  • the encrypted pre-PAK is generated by encrypting a value (pre-PAK) that the base station randomly generates with the subscriber station public key included in a subscriber station certificate (MS_Certificate) among internal parameters of the PKMv2 RSA-Request message.
  • pre-PAK a value that the base station randomly generates with the subscriber station public key included in a subscriber station certificate (MS_Certificate) among internal parameters of the PKMv2 RSA-Request message.
  • the pre-PAK may be a value of 256 bits that the base station randomly generates.
  • the Key Lifetime is given as an effective time of the PAK, and the Key
  • Sequence Number is given as a sequence number of the PAK.
  • the base station certificate (BS_Certificate) includes a base station public key.
  • the subscriber station performs an authorization for base station equipment based on the base station certificate.
  • the message authentication parameter (SigBS) is used to authenticate the PKMv2
  • the base station generates the message authentication parameter (SigBS) by applying other parameters of the PKMv2 RSA-Reply message excluding the SigBS to the Message Hash function (i.e., an RSA algorithm) based on a base station Private Key.
  • SigBS message authentication parameter
  • the Message Hash function i.e., an RSA algorithm
  • FIG. 4 is a table showing an internal parameter structure of a PKMv2 RSA-Reject message used in an RSA-based authentication method according to an exemplary embodiment of the present invention.
  • the PKMv2 RSA-Reject message is used to inform that the base station received the PKMv2 RSA-Request message fails to authenticate the subscriber station equipment, and may be referred to as an "RSA authentication failure message.”
  • the PKMv2 RSA-Reject message includes a subscriber station random number (MS_Random), a base station random number (BS_Random), an Error Code, a Display-String, and a message authentication parameter (SigBS).
  • the subscriber station random number (MS_Random) is equal to the subscriber station random number (MS_Random) included in the PKMv2 RSA-Request message, and the base station random number (BS_Random) is a value (i.e., of 64 bits) that the base station randomly generates.
  • the base station random number (BS_Random) is a parameter for preventing a replay attack from an illegal attacker.
  • the Error Code provides a reason that the base station fails to authenticate the subscriber station equipment
  • the Display-String provides a reason that the base station fails to authenticate the subscriber station equipment as a string.
  • the message authentication parameter (SigBS) is used to authenticate the PKMv2 RSA-Reject message itself.
  • the base station generates the SigBS by applying other parameters of the PKMv2 RSA-Reject message excluding the SigBS to the Message Hash function (i.e., an RSA algorithm) based on a base station Private Key.
  • FIG. 5 is a table showing an internal parameter structure of a PKMv2
  • a PKMv2 RSA-Acknowledgement message is used to inform that the subscriber station received the PKMv2 RSA-Reply message succeeds in authenticating the base station equipment, and may be referred to as an "RSA authentication recognizing message.”
  • the base station When the base station receives the PKMv2 RSA-Acknowledgement message including a success authentication for the base station equipment, the RSA-based authentication process is finished.
  • the PKMv2 RSA-Acknowledge message includes a subscriber station random number (MS_Random) and a base station random number (BS_Random), an authentication result code (Auth Result Code), and a message authentication parameter (SigSS), and selectively contains an
  • the subscriber station random number (MS_Random) is equal to the subscriber station random number (MS_Random) included in the PKMv2
  • the authentication result code is for informing of authorization result (success or failure) for a base station equipment.
  • the Error Code and Display-String are only definded when a value of the authentication result code is a failure.
  • the Error Code provides a reason that the subscriber station fails to authenticate the base station equipment
  • the Display-String provides a reason that the subscriber station fails to authenticate the base station equipment as a string.
  • the message authentication parameter (SigBS) is used to authenticate the PKMv2 RSA-Acknowledgement message.
  • the subscriber station generates the SigSS by applying other parameters of the PKMv2
  • the EAP-based authorization method or authenticated EAP-based authorization method uses a PKMv2 EAP-Start message.
  • the PKMv2 EAP-Start message is used when the subscriber station informs the base station that the EAP-based authorization method or authenticated EAP-based authorization method starts, and may be referred to as an "EAP authorization start message.”
  • FIG. 6 is a table showing an internal parameter structure of a PKMv2
  • EAP-Transfer message used in an EAP-based authentication method according to an exemplary embodiment of the present invention.
  • a PKMv2 EAP-Transfer message is used to transmit EAP data to the recieve node (subscriber station or base station) when the subscriber station or the base station receives EAP data from a higher EAP authorization protocol, and it may be referred to as an "EAP data transfer message.”
  • the PKMv2 EAP-Transfer message includes an EAP Payload.
  • the EAP Payload is given as the EAP data received from the higher EAP authorization protocol.
  • the EAP Payload is not analyzed by the MAC layer of the subscriber station or the base station.
  • FIG. 7 is a table showing an internal parameter structure of a PKMv2 Authenticated-EAP-Transfer message used in an EAP-based authentication method according to an exemplary embodiment of the present invention.
  • a PKMv2 Authenticated-EAP-Transfer message is used to transfer the corresponding EPA data to the receive node (subscriber station or base station) when the subscriber station or the base station receives EAP data from a higher EAP authorization protocol.
  • the PKMv2 Authenticated-EAP-Transfer message may be referred to as an "authenticated EAP data transfer message.”
  • the PKMv2 Authenticated-EAP-Transfer message includes a message authentication function unlike the PKMv2 EAP-Transfer message.
  • the message specifically includes a Key Sequence Number, an EAP Payload, and a message authentication code parameter, CMAC-Digest or
  • the Key Sequence Number is a sequence number of the PAK. Keys for generating the message authentication code parameter, CMAC-Digest or
  • HMAC-Digest included in the PKMv2 Authenticated-EAP-Transfer message are derived with the pre-PAK obtained through the RSA-based authentication process.
  • the PAK sequence number is desired to distinguish between two pre-PAKs because a subscriber station and a base station may simultaneously have the two pre-PAKs. At this time, the PAK sequence number is equal to the pre-PAK sequence number. Therefore, the Key Sequence Number indicates the PAK sequence number for the pre-PAK used when the message authentication code parameter is generated.
  • the EAP Payload indicates EAP data received from the higher EAP authorization protocol as described above.
  • the message authentication code parameter CMAC-Digest or HMAC-Digest, is used to authenticate the PKMv2 Authenticated-EAP-Transfer message.
  • the subscriber station or the base station generates an EIK (EAP Integrity Key) with the pre-PAK shared through the RSA-based authentication process.
  • EIK EAP Integrity Key
  • the CMAC-Digest or HMAC-Digest is generated by applying other parameters of the PKMv2 Authenticated-EAP-Transfer message excluding the message authentication code parameter to the Message Hash function (i.e., RSA algorithm) based on the EIK generated in this manner.
  • Message Hash function i.e., RSA algorithm
  • EAP-based authorization method uses a PKMv2 EAP-Transfer-Complete message.
  • the PKMv2 EAP-Transfer-Complete message is used to inform the base station that the subscriber station successfully finishes the EAP-based authorization process or authenticated EAP-based authorization process, and may be referred to as an "EAP authorization success message.”
  • the PKMv2 EAP-Transfer-Complete message includes no parameter, but is not limited thereto.
  • EAP-Transfer-Complete message are identically applied to the first and second exemplary embodiments.
  • FIG. 8 is a table showing an internal parameter structure of a PKMv2 SA-TEK-Challenge message used in a SA-TEK process according to an exemplary embodiment of the present invention.
  • a PKMv2 SA-TEK-Challenge message is used when the base station
  • SA-TEK challenge message informs the subscriber station that a SA-TEK process is started after the authentication process between the subscriber station and the base station has been finished. It may be referred to as a "SA-TEK challenge message.”
  • the PKMv2 SA-TEK-Challenge message includes the base station random number (BS_Random), the Key Sequence
  • AK-ID Authorization Key-Identifier
  • CMAC-Digest message authentication code parameter
  • the base station random number (BS_Random) is a value that the base station randomly generates as described above.
  • the base station random number (BS_Random) is a parameter for preventing a replay attack from an illegal attacker.
  • the Key Sequence Number is given as a consecutive number of the authorization key.
  • a key for generating the CMAC-Digest or HMAC-Digest included in the PKMv2 SA-TEK-Challenge message is derived from the authorization key.
  • the Authorization key sequence number is used to distinguish between two authorization keys because a subscriber station and a base station may simultaneously have the two authorization keys.
  • the Key Lifetime is an effective time of the PMK. This field must support the EAP-based authorization method or the authenticated EAP-based authorization method, and it may be defined only when the subscriber station and the base station share an MSK according to a characteristic of the higher EAP authorization protocol.
  • the Authorization Key ldenifier may be derived from the authorization key, the authorization key sequence number, the subscriber station MAC address, and the base station identifier.
  • the Authorization Key ldenifier is independently generated by the subscriber station and the base station, and is transmitted from the base station to the subscriber station so as to confirm that the base station and the subscriber station have the same Authorization Key ldenifier.
  • the Authorization key sequence number is generated in combination of the PAK sequence number and the PMK sequence number.
  • the Authorization key sequence number included in the PKMv2 SA-TEK-Challenge message is for informing of the PMK sequence number. This is because the PAK sequence number may be included in the PKMv2 RSA-Reply message of the RSA-based authentication process and the PMK sequence number may not be included in any messages of the EAP-based authentication process.
  • the Authorization Key ldenifier is formed through such an authorization key sequence number.
  • the Authorization key sequence number and the Authorization Key ldenifier all both used to distinguish between two authorization keys in the case that the subscriber station and the base station simultaneously have two authorization keys.
  • the all neighbor base stations have the same authorization key sequence number if the re-authentication process is not necessary in the case that the subscriber station requests a handover. However, the base stations have different Authorization Key Idenifiers.
  • HMAC-Digest is used to authenticate the PKMv2 SA-TEK-Challenge message.
  • the base station generates the CMAC-Digest or HMAC-Digest by applying other parameters included in the PKMv2 SA-TEK-Challenge message excluding the message authentication code parameter to the Message Hash function based on the Authorization Key.
  • the base station transmits the PKMv2 SA-TEK-Challenge message to the subscriber station so as to inform a SA_TEK process start, after the authentication process between the base station and the subscriber station has been finished.
  • the PKMv2 SA-TEK-Challenge message used in the second exemplary embodiment includes the base station random number (BS_Random), the Random Lifetime, and the Key Sequence Number, unlike the first exemplary embodiment, and it may include a Key Lifetime for the
  • the Random Lifetime indicates effective time for the subscriber station random number and base station random number.
  • FIG. 9 is a table showing an internal parameter structure of a PKMv2 SA-TEK-Request message used in a SA-TEK process according to an exemplary embodiment of the present invention.
  • the PKMv2 SA-TEK-Request message is for informing of all security algorithms that the subscriber station can support, and it may be referred to as a "SA-TEK request message.”
  • the subscriber station transmits the PKMv2 SA-TEK-Request message including all secuirty-related algorithms that the subscriber station can support to the base station when the subscriber station receives the PKMv2 SA-TEK-Challenge message, successfully authenticates the corresponding message, and then confirms that the Authorization Key Idenifier, particularly the generated Authorization Key Idenifier by subscriber station itself, is equal to the Authorization Key Idenifier included in the PKMv2 SA-TEK Challenge message received from the base station.
  • the subscriber station transmits the PKMv2 SA-TEK-Request message including all the security-related algorithms that the subscriber station can support when the subscriber station receives the PKMv2 SA-TEK-Challenge message and successfully authenticates the corresponding message.
  • the PKMv2 SA-TEK-Request message includes a subscriber station random number (MS_Random) and a base station random number
  • B_Random a Key Sequence Number
  • an Authorization Key Idenifier a Key Sequence Number
  • Subscriber station security algorithm capabilities Security_Capabilities
  • CMAC-Digest or HMAC-Digest a message authentication code parameter
  • the subscriber station random number is a value (i.e., of 64 bits) that the subscriber station randomly generates, and the base station random number (BS-Random) is equal to the base station random number (BS-Random) included in the PKMv2 SA-TEK-Challenge message.
  • the subscriber station random number (MS_Random) is a parameter for preventing a replay attack from an illegal attacker.
  • the Key Sequence Number is an authorization key sequence number for distinguishing between the authorization keys used to derive the keys for generating the message authentication code parameter, CMAC-Digest or HMAC-Digest, included in the PKMv2 SA-TEK-Request message as described above.
  • the Authorization Key ldenifier is derived from the authorization key, the sequence number thereof, the subscriber station MAC address, and the base station identifier.
  • the subscriber station security algorithm capability is a parameter for indicating the entire security algorithm that the subscriber station can support.
  • the message authentication code parameter, CMAC-Digest or HMAC-Digest is a parameter used to authenticate the PKMv2 SA-TEK-Request message.
  • the subscriber station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 SA-TEK-Request message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • the Authorization Key ldenifier included in the PKMv2 SA-TEK-Request message is equal to the Authorization Key ldenifier included in the PKMv2 SA-TEK-Challenge message.
  • Key ldenifier included in the PKMv2 SA-TEK-Request message is generated based on the authorization key that the subscriber station generates, the sequence number of the authorization key, the subscriber station MAC address, and the base station identifier.
  • FIG. 10 is a table showing an internal parameter structure of a PKMv2 SA-TEK-Response message used in a SA-TEK process according to an exemplary embodiment of the present invention.
  • a PKMv2 SA-TEK-Response message is used when the base station transmits SA information to the subscriber station, and it may be referred to as a "SA-TEK reply message.”
  • the base station transmits the PKMv2
  • SA-TEK-Response message including all SA information to the subscriber station when the base station received the PKMv2 SA-TEK-Request message successfully authenticates the corresponding message, and then confirms that the containing Authorization Key Idenifier, particularly an Authorization Key Idenifier that the base station generates, is equal to the Authorization Key Idenifier included in the PKMv2 SA-TEK Request message.
  • the PKMv2 SA-TEK-Response message includes a subscriber station random number MS_Random and base station random number BS_Random, a Key Sequence Number, an Authorization Key Idenifier, SA-TEK update information (SA_TEK_Update), one or more SA descriptor (SA-Descriptor), and a message authentication code parameter (CMAC-Digest or HMAC-Digest).
  • the subscriber station random number MS_Random is equal to the subscriber station random number MS_Random included in the PKMv2 SA-TEK Request message received from the subscriber station, and the base station random number BS_Random is equal to the base station random number BS_Random included in the PKMv2 SA-TEK-Challenge message.
  • the Key Sequence Number is a consecutive number of the Authorization Key.
  • the key for generating the CMAC-Digest or HMAC-Digest included in thePKMv2 SA-TEK-Response message is derived from the authorization key.
  • the authorization key needs a consecutive number thereof so as to distinguish between the two authorization keys to be simultaneously included in the subscriber station and the base station.
  • the Authorization Key ldenifier is derived from the authorization key, the sequence number thereof, the subscriber station MAC address, and the base station identifier.
  • SA-TEK_Update is a parameter including SA information, and is used during the handover process or the network re-entry process.
  • SA descriptor is a parameter including the SA information, and is used during an initial network entry process. However, it is not limited thereto.
  • the SA descriptor specifically includes a SAID, that is, a SA identifier, a SA type for informing of a type of SA, a SA service type for informing of a form of SA traffic service that is defined when the SA type is given as a dynamic SA or a stable SA, and a Cryptographic-Suite for informing of an encryption algorithm to be used in the corresponding SA.
  • a SAID that is, a SA identifier
  • a SA type for informing of a type of SA
  • a SA service type for informing of a form of SA traffic service that is defined when the SA type is given as a dynamic SA or a stable SA
  • a Cryptographic-Suite for informing of an encryption algorithm to be used in the corresponding SA.
  • the SA descriptor may be repeatedly defined by the number of SAs that the base station dynamically generates.
  • the message authentication code parameter is a parameter used to authenticate the PKMv2 SA-TEK-Response message itself.
  • the base station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 SA-TEK-Response message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • the Authorization Key ldenifier of the PKMv2 SA-TEK-Response message is equal to the Authorization Key ldenifier included in the PKMv2 SA-TEK-Challenge message.
  • the Authorization Key ldenifier of the PKMv2 SA-TEK-Response message is equal to the Authorization Key ldenifier included in the PKMv2 SA-TEK-Request message.
  • An authentication method performs an authentication based on various policies generated according to a combination of the RSA-based authentication method, the EA-based authentication method, and the authenticated EAP-based authorization method. Particularly, the authentication is performed according to the predetermined process and then the subscriber station and the base station perform a SA-TEK process so as to exchange the subscriber station security algorithm and Security Association (SA) information.
  • SA Security Association
  • the conventional PKMv2 authentication policy has problems in that two processes, that is, the RSA-based authentication process and the SA-TEK process, repeatedly exchange the subscriber station security algorithm and SA information, and the same exchanged in the RSA-based authentication process is unreliable because the messages exchanged between the subscriber station and the base station is not authenticated in the RSA-based authentication process.
  • the subscriber station and base station exchange the subscriber station security algorithm and SA information through the SA-TEK process for supporting the message authentication function thereto.
  • a first example according to the first exemplary embodiment of the present invention performs only the RSA-based authentication process.
  • FIG. 11 is a flowchart of an authentication method for performing only an RSA-based authentication process according to a first example of the first exemplary embodiment of the present invention.
  • An authentication method may be selected while performing a subscriber station basic capability negotiation process before the subscriber station 100 and the base station 200 perform an actual authentication process.
  • the subscriber station 100 transmits a digital certificate to the base station through the PKM message, that is, an authentication message among the MAC messages as shown in FIG. 11.
  • the subscriber station 100 adds a certificate including the subscriber station public key to the PKMv2 RSA-Request message, and transmits the added message to the base station 200 (S100).
  • the base station 200 received the PKMv2 RSA-Request message from the subscriber station 100 performs the corresponding subscriber station equipment authentication, and transmits the base station certificate and the PKMv2 RSA-Reply message including a pre-PAK encrypted with a subscriber station public key to the subscriber station 100 so as to request base station equipment authentication, when the subscriber station equipment authentication is successfully completed (S110).
  • the base station 200 transmits the PKMv2 RSA-Reject message to the subscriber station 100 and informs of an equipment authentication failure when the subscriber station equipment authentication is not successfully completed.
  • the subscriber station 100 receiving the PKMv2 RSA-Reply message from the base station 200 verifies the base station certificates included in the message to perform a base station equipment authentication, and transmits the PKMv2 RSA-Acknowledgement message including a result thereof to the base station 200 (S120). As such, the RSA-based authentication is performed even at the subscriber station, and when the base station equipment authentication is successfully completed, the subscriber station 100 transmits the PKMv2 RSA-Acknowledgement message including the success result to the base station 200, and accordingly the RSA-based mutual authentication process is completed.
  • the subscriber station 100 and the base station 200 shares a pre-PAK and generate a PAK using the pre-PAK.
  • the subscriber station 100 and the base station 200 respectively generate an Authorization Key (AK) using the PAK, the subscriber station MAC address, and the base station identifier (S130).
  • AK Authorization Key
  • the subscriber station 100 and the base station 200 perform the SA-TEK process so as to exchange the subscriber station security algorithm and SA (Security Association) information.
  • SA Security Association
  • the subscriber station 100 and the base station 200 perform a 3-Way SA-TEK exchange process so as to synchronize the Authorization Key Idenifier, the sequence number thereof, the SAID, the algorithm to be used for the respective SAs, and the Traffic Encryption Keys (TEKs).
  • a 3-Way SA-TEK exchange process so as to synchronize the Authorization Key Idenifier, the sequence number thereof, the SAID, the algorithm to be used for the respective SAs, and the Traffic Encryption Keys (TEKs).
  • the base station 200 for generating the authorization key through the authentication process transmits the PKMv2 SA-TEK-Challenge message to the subscriber station 100, and accordingly starts the SA-TEK process (S 140).
  • the base station 200 provides the sequence number of the authorization key and the Authorization Key ldenifier (AK-ID) to the subscriber station 100 through the PKMv2 SA-TEK-Challenge message.
  • the PKMv2 RSA-Reply message includes the PAK sequence number, and accordingly, the sequence number of the authorization key of the PKMv2 SA-TEK-Challenge message is equal to the PAK sequence number included in the PKMv2 RSA-Reply message.
  • the subscriber station 100 can perform the message authentication function based on the message authentication code parameter, CMAC-Digest or HMAC-Digest, included in the PKMv2 SA-TEK-Challenge message.
  • the subscriber station 100 generates a new message authentication code parameter by applying other parameters of the received PKMv2 SA-TEK-Challenge message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • the subscriber station 100 determines whether the generated message authentication code parameter is equal to the message authentication code parameter included in the PKMv2 SA-TEK-Challenge message, and accordingly regards it as a message authentication success when these parameters are identical and as an authentication failure when these parameters are not identical.
  • the message authentication is successfully finished, it is regarded that the subscriber station and the base station share the same authorization key. However, when the message authentication is not successfully finished, the subscriber station 100 discards the received message.
  • the message authentication is performed through the processes described above when the message authentication code parameter (CMAC-Digest or HMAC-Digest) is included in the message transmitted/received between the subscriber station and the base station, and a predetermined process is performed based on the corresponding message when the message authentication is successfully finished.
  • the message authentication code parameter may be generated based on the EAP Integrity Key (EIK) instead of the authorization key to perform the message authentication.
  • the Authorization Key ldenifier included in the PKMv2 SA-TEK-Challenge message is equal to the subscriber station-contained Authorization Key ldenifier, and particularly, the subscriber station-generated Authorization Key ldenifier (this identifier is generated based on the authorization key sequence number included in the
  • PKMv2 SA-TEK-Challenge message the known authorization key, the base station identifier, and the subscriber station MAC address
  • PKMv2 SA-TEK-Challenge message the known authorization key
  • the base station identifier the base station identifier
  • subscriber station MAC address the subscriber station MAC address
  • the Authorization Key ldenifiers are not identical, it is determined that the subscriber station and the base station generate the Authorization Key ldenifier using the different authorization keys, sequence number of the authorization key, base station identifiers or subscriber station MAC addresses, and the PKMv2 SA-TEK-Challenge message is discarded.
  • the PKMv2 SA-TEK-Challenge message is successfully authenticated and the same Authorization Key ldenifiers are determined, the message is determined as valid message so that the subscriber station 100 transmits the PKMv2 SA-TEK-Request message including all the security algorithms that the subscriber station supports to the base station 200 (S150).
  • the base station 200 performs the message authentication based on the message authentication code parameter included in the PKMv2 SA-TEK-Request message.
  • the base station 200 can determine whether the base station-contained Authorization Key ldenifier, particularly the Authorization Key ldenifier included in the PKMv2 SA-TEK-Challenge message, is equal to the Authorization Key ldenifier included in PKMv2 SA-TEK-Request message.
  • the base station 200 provides SAIDs and the algorithms corresponding to one available primary SA and 0 or more static SAs to the subscriber station 100 through the PKMv2 SA-TEK-Response message. Accordingly, the subscriber station 100 receives the PKMv2 SA-TEK-Response message and finishes the SA-TEK process. Lastly, all the authentication processes are finished (S160). At this time, the subscriber station 100 performs the PKMv2 SA-TEK-Response message authentication and finishes the SA-REK process when the message is successfully authenticated.
  • a reliable information exchange is performed by exchanging the subscriber station security algorithm and the SA information through the SA-TEK process including the message authentication function in the RSA-based authentication process.
  • a traffic encryption key generation and distribution process is performed so as to encrypt traffic data transmitted between the subscriber station and the base station. Through such process, the traffic data can be reliably transmitted between the subscriber station and the base station.
  • the traffic encryption key generation and distribution process will be described hereinafter.
  • FIG. 12 is a flowchart for generating authorization key in an authentication method performing only an RSA-based authentication process according to the first example of the first exemplary embodiment of the present invention.
  • the subscriber station and the base station share a pre-PAK (i.e., of 256 bits) (S131).
  • the pre-PAK is randomly generated by the base station.
  • the base station encrypts the pre-PAK using a subscriber station public key and transmits the encrypted pre-PAK to the subscriber station.
  • the encrypted pre-PAK is decrypted by the subscriber station having only a private key forming a pair with the subscriber station public key.
  • the subscriber station 100 obtains a pre-PAK by decrypting the encrypted pre-PAK transmitted from the base station with the secret key.
  • a key generation algorithm is performed when the pre-PAK is input as an input key, and the subscriber station MAC address, base station identifier, and a predetermined string, for example string words "EIK+PAK", are input as input data (S132).
  • the key generation algorithm according to exemplary embodiments of the present invention is given as "Dot16KDF"
  • Predetermined bits for example a higher 320 bits are truncated from result data generated according to the key generation algorithm.
  • Predetermined bits for example a higher 160 bits among the truncated data (320 bit data)
  • EIK EAP Integrity Key
  • PAK PAK
  • the generated EIK is used as an input key on the generation of a message authentication code parameter, CMAC-Digest or HMAC-Digest, for authenticating a PKMv2 Authenticated-EAP-Transfer message in a method for performing the RSA-based authentication process and then the authenticated EAP-authorization process.
  • the subscriber station 100 performs the key generation algorithm (i.e., Dot16KDF) by having the PAK as the input key and having a subscriber station MAC address, base station identifier, and a string
  • a higher 160 bits are truncated from the result data and used as an authorization key (AK) (S135).
  • the base station 200 also generates the authorization key based on the pre-PAK transmitted to the subscriber station as described above, and accordingly, the subscriber station and the base station share the same authorization key.
  • An authorization key having a hierarchic structure may be generated according to such an authorization key generation method.
  • FIG. 13 is a flowchart of an authentication method performing only an
  • the subscriber station 100 transmits a PKMv2 EAP-start message to the base station 200 so as to inform the EAP authorization protocol of the network that the EAP-based authentication process is started (S200).
  • the base station 200 receiving the message transmits the message through the MAC layer to the higher EAP authorization protocol layer, and transmits a PKMv2 EAP-transfer message inquiring authentication information of the subscriber station 100 according to a request transmitted from the higher EAP authorization protocol layer.
  • the subscriber station 100 transmits the PKMv2 EAP-transfer message including the subscriber station information in response to this message to the base station, and the base station 200 transmits the message to the authentication server 400.
  • the subscriber station 100 and the base station 200 link to the authentication server 400 and transmit the data to the other node whenever the EAP data is received from the higher EAP authorization protocol layer according to the EAP authorization protocol process through the PKMv2 EAP-Transfer message (S210 to S220).
  • the subscriber station or base station equipment authentication or user authentication is achieved at the higher EAP authorization protocol layer included in the subscriber station and the authentication server.
  • the number of PKMv2 EAP-Transfer messages transmitted between the subscriber station and the base station is changed according to the higher EAP authorization protocol.
  • the base station 200 transmits the PKMv2 EAP-Transfer message informing of authentication success to the subscriber station 100 (S240). Accordingly, the subscriber station 100 transmits the PKMv2 EAP-Transfer-Complete message to the base station so as to inform of a successful completion of EAP-based authentication process, and the base station 200 finishes the EAP-based authentication process when the base station receives the message (S250).
  • the subscriber station 100 and the base station 200 can share the MSK (Master Session Key) according to the higher EAP-based authentication process characteristic.
  • the subscriber station 100 and the base station 200 share the MSK, they generate the PMK (Pairwise Master Key) using the MSK.
  • the subscriber station 100 and the base station 200 respectively generate the authorization key using the PMK, the subscriber station MAC address, and the base station identifier through an authorization key generation process described hereinafter (S260).
  • S260 authorization key generation process described hereinafter
  • the 100 and the base station 200 perform a 3-Way SA-TEK exchange process so as to synchronize the Authorization Key Idenifier, the authorization key sequence number, the SAID, the algorithm to be used for the respective SAs, and the traffic encryption keys (TEKs).
  • This 3-Way SA-TEK exchange process is performed in the same manner as in the first example. Accordingly, a detailed description thereof will be omitted (S270 to S290). Then, the subscriber station and the base station generate and distribute the traffic encryption key so that the subscriber station and the base station can reliably transmit/receive the traffic data.
  • FIG. 14 is a flowchart for generating authorization key in an authentication method performing only an EAP-based authentication process according to the second example of the first exemplary embodiment of the present invention.
  • the subscriber station and the base station selectively share the MSK of 512 bits according to the higher EAP-based authentication process characteristic as shown in FIG. 14 (S261).
  • predetermined bits for example a higher 160 bits of the MSK
  • the truncated data that is, the160 bit data
  • the subscriber station performs the key generation algorithm (i.e., Dot16KDF using a CMAC algorithm) by having the PMK as the input key and having a subscriber station MAC address, a base station identifier, and a string word "AK" as the input data, obtains result data, truncates
  • the key generation algorithm i.e., Dot16KDF using a CMAC algorithm
  • predetermined bits for example a higher 160 bits from the result data, and uses the truncated data as the authorization key (S264 to S265).
  • the authorization key having a hierarchic structure may be generated according to such an authorization key generation method.
  • the authentication method selected in a subscriber station basic capability negotiation process performs the RSA-based authentication process and then the EAP-based authentication process.
  • FIG. 15 is a flowchart of an authentication method for sequentially performing an RSA-based authentication process and an EAP-based authentication process according to the third example of the first exemplary embodiment of the present invention.
  • the subscriber station 100 and the base station 200 perform a mutual authentication through the PKMv2 RSA-Request message and the PKMv2 RSA-Reply message in the same manner as in the first example, and the subscriber station 100 transmits the PKMv2 RSA-Acknowledgement to the base station 200, and accordingly, finishes the RSA-based authentication process when the subscriber station and the base station equipment are successfully mutually authenticated (S300 to S320).
  • the subscriber station 100 and the base station 200 share the pre-PAK according to the RSA-based authentication process and generate the PAK using the key (S330).
  • the subscriber station 100 and the base station 200 start the EAP-based authentication process in the same manner as in the second example through the PKMv2 EAP-Start message, exchange the plurality of
  • the subscriber station and the base station selectively share the MSK according to the higher EAP-based authentication protocol, and generate the
  • the subscriber station 100 and the base station 200 respectively generate the authorization key through the authorization key generation process described hereinafter using the PAK generated through the RSA-based authentication process or the PMK generated through the EAP-based authentication process, and the subscriber station MAC address and the base station identifier (S390).
  • the subscriber station 100 and the base station 200 perform the 3-Way SA-TEK exchange process so as to synchronize the Authorization Key Idenifier, the authorization key sequence number, the SAID, the algorithm to be used for the respective SAs, and the traffic encryption keys (TEKs) (S400 to S420).
  • This 3-Way SA-TEK exchange process is performed in the same manner as described above. Accordingly, a detailed description thereof is omitted.
  • the subscriber station and the base station generate and distribute the traffic encryption key so that the subscriber station and the base station reliably transmit/receive the traffic data.
  • FIG. 16 is a flowchart for generating authorization key in an authentication method for sequentially performing an RSA-based authentication process and an EAP-based authentication process according to the third example of the first exemplary embodiment of the present invention.
  • the authorization key generation method is applied only when the subscriber station and the base station share the MSK.
  • the authorization key may be generated according to the authorization key generation method shown in FIG. 12.
  • the subscriber station 100 and the base station 200 share a pre-PAK (i.e., 256 bits) (S391 ).
  • a key generation algorithm is performed when the pre-PAK is input as an input key, and the subscriber station MAC address, base station identifier, and a predetermined string, for example string words "EIK+PAK", are input as input data (S392).
  • Predetermined bits for example a higher 320 bits, are truncated from result data generated according to the key generation algorithm, predetermined bits, for example a higher 160 bits among the truncated data (320 bit data), are used as an EIK (EAP Integrity Key), and other bits, for example a lower 160 bits, are used as the PAK (S393).
  • EIK EAP Integrity Key
  • PAK PAK
  • the subscriber station and the base station share the MSK of the 512 bits according to the higher EAP-authorization protocol characteristic (S394).
  • predetermined bits for example a higher 160 bits of the MSK
  • the truncated data that is, the160 bit data
  • a result value obtained by a predetermined operation i.e., an exclusive-or operation of the PAK and PMK obtained as described above, is set as an input key.
  • the subscriber station performs the key generation algorithm (i.e., Dot16KDF using a CMAC algorithm) by having the result value as the input key and having a subscriber station MAC address, a
  • the authorization key having a hierarchic structure may be generated according to such an authorization key generation method.
  • the authentication method selected in a subscriber station basic capability negotiation process performs the RSA-based authentication process and then the authenticated EAP-based authentication process.
  • FIG. 17 is a flowchart of an authentication method for sequentially performing an RSA-based authentication process and an EAP-based authentication process according to a fourth example of the first exemplary embodiment of the present invention.
  • the subscriber station and base station are authenticated based on the RSA-based authentication process in the same manner as in the first example of the first exemplary embodiment, they share the pre-PAK, and they generate the PAK using the shared pre-PAK (S500 to S520).
  • the subscriber station 100 and the base station 200 start the subscriber station 100 and the base station 200 start the
  • EAP-based authentication process in the same manner as in the second example through the PKMv2 EAP-Start message, exchange the plurality of PKMv2 EAP-Transfer messages according to the higher EAP-based authentication protocol, and perform the user authentication (S530 to S580).
  • the subscriber station and the base station selectively share the MSK according to the higher EAP-based authentication protocol, and generate the PMK using the shared MSK.
  • the subscriber station 100 and the base station 200 respectively generate the authorization key through the authorization key generation process described hereinafter using the PAK or the PMK, and the subscriber station MAC address and the base station identifier (S590).
  • Such an authorization key generation method is performed in the same manner as in the third example (see FIG. 16). Accordingly, a detailed description thereof is omitted.
  • the EIK obtained based on the PAK is used as an input key for generating the message authentication code parameter (CMAC-Digest or HMAC-Digest) for authenticating the PKMv2 Authenticated-EAP-Transfer message.
  • the subscriber station After the authentication process is completed, the subscriber station
  • the 100 and the base station 200 perform the 3-Way SA-TEK exchange process so as to synchronize the Authorization Key Idenifier, the authorization key sequence number, the SAID, the algorithm to be used for the respective SAs, and the traffic encryption keys (TEKs) (S600 to S620).
  • This 3-Way SA-TEK exchange process is performed in the same manner as in the first example. Accordingly, a detailed description thereof is omitted.
  • the subscriber station and the base station generate and distribute the traffic encryption key so that the subscriber station and the base station reliably transmit/receive the traffic data.
  • the authorization key lifetime may be selected as a relatively shorter time from the PAK lifetime and the PMK lifetime defined by the authentication policy. The authorization key can be robustly maintained when the authorization key lifetime becomes shorter.
  • reliable information provision is achieved by exchanging the security-related information through performing the respective authorization processes according to the authorization policy negotiation and then essentially performing the SA_TEK process.
  • the authorization key having a hierarchical structure may be generated according to the respective authorization methods because the
  • PAK or PMK generated according to the authenticating process is respectively used as an input key of a key generation algorithm for generating an authorization key.
  • the authentication method according to the second exemplary embodiment of the present invention includes at least one of performing only an RSA-based authentication method, performing only an EAP-based authorization method, sequentially performing an RSA-based authentication and an EAP-based authorization method, and performing an RSA-based authentication and then an authenticated EAP-based authorization method according to an authentication method selected during the subscriber station basic capability negotiation process as described above in the same manner ⁇ as in the first exemplary embodiment.
  • the subscriber station and the base station generate and distribute the traffic encryption key after performing the authentication process according to the respective method so that the subscriber station and the base station reliably transmit/receive the traffic data.
  • the authentication process according to the respective authentication methods of the second exemplary embodiment is the same as that of the first exemplary embodiment. Accordingly, it is not described in detail.
  • the authorization key is generated during the SA-TEK process unlike in the first exemplary embodiment.
  • FIG. 18 is a flowchart of an authentication method according to a second exemplary embodiment of the present invention, and particularly, a flowchart showing a SA-TEK process.
  • the subscriber station and the base station finish the respective authentication processes according the negotiated authentication method (S700), and then the subscriber station and the base station performs the SA-TEK process so as to exchange the subscriber station security algorithm and SA information.
  • S700 negotiated authentication method
  • the base station 200 transmits the PKMv2 SA-TEK-Challenge message to the subscriber station 100, and accordingly starts the SA-TEK process.
  • the base station 200 informs the authorization key sequence number having the same characteristic as the first exemplary embodiment to the subscriber station 100, and does not inform the Authorization Key ldenifier unlike the first exemplary embodiment.
  • the base station generates the base station random number (BS_Random) of the randomly generated 64 bits and informs the same to the subscriber station. That is, the PKMv2 SA-TEK-Challenge message including the authorization key sequence number and the randomly generated 64 bit value (BS_Random) is transmitted to the subscriber station 100 (S710 to S720).
  • the subscriber station 100 receiving such a PKMv2 SA-TEK-Challenge message randomly generates the subscriber station random number (MS_Random) of 64 bits (S730).
  • an authorization key is derived from the subscriber station random number (MS_Random), the base station random number (BS_Random) included in the PKMv2 SA-TEK-Challenge message, the PAK or PMK obtained through one authentication process, the subscriber station MAC address, and the base station identifier.
  • the subscriber station 100 generates an Authorization Key ldenifier based on the known authorization key, and a sequence number thereof included in the PKMv2 SA-TEK-Challenge message, the subscriber station MAC address, and the base station identifier (S740).
  • the subscriber station 100 transmits the PKMv2 SA-TEK-Request message including all the security-related algorithms that the subscriber station supports and the generated Authorization Key ldenifier to the base station 200 (S750).
  • the PKMv2 SA-TEK-Request message includes the message authentication code parameter, CMAC-Digest or HMAC-Digest, and such a message authentication code parameter is generated based on the authorization key.
  • the base station 200 generates an authorization key using the subscriber station random number (MS_Random), the base station random number (BS_Random) used in the PKMv2 SA-TEK-Challenge message, the PAK or PMK obtained through one combined authentication process, the subscriber station MAC address, and the base station identifier.
  • the base station 200 performs an authentication process for the PKMv2 SA-TEK-Request message by achieving a message authentication function included in the PKMv2 SA-TEK-Request message, that is, a legality of the CMAC-Digest or HMAC-Digest, (S760 to S770).
  • the base station 200 When the PKMv2 SA-TEK-Request message is successfully authenticated, the base station 200 generates an Authorization Key ldenifier based on the authorization key and determines whether the self-generated Authorization Key ldenifier is equal to the Authorization Key ldenifier included in the PKMv2 SA-TEK-Request message, and an equaltiy of the base station random numbers as well(S780).
  • the base station 200 generates an Authorization Key ldenifier based on the known authorization key, the sequence number thereof included in the PKMv2 SA-TEK-Request message, the subscriber station MAC address, and the base station identifier. In addition, it is confirmed that the generated Authorization Key ldenifier is equal to the Authorization Key ldenifier included in the PKMv2 SA-TEK-Request message.
  • the base station 200 confirms whether it has the same base station random number (BS-Ransom). That is, it is determined whether the base station random number transmitted while being included in the PKMv2 SA-TEK-Challenge message in the step S720 is equal to the base station random number included in the PKMv2 SA-TEK-Request message received in the step S750.
  • the base station 200 transmits the PKMv2 SA-TEK-Response message including the SA information to the corresponding subscriber station.
  • the subscriber station 100 receives the PKMv2 SA-TEK-Response message, the SA-TEK process is finished, which completes the authentication process (S790).
  • the valid PKMv2 SA-TEK-Response message is determined, and accordingly, the SA-TEK process is finished when the subscriber station 100 successfully authenticates the PKMv2 SA-TEK-Response message, the Authorization Key ldenifiers are identical, and the MS-Random included in the PKMv2 SA-TEK-Response message is equal to the MS-Random included in the PKMv2 SA-TEK-Request message, among the subscriber station random numbers of the step S740.
  • the receiving node determines the message to be valid when a predetermined message satisfies all the sameness criteria of the message authentication code parameters, Authorization Key ldenifiers, and random numbers during the SA-TEK process.
  • the present invention is not limited thereto. It may be determined whether the messages are valid as described above even, in the SA-TEK process according to the first exemplary embodiment.
  • the authorization key is derived from the subscriber station random number (MS_Random) and the base station random number (BS_Random) included in the SA-TEK process as well as the PAK obtained through the RSA-based authentication process or the PMK obtained through the EAP-based authentication process, the subscriber station MAC address, and the base station identifier.
  • FIG. 19 is a flowchart for generating authorization key in an authentication method performing only an RSA-based authentication process according to a second exemplary embodiment of the present invention.
  • a key generation algorithm is performed by having the pre-PAK as an input key, and the subscriber station MAC address, the base
  • predetermined bits for example a higher 160 bits among the result data (320 bit data) obtained by the key generation algorithm, is used as the EIK, and other bits, for example a lower 160 bits, are used as the PAK (S820).
  • the SA-TEK process is performed after the SA-TEK process.
  • the subscriber station and the base station have the subscriber station random number (MS_Random) and base station random number (BS_Random) by exchanging the MS_Random and BS_Random during the SA-TEK process.
  • the subscriber station and base station perform the key generation algorithm by having the PAK as the input key and having the subscriber station MAC address, the base station identifier, the subscriber station random number (MS_Random) and the base station random number (BS_Random), and a
  • the authorization key (S840) for example a higher 160 bits of the result data are used as the authorization key (S840).
  • S840 An authorization key generation method according to a second example of the second exemplary embodiment of the present invention is now described in detail. According to the second example of the second exemplary embodiment of the present invention, the authentication method selected in a subscriber station basic capability negotiation process performs the EAP-based authentication process.
  • FIG. 20 is a flowchart for generating authorization key in an authentication method performing only an EAP-based authentication process according to a second exemplary embodiment of the present invention.
  • the subscriber station 100 and the base station 200 share an MSK (i.e., of 512 bits) according to the higher EAP-based authentication process characteristic (S900).
  • predetermined bits for example a higher 160 bits of the MSK are used as the PMK in the same manner as in the second example of the first exemplary embodiment (S910 to S920).
  • the subscriber station and the base station have the subscriber station random number (MS_Random) and base station random number (BS_Random) by exchanging the MS_Random and BS_Random during the SA-TEK process.
  • the subscriber station and the base station perform the key generation algorithm by having the PMK as the input key and having the subscriber station MAC address, the base station identifier, the subscriber station random number (MS_Random) and the base station
  • predetermined bits for example a higher 160 bits of the result data are used as the authorization key (S930 to S940).
  • FIG. 21 is a flowchart for generating authorization key in an authentication method for sequentially performing an RSA-based authentication process and an EAP-based authentication process according to the second exemplary embodiment of the present invention.
  • This authorization key generation method is applied only when the subscriber station and the base station share the MSK through the EAP-based authentication process.
  • the authorization key may be generated according to the same authorization key generation method as in the first example of the first exemplary embodiment shown in FIG. 12, when the subscriber station and the base station share no MSK although they sequentially perform an RSA-based authentication process and the EAP-based authentication process.
  • the subscriber station 100 and the base station 200 share the pre-PAK of 256 bits and generate the EIK and PAK (S1100 to S1200).
  • the subscriber station 100 and the base station 200 exchange the plurality of PKMv2 EAP-Transfer messages according to the higher EAP-based authentication protocol, and accordingly perform the subscriber station equipment, base station equipment, or user authentication.
  • the subscriber station and the base station share the MSK according to the higher EAP-based authentication protocol (S1300).
  • the subscriber station and the base station generate the PMK using the shared MSK (S 1400 to S 1500).
  • the authorization key is derived from the subscriber station random number (MS_Random) and the base station random number (BS_Random) obtained in the SA-TEK process, unlike the third example of the first exemplary embodiment.
  • the subscriber station and base station generate a resulting value by a predetermined operation, i.e., the exclusive-or operation of the PAK and PMK.
  • the subscriber station performs the key generation algorithm by having the resulting value as the input key and having the subscriber station MAC address, the base station identifier, the subscriber station random number (MS_Random) and the base station
  • predetermined bits for example a higher 160 bits of the result data are used as the authorization key (S1600 to S1700).
  • An authorization key generation method in the authentication method for performing the RSA-authentication process and then the authenticated EAP-based authorization process according to a fourth example of the second exemplary embodiment of the present invention is the same as the authorization key generation method according to the third example of the second exemplary embodiment described above.
  • This authorization key generation method is applied only when the subscriber station and the base station share the MSK through the RSA-based authentication process and then the authenticated EAP-based authentication process.
  • the authorization key may be generated according to the authorization key generation method of the first example of the first exemplary embodiment shown in FIG. 12, when the subscriber station and the base station share no MSK although they sequentially perform an RSA-based authentication process and an EAP-based authentication process. Therefore, it is not described in detail.
  • a reliable information provision is achieved by exchanging the security-related information through performing the respective authorization processes according to the authorization policy negotiation and then essentially performing the SA_TEK process.
  • the authorization key having a hierarchical structure may be generated according to the respective authorization methods because the PAK or PMK generated according to the authenticating process is respectively used as the input key of a key generation algorithm for generating an authorization key.
  • the authorization key lifetime may select a relative short time from the PAK lifetime and the PMK lifetime defined by the authentication policy. In this case, the authorization key can be robustly maintained because the authorization key lifetime becomes shorter.
  • the authorization key lifetime may select a relative short time among the PAK lifetime, the PMK lifetime, and the random number lifetime. In this way, the authorization key can be more robustly maintained because the authorization key lifetime becomes shorter.
  • the PAK lifetime is provided from the base station to the subscriber station during the RSA -based authentication process.
  • the PMK lifetime may be provided from the higher EAP authorization protocol layer to the respective subscriber station and the base station, or may be provided from the base station to the subscriber station during the SA-TEK exchange process.
  • the random number lifetime may be provided from the base station to the subscriber station during the SA-TEK exchange process.
  • the authorization key lifetime is set by the PAK lifetime, and the PAK is updated through the RSA-based authentication process as described above before the authorization key lifetime is expired.
  • the subscriber station and base station respectively update the PAK and the PAK lifetime
  • the authorization key is re-generated with the updated PAK, and the authorization key lifetime is set to be equal to the updated PAK lifetime.
  • the authorization key lifetime is set as the PMK lifetime and the subscriber station can update the PMK through the EAP-based authorization process as described above before the authorization key lifetime is expired.
  • the authorization key can be re-generated with the updated PMK, the PMK lifetime can be transmitted from the EAP authorization protocol layer or updated through the SA-TEK exchange process, and the authorization key lifetime can be set to be equal to the updated PMK lifetime.
  • a message authentication key generation method will now be described, the message authentication key for generating a message authentication code parameters for authenticating a message (a PKMv2 Authenticated-EAP-Transfer message) used in the authenticated EAP-based authorization process in the case that the RSA-authentication process and then the authenticated EAP-based authorization process are performed according to the authentication method negotiated between the subscriber station and the base station in the first and second exemplary embodiments of the present invention.
  • FIG. 22 is a flowchart for a message authentication key, particularly for generating an HMAC key or a CMAC key for authenticating a message using an EIK according to first and second exemplary embodiments of the present invention. This method is effective only when the authentication policy negotiated between the subscriber station and the base station is the authentication method for sequentially performing an RSA-based authentication process and an authenticated EAP-based authentication process.
  • the message authentication key HMAC key or CMAC key
  • the message authentication key is used to generate the HMAC-Digest or CMAC-Digest included in the PKMv2 Authenticated-EAP-Transfer message used during the authenticated EAP-based authentication process, based on the EIK obtained through the pre-PAK included in the PKMv2 RSA-Reply message transmitted from the base station to the subscriber station during the RSA-based authentication process.
  • the subscriber station 100 and the base station 200 when the RSA-based authentication process is successfully completed, the subscriber station 100 and the base station 200 generate the EIK (128 bits) using the pre-PAK (S2000).
  • HMAC is determined as a message authentication method through the subscriber station basic capability negotiation process
  • a key generation algorithm is performed by having the EIK shared by both the subscriber station 100 and the base station 200 as an input key, and by having the subscriber station MAC address, the base station identifier, and a
  • Predetermined bits for example a higher 320 bits, are truncated from result data generated according to the key generation algorithm, and predetermined bits, for example a higher 160 bits of the truncated data, are used as a first input key, that is, an input key HMAC_KEY_U for generating the HMAC-Digest included in the PKMv2 Authenticated-EAP-Transfer message transmitted in the uplink.
  • predetermined bits for example a higher 160 bits of the truncated data
  • other bits for example a lower 160 bits of the truncated data
  • are used as a second input key that is, an input key HMAC_KEY_D for generating the HMAC-Digest included in the PKMv2 Authenticated-EAP-Transfer message transmitted in the downlink (S2300).
  • a key generation algorithm is performed by having the EIK shared by both the subscriber station 100 and the base station 200 as the input key, and by having the subscriber station MAC address, the base station identifier, and a string word "CMAC_KEYS" as the input data (S2400).
  • predetermined bits for example a higher 256 bits, are truncated from result data generated according to the key generation algorithm, and predetermined bits, for example a higher 128 bits of the truncated data, are used as a first input key, that is, an input key CMAC_KEY_U for generating the CMAC-Digest included in the PKMv2
  • the HMAC-Digest or CMAC-Digest included in the message authentication code parameter is generated based on the message authentication key (HMAC_KEY_U, HMAC_KEY_D, CMAC_KEY_U, CMAC_KEY_D) derived in this manner.
  • a process for generating and distributing a traffic encryption key so as to encrypt traffic data received/transmitted between the subscriber station and the base station when the subscriber station equipment, base station equipment, or user authentication process is successfully performed according to the first and second exemplary embodiments will now be described.
  • a message transmitted/ received between the subscriber station and base station during the traffic encryption key generation and distribution process includes random number so as to prevent a replay attack for the corresponding message.
  • the subscriber station and the base station independently maintain the random number, and a receiving node for receiving a message including the random number determines whether the message has been replay-attacked or not according to a relationship between the random number included the message and the pre-stored random number. If the message has been replay-attacked, the message is discarded and, if not, the corresponding message is used for a predetermined process.
  • Such a random number may be generated in a first format or a second format.
  • the random number is considered as a value having the first format when it may be generated along a direction in which a predetermined value is increased or decreased as a counter.
  • the random number when the random number is generated in the first format, the random number may be set as a value in which +1 is continuously increased or -1 is continuously decreased by a given value.
  • a receiving node for receiving a message including the random number on the predetermined traffic encryption key generation and distribution process stores only the random number having a maximum or minimum value among the random numbers rather than that the node stores and manages all the random numbers included in the respective messages. Therefore, the receiving node stores one random number (the maximum or minimum random number) until the traffic encryption key corresponding to the receiving node is expired, and when the traffic encryption key is expired the stored random number is deleted.
  • the receiving node determines whether the random number (i.e., a first random number) including in the message exceeds the previously stored random number (i.e., the second random number), and if exceeds, it considers the received message as a message that is not replay-attacked.
  • the first random number exceeds the second random number
  • the second random number is deleted and the first random number is stored so that the first random number is used as a random number for determining a replay attack for the next-received message.
  • the receiving node considers the message as a replay-attacked message and discards the same when the first random number included in the received message is less than or equal to the second random number.
  • the receiving node considers the message as a replay-attacked message and discards the same when the first random number included in the received message is greater than or equal to the second random number.
  • the random number is considered as a value having the second format when the random number may be randomly generated, unlike a counter. At this time, the random number may be randomly set regardless of the previously-used values.
  • a node receiving messages including the random number during the predetermined traffic encryption key generation and distribution process stores and manages all the random numbers included in the respective messages until the corresponding traffic encryption key is expired. In addition, when the traffic encryption key is expired, all the random numbers corresponding to the traffic encryption key are deleted.
  • the receiving node determines whether the random number (i.e., a first random number) including in the message is equal to one or more previously stored random numbers (i.e., the second random number). That is, the message is considered as the replay-attacked message and discarded when the first random number is equal to at least one of the second random numbers. On the other hand, the message is considered to not be a replay-attacked message and is used when the first random number is not equal to all the second random numbers.
  • the first random number is stored and managed along with the pre-stored second random numbers so that the first random number is used as a random number for determining a replay-attack for the next-received message.
  • FIG. 23 is a table showing an internal parameter structure of a PKMv2 Key-Request message among messages used in traffic encryption key generation and distribution processes according to exemplary embodiments of the present invention.
  • a PKMv2 Key-Request message is for the subscriber station requesting of the base station a traffic encryption key and traffic encryption key-related parameters corresponding to a SAJD which the subscriber station has, and may be referred to as "traffic encryption key request message.”
  • the PKMv2 Key-Request message includes an authorization key sequence number, a SAID, a random number, and a message authentication code parameter, CMAC-Digest or HMAC-Digest.
  • the authorization key sequence number is a sequential consecutive number for the authorization key.
  • the message authentication key used when the message authentication code parameter, CMAC-Digest or HMAC-Digest, included in the PKMv2 Key-Request message is generated, may be derived from the authorization key.
  • the two authorization keys may be simultaneously used. Therefore, the authorization key sequence number is used to distinguish between the two authorization keys.
  • the SAID is an identifier of the SA.
  • the SA is a set including necessary parameters to encrypt the traffic data as well as the traffic encryption key.
  • one single SA may be mapped with one or more traffic connection.
  • the random number is used to prevent a replay attack for the message.
  • the subscriber station transmits the PKMv2 Key-Request message
  • the subscriber station generates the random number in the first format or the second format and includes the same in the message.
  • the base station determines whether the received message is replay-attacked or not according to the format of the random number as described above, and if it is replay-attacked, the base station discards the message.
  • the message authentication code parameter is a parameter used to authenticate the PKMv2 Key-Request message itself.
  • the subscriber station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 Key-Request message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • FIG. 24 is a table showing an internal parameter structure of a PKMv2 Key-Reply message among messages used in traffic encryption key generation and distribution processes according to exemplary embodiments of the present invention.
  • a PKMv2 Key-Reply message is for informing it of the subscriber station. It may be referred to as a "traffic encryption key response message.”
  • the base station verifies the message authentication using the message authentication code parameter
  • the traffic encryption key for the corresponding SAID is generated, included in the PKMv2 Key-Reply message and transmitted to the subscriber station.
  • the traffic encryption key generation and distribution process is finishied.
  • Such a PKMv2 Key-Reply message includes an authorization key sequence number, a SAID, a traffic encryption key-related parameter
  • TK-Parameters a group key encryption key-related parameter
  • GKEK-Parameters a random number
  • CMAC-Digest or HMAC-Digest a message authentication code parameter
  • the authorization key sequence number is for distinguishing authorization keys for generateding message authentication keys used when the message authentication code parameter CMAC-Digest or HMAC-Digest included in the PKMv2 Key-Request message is generated as described above.
  • the SAID is an identifier of the SA and is equal to the SAID included in the PKMv2 Key-Request message.
  • the traffic encryption key-related parameter includes parameters for encrypting the traffic data. For example, it includes a traffic encryption key, a traffic encryption key sequence number, a traffic encryption key lifetime, a CBC-IV 1 and a concerning group key encryption key sequence number (Associated GKEK Sequence Number).
  • the PKMv2 Key-Reply message may include two traffic encryption key-related parameters, that is, a traffic encryption key-related parameter to be used during the present lifetime and a traffic encryption key-related parameter to be used during the next lifetime.
  • the group key encryption key-related parameter includes parameters for encrypting traffic data corresponding to a multicast service, a broadcast service, or an MBS service. For example, it includes a Group Key Encryption Key (GKEK), a group key encryption key lifetime, and a group key encryption key sequence number.
  • the PKMv2 Key-Reply message may include two group key encryption key-related parameters, that is, a group key encryption key-related parameter to be used during the present lifetime and a group key encryption key-related parameter to be used during the next lifetime. Meanwhile, the group key encryption key-related parameter is included only when the SA corresponding to a multicast service, a broadcast service, or an MBS service are defined.
  • the random number is used to prevent a replay attack for the message.
  • the base station transmits the PKMv2 Key-Reply message
  • the base station generates the random number in the first format or second format and includes the same in the message. Therefore, when the subscriber station receives the message, the base station determines whether the received message is replay-attacked or not according to the format of the random number as described above, and if it is replay-attacked, subscriber station discards the message.
  • HMAC-Digest is a parameter used to authenticate the PKMv2 Key-Reply message.
  • the base station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 Key-Reply message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • FIG. 25 is a table showing an internal parameter structure of a PKMv2 Key-Reject message among messages used in traffic encryption key generation and distribution processes according to first and second exemplary embodiments of the present invention.
  • the PKMv2 Key-Reject message is used to inform that the base station fails to generate a traffic encryption key according to the PKMv2 Key-Request message of the subscriber station.
  • the base staton transmits the PKMv2 Key-Reject message to the subscriber station if the requested traffic encryption key for the corresponding SAID is not successfully generated.
  • the subscriber station receives the PKMv2 Key-Reject message, the subscriber station again retransmits the PKMv2 Key-Request message to the base station, and accordingly again requests the traffic encryption key.
  • the PKMv2 Key-Reject message includes an authorization key sequence number, a SAID, an Error Code, a Display-String, a random number, and a message authentication code parameter, CMAC-Digest or HMAC-Digest.
  • the authorization key sequence number is a sequential consecutive number for distinguishing authorization keys for generating message authentication keys used when the message authentication code parameter, CMAC-Digest or HMAC-Digest, included in the PKMv2 Key-Request message is generated as described above.
  • the SAID is an identifier of the SA and is equal to the SAID included in the PKMv2 Key-Request message.
  • the Error Code specifies a reason that the base station rejects the traffic encryption key request of the subscriber station, and the Display-String provides a reason that the base station rejects the traffic encryption key request of the subscriber station as a string.
  • the random number is used to prevent a replay attack for the message.
  • the base station transmits the PKMv2 Key-Reject message
  • the base station generates the random number in the first format or second format and includes the same in the message. Therefore, when the subscriber station receives the message, the base station determines whether the received message is replay-attacked or not according to the format of the random number as described above, and if it is replay-attacked, subscriber station discards the message.
  • the message authentication code parameter is a parameter used to authenticate the PKMv2 Key-Reject message itself.
  • the base station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 Key-Reply message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • FIG. 26 is a table showing an internal parameter structure of a PKMv2 SA-Addition message among messages used in traffic encryption key generation and distribution processes according to first and second exemplary embodiments of the present invention.
  • a PKMv2 SA-Addition message is transmitted to the subscriber station when the base station dynamically generates and distributes one or more SA to the subscriber station, and may be referred to as a "SA dynamic addition message.” That is, the message is used when the traffic connection is dynamically added between the subscriber station and the base station and a traffic encryption function for the corresponding traffic connection is supported.
  • the PKMv2 SA-Addition message includes an authorization key sequence number, one or more SA descriptor, a random number, and a message authentication code parameter, CMAC-Digest or HMAC-Digest.
  • the authorization key sequence number is a sequential consecutive number for the authorization keys as described above.
  • the SA descriptor includes a SAID, which is a SA identifier, a SA type for informing of a type of SA, a SA service type for informing of a traffic service type of SA and defined when the SA type is dynamic or static, and an encryption suite for informing of an encryption algorithm used in the corresponding SA.
  • the SA descriptor may be repeatedly defined by the number of SA that the base station dynamically generates.
  • the random number is used to prevent a replay attack for the message.
  • the base station transmits the PKMv2 SA-Addition message
  • the base station generates the random number in the first format or the second format and includes the same in the message. Therefore, when the subscriber station receives the message, the base station determines whether the received message is replay-attacked or not according to the format of the random number as described above, and if it is replay-attacked, subscriber station discards the message.
  • HMAC-Digest is a parameter used to authenticate the PKMv2 SA-Addition message.
  • the base station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 SA-Addition message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • FIG. 27 is a table showing an internal parameter structure of a PKMv2 TEK-I nvalid message among messages used in traffic encryption key error informing processes according to first and second exemplary embodiments of the present invention.
  • a PKMv2 TEK-I nvalid message is used to inform it of the subscriber station. It may be referred to as a "traffic encryption key error inform message.”
  • the base station transmits the PKMv2 TEK-lnvalid message to the subscriber station so as to inform it when an invalid traffic encryption key is used, for example when an invalid traffic encryption Key sequence number is used.
  • the subscriber station receiving the PKMv2 TEK-lnvalid message requests a new SA including a traffic encryption key corresponding to the SAID included in the received message.
  • the subscriber station and the base station use the PKMv2 Key-Request message and the PKMv2 Key-Reply message.
  • the PKMv2 TEK-lnvalid message includes an authorization key sequence number, a SAID, an Error Code, a Display-String, a random number, and a message authentication code parameter, CMAC-Digest or HMAC-Digest.
  • the authorization key sequence number is a sequential consecutive number for the authorization keys as described above.
  • the SAID is an identifier of the SA. Particularly, it implies a SA identifier included in the invalid traffic encryption key. If including such SAID, the subscriber station and the base station must generate and distribute a new traffic encryption key corresponding to the SAID.
  • the Error Code specifies a reason that the base station rejects the traffic encryption key request of the subscriber station, and the Display-String provides a reason that the base station rejects the traffic encryption key
  • the random number is used to prevent a replay attack for the PKMv2 TEK-I nvalid message.
  • the base station transmits the PKMv2 TEK-I nvalid message
  • the base station generates the random number in the first format or second format and includes the same in the message. Therefore, when the subscriber station receives the message, the base station determines whether the received message is replay-attacked or not according to the format of the random number as described above, and if it is replay-attacked, subscriber station discards the message.
  • the message authentication code parameter is a parameter used to authenticate the PKMv2 TEK-I nvalid message.
  • the base station generates the CMAC-Digest or HMAC-Digest by applying other parameters of the PKMv2 TEK-lnvalid message excluding the message authentication code parameter to the Message Hash function based on the authorization key.
  • FIG. 28 is a flowchart showing traffic encryption key generation
  • the subscriber station 100 After the authentication, the subscriber station 100 transmits a PKMv2
  • Key-Request message to request the traffic encryption key for the traffic data security to the base station 200 (S3000).
  • the base station 200 receiving this message performs a message authentication function so as to verify that the corresponding message is received from the valid subscriber station (S3100).
  • the base station 200 When the message is successfully authenticated, the base station 200 generates a traffic encryption key corresponding to the SA included in the PKMv2 Key-Request message (S3200), and transmits the PKMv2 Key-Reply message including the traffic encryption key to the subscriber station 100.
  • the base station discards the received PKMv2 Key-Request message.
  • the base station 200 transmits the PKMv2 Key-Reject message to the subscriber station and rejects the traffic encryption key request of the subscriber station when the traffic encryption key is not generated, for example because there is no SAID corresponding to the requested traffic encryption key even though the message authentication for the PKMv2 Key-Request message is successful.
  • the subscriber station and the base station share the traffic encryption key so that stable traffic data transmission is achieved based on the shared traffic encryption key (S3400).
  • the SA dynamic addition process may be performed between the subscriber station and the base station.
  • the base station 200 transmits the PKMv2 SA-Addition message to the subscriber station 100 so as to add one or more SA.
  • the subscriber station 100 receiving the PKMv2 SA-Addition message finishes the process when the message is successfully authenticated and the message is normally received. As a result, the SA of the subscriber station is dynamically added.
  • the base station can perform an invalid traffic encryption key usage informing process. At this time, the base station 200 transmits the
  • PKMv2 TEK-lnvalid message to the subscriber station 100 so as to inform the invalid traffic encryption key usage of the corresponding SA.
  • the subscriber station 100 finishes the process and requests a new traffic encryption key generation and distribution from the base station 200 when the message is successfully authenticated and the message is normally received.
  • the above-described authentication method and key (authorization key and traffic encryption key etc.) generation method may be realized in a program format stored in a recording medium that a computer can read.
  • the recording medium may include all types of recording media that a computer can read, for example an HDD, a memory, a CD-ROM, a magnetic tape, and a floppy disk, and it may also be realized in a carrier wave (e.g., Internet communication) format.
  • a carrier wave e.g., Internet communication
  • a robust authentication function can be provided by performing an authentication process by a combination variously selected from the RSA-based authentication method, the EAP-based authentication method, and the authenticated EAP-based authentication method.
  • the reliability of the security-related parameters received from the other node is enhanced by adding a message authentication function to the authentication-related messages for transmitting the primary parameters exchanged between the subscriber station and the base station.
  • an efficient and hierarchical PKMv2 framework can be provided because the subscriber station equipment and base station equipment authentication and user authentication function is performed through the selective various combinations of the authentication methods, and a multi-hierarchical authentication method performing the additional SA-TEK exchange process is defined so as to generate an authorization key or transmit the authorization key and security-related parameters.
  • authorization key generation methods may be selectively used according to an authentication policy of a service provider by respectively realiziang a case(a first exampary embodiment) that does not use random numbers that the subscriber station and the base station randomly generate and transmit the generated random numbers to the other node during the SA-TEK process and a case (a second exemplary embodiment) that uses the same.
  • a hierarchical and secure authorization key structure can be provided by providing a method for identically using PAK and PMK as the input key in the case that an authorization key is generated with the PAK that the subscriber station and the base station share through the RSA-based authentication process and the PMK that both nodes may share through the EAP-based authentication process.
  • the authorization key is more robustly managed by selecting the authorization key lifetime as a relatively shorter time from the PAK lifetime and PMK lifetime defined by an authorization policy.
  • the authenticated EAP-based authorization process can be perfectly supported by providing a message authentication key generation method for generating keys used to generate the message authentication parameter, HMAC-Digest or CMAC-Digest, which performs a message authentication function with respect to the messages included in the authenticated EAP-based authentication process.
  • the subscriber station and base station can share a reliable valid traffic encryption key in the traffic encryption key generation and distribution process by adding the message authentication function to the messages of the corresponding process.
  • the base station can add a reliable SA in the dynamic SA addition process by adding the message authentication function to the messages of the corresponding process.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'authentification et un procédé de génération de clé d'autorisation dans un système internet portatif sans fil. Dans un système internet portatif sans fil, la station de base et la station d'abonnés partagent une clé d'autorisation lorsqu'un processus d'authentification est accompli selon un procédé d'authentification préétabli négocié entre les deux stations. Particulièrement, la station d'abonnés et la station de base accomplissent un processus d'authentification supplémentaire comprenant un paramètre d'autorisation associé à la clé et un paramètre d'autorisation associé à la sécurité, et échangent un algorithme de sécurité des informations SA (association de sécurité). De plus, une clé d'autorisation est dérivée d'une ou de plusieurs clés basiques obtenues par divers processus d'authentification, en tant que clé d'entrée d'un algorithme de génération de clé d'autorisation. La fiabilité d'un paramètre associé à la sécurité reçu du noeud de réception peut être améliorée et une clé d'autorisation présentant une structure hiérarchique et sûre peut être fournie.
PCT/KR2006/000836 2005-03-09 2006-03-09 Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil WO2006096017A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP06716286.7A EP1864426A4 (fr) 2005-03-09 2006-03-09 Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil
JP2008500632A JP4649513B2 (ja) 2005-03-09 2006-03-09 無線携帯インターネットシステムの認証方法及び関連キー生成方法
US11/817,859 US20090019284A1 (en) 2005-03-09 2006-03-09 Authentication method and key generating method in wireless portable internet system
CN2006800160911A CN101176295B (zh) 2005-03-09 2006-03-09 无线便携式因特网系统中的验证方法和密钥生成方法

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2005-0019650 2005-03-09
KR20050019650 2005-03-09
KR10-2006-0007226 2006-01-24
KR1020060007226A KR100704675B1 (ko) 2005-03-09 2006-01-24 무선 휴대 인터넷 시스템의 인증 방법 및 관련 키 생성방법

Publications (1)

Publication Number Publication Date
WO2006096017A1 true WO2006096017A1 (fr) 2006-09-14

Family

ID=36953582

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/000836 WO2006096017A1 (fr) 2005-03-09 2006-03-09 Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil

Country Status (2)

Country Link
EP (1) EP1864426A4 (fr)
WO (1) WO2006096017A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2063567A1 (fr) * 2006-09-23 2009-05-27 China Iwncomm Co., Ltd Procédé d'authentification et d'autorisation d'accès au réseau et procédé de mise à jour de clé d'autorisation
WO2009082356A1 (fr) * 2007-12-24 2009-07-02 Nanyang Polytechnic Procédé et système pour sécuriser des systèmes et des dispositifs sans fil
WO2009094942A1 (fr) * 2008-01-30 2009-08-06 Huawei Technologies Co., Ltd. Procédé et système de réseau de communication pour établir une conjonction de sécurité
JP2010504671A (ja) * 2006-09-23 2010-02-12 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信有限公司 ネットワークでのユニキャスト鍵の管理方法およびマルチキャスト鍵の管理方法
JP2011512066A (ja) * 2008-01-17 2011-04-14 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信股▲分▼有限公司 広帯域無線マルチメディアネットワークブロードキャスト通信の安全伝送方法
JP2011519235A (ja) * 2008-04-30 2011-06-30 聯發科技股▲ふん▼有限公司 トラフィック暗号化キーの派生方法
JP2012512577A (ja) * 2008-12-18 2012-05-31 西安西電捷通無線網絡通信股▲ふん▼有限公司 セキュリティ・プロトコルの最初のメッセージの保護方法
WO2013095074A1 (fr) * 2011-12-23 2013-06-27 Samsung Electronics Co., Ltd. Procédé et système pour une communication sécurisée d'informations de commande dans un environnement de réseau sans fil
TWI411275B (zh) * 2007-09-04 2013-10-01 Ind Tech Res Inst 無線通信系統中提供安全通信的方法、系統、基地台與中繼台
US9027081B2 (en) 2009-06-29 2015-05-05 Lenovo Innovations Limited (Hong Kong) Secure network connection allowing choice of a suitable security algorithm

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030065919A1 (en) * 2001-04-18 2003-04-03 Albert Roy David Method and system for identifying a replay attack by an access device to a computer system
US20040064741A1 (en) * 2002-06-20 2004-04-01 Nokia Corporation Method , system and devices for transferring accounting information

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7529933B2 (en) * 2002-05-30 2009-05-05 Microsoft Corporation TLS tunneling

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030065919A1 (en) * 2001-04-18 2003-04-03 Albert Roy David Method and system for identifying a replay attack by an access device to a computer system
US20040064741A1 (en) * 2002-06-20 2004-04-01 Nokia Corporation Method , system and devices for transferring accounting information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1864426A4 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2063567A1 (fr) * 2006-09-23 2009-05-27 China Iwncomm Co., Ltd Procédé d'authentification et d'autorisation d'accès au réseau et procédé de mise à jour de clé d'autorisation
JP2010504671A (ja) * 2006-09-23 2010-02-12 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信有限公司 ネットワークでのユニキャスト鍵の管理方法およびマルチキャスト鍵の管理方法
EP2063567A4 (fr) * 2006-09-23 2014-03-19 China Iwncomm Co Ltd Procédé d'authentification et d'autorisation d'accès au réseau et procédé de mise à jour de clé d'autorisation
TWI411275B (zh) * 2007-09-04 2013-10-01 Ind Tech Res Inst 無線通信系統中提供安全通信的方法、系統、基地台與中繼台
WO2009082356A1 (fr) * 2007-12-24 2009-07-02 Nanyang Polytechnic Procédé et système pour sécuriser des systèmes et des dispositifs sans fil
JP2011512066A (ja) * 2008-01-17 2011-04-14 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信股▲分▼有限公司 広帯域無線マルチメディアネットワークブロードキャスト通信の安全伝送方法
WO2009094942A1 (fr) * 2008-01-30 2009-08-06 Huawei Technologies Co., Ltd. Procédé et système de réseau de communication pour établir une conjonction de sécurité
JP2011519235A (ja) * 2008-04-30 2011-06-30 聯發科技股▲ふん▼有限公司 トラフィック暗号化キーの派生方法
JP2012512577A (ja) * 2008-12-18 2012-05-31 西安西電捷通無線網絡通信股▲ふん▼有限公司 セキュリティ・プロトコルの最初のメッセージの保護方法
US9027081B2 (en) 2009-06-29 2015-05-05 Lenovo Innovations Limited (Hong Kong) Secure network connection allowing choice of a suitable security algorithm
WO2013095074A1 (fr) * 2011-12-23 2013-06-27 Samsung Electronics Co., Ltd. Procédé et système pour une communication sécurisée d'informations de commande dans un environnement de réseau sans fil
US9992197B2 (en) 2011-12-23 2018-06-05 Samsung Electronics Co., Ltd. Method and system for secured communication of control information in a wireless network environment

Also Published As

Publication number Publication date
EP1864426A4 (fr) 2016-11-23
EP1864426A1 (fr) 2007-12-12

Similar Documents

Publication Publication Date Title
KR100704675B1 (ko) 무선 휴대 인터넷 시스템의 인증 방법 및 관련 키 생성방법
US7793103B2 (en) Ad-hoc network key management
JP5123209B2 (ja) モバイルネットワークに基づくエンドツーエンド通信での認証の方法、システム、および認証センタ
JP5042834B2 (ja) 無線携帯インターネットシステムでeapを利用する保安関係交渉方法
US8561200B2 (en) Method and system for controlling access to communication networks, related network and computer program therefor
KR100749846B1 (ko) 무선 휴대 인터넷 시스템의 mac 계층에서 보안 기능을 구현하기 위한 장치 및 이를 이용한 인증 방법
WO2006096017A1 (fr) Procede d'authentification et procede de generation de cle dans un systeme internet portatif sans fil
US8380980B2 (en) System and method for providing security in mobile WiMAX network system
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
US20020120844A1 (en) Authentication and distribution of keys in mobile IP network
US20110261960A1 (en) Method for allocating authorization key identifier for wireless portable internet system
WO2008030705A2 (fr) Procédé et dispositifs pour l'établissement d'associations de sécurité entre les noeuds d'un réseau sans fil ad hoc
WO2003077467A1 (fr) Procede de distribution de cles chiffrees dans un reseau lan sans fil
WO2010012203A1 (fr) Procédé d'authentification, procédé de recertification et dispositif de communication
WO2023083170A1 (fr) Procédé et appareil de génération de clé, dispositif terminal et serveur
US20120254615A1 (en) Using a dynamically-generated symmetric key to establish internet protocol security for communications between a mobile subscriber and a supporting wireless communications network
EP3340530B1 (fr) Procédé basé sur la sécurité de couche de transport pour générer et utiliser une identité de noeud persistant unique et client et serveur correspondant
CN101052035B (zh) 多主机安全架构及其空口密钥分发方法
KR20080056055A (ko) 통신 사업자간 로밍 인증방법 및 키 설정 방법과 그 방법을포함하는 프로그램이 저장된 기록매체
Liang et al. A local authentication control scheme based on AAA architecture in wireless networks
KR100729729B1 (ko) 무선 휴대 인터넷 시스템의 액세스 포인트의 인증 장치 및그 방법
CN115314278B (zh) 可信网络连接身份认证方法、电子设备及存储介质
KR20100034461A (ko) 통신 네트워크에서 인증 방법 및 시스템
Fanyang et al. A self-adaptive K selection mechanism for re-authentication load balancing in large-scale systems

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680016091.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 11817859

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2008500632

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2006716286

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006716286

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: RU

WWP Wipo information: published in national office

Ref document number: 2006716286

Country of ref document: EP