WO2008004106A1 - User equipment credential system - Google Patents

User equipment credential system Download PDF

Info

Publication number
WO2008004106A1
WO2008004106A1 PCT/IB2007/001904 IB2007001904W WO2008004106A1 WO 2008004106 A1 WO2008004106 A1 WO 2008004106A1 IB 2007001904 W IB2007001904 W IB 2007001904W WO 2008004106 A1 WO2008004106 A1 WO 2008004106A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
identifier
node
cryptographic key
transceiver
Prior art date
Application number
PCT/IB2007/001904
Other languages
French (fr)
Inventor
Silke Holtmanns
Pekka Laitinen
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to DK07734965.2T priority Critical patent/DK2039199T3/en
Priority to EP07734965.2A priority patent/EP2039199B1/en
Priority to PL07734965T priority patent/PL2039199T3/en
Priority to ES07734965T priority patent/ES2706540T3/en
Publication of WO2008004106A1 publication Critical patent/WO2008004106A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

  • the present disclosure relates to security in a communications system, and more particularly, but not exclusively, to management and creation of user security related data and credentials for user equipment.
  • a communication system can be seen as a facility that enables communication sessions or data sessions between entities such as user equipment and/or other nodes associated with the communication system.
  • the communication may comprise, for example, communication of voice, data, multimedia and so on.
  • An user equipment connected to a communication system may, for example, be provided with a two-way. telephone call or multi-way conference call or with a data connection.
  • voice call services various other services, for example enhanced content services such as multimedia services or other data services, security services may be provided for a user.
  • An user equipment may communicate data to and from a server entity, or between two or more user equipments.
  • a communication system typically operates in accordance with a given standard or specification, which sets out what the various entities associated with the system are permitted to do and how that should be achieved.
  • Communication protocols, parameters, functions, reference points and interfaces, which shaii be used for a connection are typically defined by the standards or specifications.
  • Communication systems providing wireless communication for user equipment are known. These systems are commonly referred to as mobile systems, although in certain systems the mobility may be restricted to substantially small areas.
  • An example of the mobile systems is the public land mobile network (PLMN).
  • PLMN public land mobile network
  • Another example is a mobile system that is based, at least partially, on use of communication satellites.
  • Mobile communications may also be provided by means of other types of systems, such as by means of wireless local area networks (WLAN), Personal Area Networks (PAN), Wide Area Networks (WAN) or some other form of network that provides Internet Protocol (IP) access.
  • WLAN wireless local area networks
  • PAN Personal Area Networks
  • WAN Wide Area Networks
  • IP Internet Protocol
  • an access node provides user equipment with access to the communication system.
  • An user equipment may be in wireless communication with two or more access nodes at the same time. Communication on the wireless interface between the user equipment and the access node(s) can be based on an appropriate communication protocol.
  • Examples of the various wireless access systems include CDMA (Code Division Multiple Access), WCDMA (Wide-band CDMA), TDMA (Time Division Multiple Access), FDMA (Frequency Division Multiple Access), or SDMA (Space Division Multiple Access), Institute of Electrical and Electronics Engineers (IEEE) 802.11 , DECT (Digital Enhanced Cordless Communication), WLAN, WAN or cable connection and further developments and hybrids thereof.
  • the operation of the network apparatus is controlled by an appropriate control arrangement commonly including a number of various control entities.
  • One or more gateways or intermediate servers may also be provided for connecting a network to other networks or hiding network internal details from external nodes.
  • a PLMN network may be connected to other mobile or fixed line communication networks or data communication networks such as an IP (Internet Protocol) and/or other packet data networks.
  • IP Internet Protocol
  • a user or the user equipment may need to be authenticated before he/she is allowed to access or otherwise use various applications and services. This may be required for security and privacy reasons, but also to enable correct billing of the service usage.
  • a user can be identified based on various values associated with the user known to a third party.
  • GAA Generic Authentication Architecture
  • 3GPP2 Third Generation Partnership Project 2
  • GAA is an authentication mechanism proposed by the third generation partnership project (3GPP) called the 'Generic Authentication Architecture' (GAA) or the GAA version defined by the Third Generation Partnership Project 2 (3GPP2).
  • the GAA is indented to be used as a security procedure for various applications and services for users of mobile user equipment, such as mobile stations for cellular systems.
  • GAA based security credentials can be used for authentication, but also for other security purposes, like integrity and confidentiality protection of messages.
  • the GAA is intended to be based on shared secrets that are stored on specific secure storage entities provided in association with the user equipment and subscriber databases.
  • the secure storage and credential generation entity of a user equipment may be provided by an appropriate security function, for example a security module, an identification module or another secure environment in the user equipment. Also, the storage and the credential generation can be performed by two different entities.
  • the subscriber database may be provided by an appropriate network entity, for example a Home Location Register (HLR), Home Subscriber Server (HSS), Authentication Authorization and Accounting (AAA) server or Domain Name Service (DNS) server like database.
  • HLR Home Location Register
  • HSS Home Subscriber Server
  • AAA Authentication Authorization and Accounting
  • DNS Domain Name Service
  • 3GPP TS 33.220 3GPP TS 33.220
  • This infrastructure may be utilised to secure interworking with application functions in the network side and on the user side to communicate in situations where they would not otherwise be able to do so.
  • bootstrapping of application security or more generally simply as “bootstrapping”, which is carried out in generic bootstrapping architecture (GBA).
  • GBA generic bootstrapping architecture
  • a generic bootstrapping server function allows user equipment (UE) to authenticate therewith, and agree on session keys, which are then used for a secure interaction between a Network Application Function (NAF) and the UE.
  • NAF Network Application Function
  • Such authentication is preferably based on authentication and key agreement (AKA).
  • AKA authentication and key agreement
  • the mobile terminal and the network mutually authenticate each other and agree on service specific session keys.
  • the UE and an network application function which may also be referred to as a service provider, may run some application specific protocol where the security of messages is based on the service specific session keys agreed between the UE and the BSF.
  • the bootstrapping function procedure is not intended to be dependent upon any particular network application function.
  • the server implementing the bootstrapping function must be trusted by the home operator to handle authentication vectors.
  • Network application functions in the operator's home network are to be supported, but also the support of network application functions in a visited network, or even in a third network is possible.
  • the UE sends a service request to a NAF.
  • the NAF must then communicate with the BSF in order to retrieve the service specific session key(s) required for authentication with the UE.
  • the secure storage entity of a user equipment is provided by an appropriate security function, for example a security module, or an identification module such as a universal integrated circuit card (UICC) or a trusted environment in the terminal.
  • a security module for example a security module, or an identification module such as a universal integrated circuit card (UICC) or a trusted environment in the terminal.
  • UICC universal integrated circuit card
  • This approach has limitations. Firstly when the device is not intended to be used as a conventional telephone and therefore does not contain a UICC or equivalent subscriber information module (SlM) card. For example a user attempting to access a network function with a handheld device such as the Sony PlayStation Portable (PSP) would not be able to authenticate the user due to a lack of a UICC. Furthermore a user operating a tablet PC, personal digital assistant (PDA) personal computer or laptop connecting over a wireless or fixed link would not be able to access the network function and gain access to the service that the user may be used to from his mobile subscription.
  • PDA personal digital assistant
  • the switching between users requires the user equipment to be powered down, have the current UICC removed, the new UICC for the next user inserted and the user equipment to be powered back up, which is time consuming, user unfriendly, battery draining process and potentially capable of damaging the UICC.
  • an integrated security module overcomes the problem of switching the UICC it also prevents the independent monitoring of each user. For example the device with a single module with a single ID would require further control entities to prevent children from being able to access adult material.
  • Embodiments of the present invention aim to address one or several of the above problems.
  • a user equipment in a communications system comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
  • the at least one identifier preferably comprises a first identifier, wherein the first identifier is preferably a publicly known identifier.
  • the first identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; and a caller line identification value.
  • the at least one identifier preferably comprises a second identifier, wherein the further identifier is preferably a private identifier known to the user equipment and node only.
  • the second identifier is preferably at least one of: a password value; and a private cryptographic key.
  • the transceiver is preferably arranged to transmit the first identifier to the further node to initiate the authentication of the user equipment at the further node.
  • the transceiver is preferably arranged to receive an authentication message from the further node.
  • the user equipment preferably further comprises a processor, the processor being arranged to process the authentication message.
  • the processor is preferably arranged to generate a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and the second identifier.
  • the processor is preferably arranged to generate a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and a result of a one way function of the second identifier.
  • a method for authenticating a user equipment in a communications system comprising: receiving at a user equipment from a node in the communications system at least one identifier associated with the user equipment; storing at the user equipment the at least one identifier; wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
  • the at least one identifier preferably comprises a first identifier, wherein the first identifier is preferably a publicly known identifier.
  • the first identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; and a caller line identification value.
  • the at least one identifier preferably comprises a second identifier, wherein the further identifier is preferably a private identifier known to the user equipment and node only.
  • the second identifier is preferably at least one of: a password value; and a private cryptographic key.
  • the method for authenticating a user equipment preferably further comprising the step of transmitting the first identifier from the user equipment to the further node to initiate the authentication of the user equipment at the further node.
  • the method for authenticating a user equipment preferably further comprising the step of receiving at the user equipment an authentication message from the further node.
  • the method for authenticating a user equipment preferably further comprising the step of processing the authentication message received at the user equipment.
  • the method for authenticating a user equipment preferably further comprising the step of generating a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and the second identifier.
  • the method for authenticating a user equipment preferably further comprising the step of generating a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and a result of a one way function of the second identifier.
  • a computer program arranged to operate a computer to perform a method for authenticating a user equipment in a communications system, the method comprising: receiving at a user equipment from a node in the communications system at least one identifier associated with the user equipment; storing at the user equipment the at least one identifier; wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
  • a network comprising: at least one user equipment, a node and at least one further node, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the node wherein the transceiver is arranged to receive the at least one identifier from the node, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to the at least one further node in the network.
  • the at least one identifier preferably comprises a publicly known identifier.
  • the at least one identifier preferably comprises a private identifier known to the user equipment, the node and further node only.
  • the at least one identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
  • the node preferably comprises a credential server.
  • the further node preferably comprises at least one of a network application function node and a bootstrapping function node.
  • a node in a communications system comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the user equipment, wherein the transceiver is arranged to transmit the at least one identifier from the node to the user equipment, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
  • the at least one identifier preferably comprises a publicly known identifier.
  • the at least one identifier preferably comprises a private identifier known to the user equipment the node and the further node only.
  • the at least one identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
  • the node is preferably a credential server.
  • the further node is preferably at least one of a bootstrapping server and a network application server.
  • a node in a communications system for providing a user equipment a bootstrapping function comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the user equipment wherein the transceiver is arranged to receive the at least one identifier from the user equipment and wherein the at least one identifier is used by the user equipment to authenticate the user equipment.
  • the at least one identifier preferably comprises at least one of a publicly known identifier.
  • the at least one identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
  • the transceiver is preferably arranged to receive the at least one identifier from the UE, and wherein the node is arranged to initiate the authentication of the user equipment on receipt of the at least one identifier.
  • the transceiver is preferably arranged to transmit an authentication message to the user equipment.
  • the node preferably further comprises a processor, wherein the processor is arranged to generate a cryptographic key.
  • the transceiver preferably is arranged to transmit the cryptographic key to an application function server in dependence on a processed authentication message.
  • the cryptographic key is preferably arranged to secure communications between the user equipment and the application function server.
  • the node preferably comprises a bootstrapping function server.
  • a node in a communications system for providing a user equipment a application function comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a further node to receive the at least one identifier from a further node, wherein the at least one identifier is used to authenticate the user equipment.
  • the at least one identifier preferably comprises at least one publicly known identifier.
  • the at least one identifier preferably is at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
  • the transceiver is preferably further arranged to communicate with the user equipment to receive at least one further identifier from the UE, and wherein the node is arranged to initiate the authentication of the user equipment on receipt of the at least one further identifier.
  • the transceiver is preferably further arranged to transmit an authentication message to the user equipment.
  • the transceiver is preferably further arranged to receive from the further node a cryptographic key.
  • the cryptographic key is preferably arranged to secure communications between the user equipment and the node.
  • the node preferably comprises a network application server.
  • Figure 1 shows a communication system wherein the present invention may be embodied
  • Figure 2 shows the schematic view of a communications architecture wherein the present invention may be embodied
  • FIG. 3 shows a flowchart of the bootstrapping procedure as carried out in an embodiment of the present invention.
  • FIG. 4 shows a flowchart of an network application authentication procedure as carried out in an embodiment of the present invention.
  • PLMN public landline mobile network
  • DSL Digital Subscriber Line
  • a number of base stations 12 are arranged to wirelessly transmit signals to and receive signals from a plurality of mobile user equipment 14 (of which one is shown in figure 1). Likewise, mobile user equipment 14 is able to transmit wireless signals to and receive signals from base stations 12.
  • the operation of the network 10 is typically controlled by means of appropriate controller entities. Data required for the operation of the PLMN is typically stored in appropriate data storage entities and servers.
  • Figure 1 shows a data storage 16 configured to store data relating to the authenticity of the user.
  • This data storage is also known as a credential server.
  • the credential server is arranged to store data known as a secret credential or shared secret, which is selected or generated and known only to the credential server and the user.
  • a credential can be a cryptographic key, a password or another form of security token.
  • This shared secret in a first embodiment of the invention is a credential generated when the user registers at the credential server for the first time. For example when a user registers to a Voice over IP service they may be asked to provide or generate a password in combination with a user name. This combination is typically used by the user to connect to the service. Although the user name is known to other parties the password is kept secret from all others except the user and the credential server. Sometimes even the username is considered to be secret.
  • a credential is a public/private cryptographic key pair shared between the credential server 16 and the user equipment 14.
  • other data may be used to in association with the credential to identify the user such as the caller line identifier value.
  • the user equipment For use in a wireless communications system, the user equipment comprises receive and transmit circuitry and means for receiving and transmitting wireless signals for implementing calls and other signalling channels so that it is enabled to communicate with the base stations 12, for example to make voice call and to send and receive data.
  • the user may also connect his device directly to a cable based network and therefore access services that reside in the wireless communication system via the IP protocol.
  • the user equipment may also be enabled to process control instructions it may receive from the network and to send control information to the network.
  • a user may access various applications, for example service applications via the network he or she has access to.
  • An application may be provided by a provider entity, for example any of service provider application servers 18. It is noted that the application servers (AS) need only be connected to the mobile network, but are not necessarily a part of the mobile network.
  • the application server may be some kind of broadcasting server. This means that the operator of the network 10 may not necessarily have any or may only have a limited control on the operation of an application provider.
  • a communication system may be provided by a plurality of different communication networks. Thus the application provider entity may be connected to another network than the network the user subscribes to. Also the network where a user has subscribed to may consist out of several network types, for example, UMTS, fixed line, WLAN or similar all run by the same operator.
  • FIG. 1 shows a security management server 17 adapted for user authentication.
  • the security management server is capable of key generation.
  • the server 17 provides a bootstrapping function based on secret credential values stored in a credential database that may be part of the security management server or connected to it.
  • a user can be identified by the security management server 17 based on various credentials. These can be divided into public and private cryptographic key credentials or secret credentials. The secret credentials and private keys from the public/private key pairs are, as described above, typically only known by the operator whereas the public key credentials may be made public. Sometimes also semi-public credentials are used, for example IP addresses.
  • Non-limiting examples of secret user credentials include International Mobile Subscriber Identity (IMSI) and Internet Protocol Multimedia Private Identity (IMPI).
  • IMSI International Mobile Subscriber Identity
  • IMPI Internet Protocol Multimedia Private Identity
  • public credentials include Mobile Subscriber Integrated System Digital Number (MSISDN), calling line identifier (CLF) and IP Multimedia Public Identity (IMPU).
  • Figure 2 shows an example of the server architecture within which the embodiments of the present invention operate. More particularly, Figure 2 is a schematic block diagram of an improved arrangement, which in its non improved form is known as a generic authentication architecture (GAA) in accordance with the 3GPP system.
  • GAA generic authentication architecture
  • the improved generic authentication architecture comprises a user equipment 14 which can communicate to a network application function (NAF) server 25 over an appropriate interface 4, for example an Ua interface.
  • the network application server 25 is also known as the application server as shown in figure 1.
  • the user equipment (UE) 14 can also communicate to a security management server (bootstrapping function (BSF) server) 17 via an appropriate interface 3, for example an Ub interface. But the data necessary for credential generation may also be pushed from the NAF over the Ua interface 4 to the UE or directly from the BSF to the UE.
  • the security management server (the BSF server) 17 can communicate with the NAF server 25 over an appropriate interface 1 , for example a Zn interface.
  • the security management server (BSF server) 17 can communicate with the data storage 16 configured to store subscriber information (which in a first embodiment of the invention is a credential server) via the interface 2, for example a Zh interface.
  • the BSF may also contain itself the security data storage e.g. in form of an AAA server functionality of extended DNS server functionality.
  • the NAF server 25 can in further embodiments of the invention be connected directly to the data storage 16 configured to store subscriber information over an appropriate interface 7 (represented in figure 2 as a dashed line), for example a Sh or Zh interface.
  • the user equipment 14 is connected to the credential server 16, in order that the UE 14 and Credential server swap the shared secret (e.g.
  • NSS Network Attachment Subsystem
  • a one-way function may just cut off parts of a value that was the input to the function, but may also perform a sophisticated cryptographic algorithm.
  • GBA-PKI Generic Bootstrapping Architecture - Public Key Infrastructure
  • the secret credential Ks shared by the UE 14 and the credential server 16 is a result of a one way function which has as the input a private cryptographic key associated with the user.
  • the cryptographic key is generated as part of a private/public key pair.
  • the result of a one way function of the private key is in one embodiment generated at the UE 14 and passed to the credential server 16 in a secure way.
  • the key pair and the result of a one way function value is generated at the credential server 16 and passed to the UE in a secure way.
  • the public key is distributed at the same time and in the same manner.
  • the key pair is generated at a key generator server (not shown in figure 1 ) and distributed in a secure way to both the UE 14 and the credential server 16.
  • the result of a one way function credential also includes the public key data or could contain the whole certificate.
  • the result of a one way function of the private key described above (which may also contain the public key and or the whole certificate) is associated with the user at the credential server by the means of public or semi-public credential.
  • the public or semi public credential associated with the shared credential for example is the "username" data field used to register on the credential server.
  • the public credential is the caller line identity value - a number which indicates from which PSTN connection the connection to the network is coming from. This although specifies only that the user is connected from a specific physical locality.
  • GBA-LA Generic Bootstrapping Architecture - Line Authentication
  • the secret credential Ks shared between the UE 14 and the credential server 16 is the password data field used when initially registering the user at the credential server.
  • the secret credential shared between the UE 14 and the credential server 16 is a one way function of the password data field (The one way function receives a first value and returns an output or value in dependence of a known mapping or one way function). The user would provide his full password for authentication, but the value stored would be the one way function applied to the password. This value may in some embodiments also include some additional data (called salt) to make it harder for an attacker to derive an analogous value as a result of the one way function.
  • additional values generated either by the UE 14 or the credential server 16 or both are added to the one-way-function to produce the credential Ks. After applying the one way function, the resulting value may need to be reduced, due to length restrictions.
  • the additional value can be for example a random value or a current timestamp.
  • the private or secret credential is a credential value which is generated by a network gateway between the UE 14 and credential server 16. The credential value is distributed securely to the UE 14 and credential server 16.
  • the public or semi public credential described above is associated with the user equipment at the credential server.
  • the public or semi-public credential associated with the user is the caller line identity value - a number which indicates to the network which PSTN connection the UE 14 is connected via.
  • the operator may also map the calling line identifier to an IP address and use the IP address as the semi-public credential and instead or additionally to the calling line identifier.
  • the secret credential Ks shared between the UE 14 and the credential server 16 is the password data field used when initially registering the user at the credential server 16.
  • the secret credential shared between the UE 14 and the credential server 16 is a one way function result of the password data field (The one way function receives a first value, the password value, and returns an output value in dependence of a known mapping or one way function).
  • additional values generated either by the UE 14 or the credential server 16 or both are added to the one-way-function to produce the secret identifier Ks.
  • the additional value or values can be for example random values or current timestamps.
  • the public or semi-public credential is associated with the user at the credential server.
  • the unique identifier associated with the public credential for example is the "username" data field initially used to register at the credential server.
  • GAA GAA
  • the user equipment 14 communicates with an application entity, for example a network application function (NAF) server 25.
  • NAF network application function
  • the NAF server 25 provides a service to the user equipment 14 but before the network application function server 25 can deliver its services to the user equipment 14 in a secure manner an service specific authentication procedure and / or secure communication is needed that our invention bases on one of the three examples above
  • the user equipment 14 If the user equipment 14 wishes to access an application from the NAF server 25 but has not undergone an authentication that has resulted in the BSF recovering authentication key material or that the material recovered is no longer valid, the user equipment 14 undergoes an initial authentication procedure also known as bootstrapping. This can occur for example when a new user operates the user equipment or if a user has not used the user equipment for a predetermined time or had previously 'logged out' from the user equipment. In all three of the above examples the user using the UE is required to be authenticated.
  • Figure 3 shows the steps carried out within embodiments of the present invention in carrying out the bootstrapping authentication procedure.
  • the NAF may push the security relevant data needed to create a security association between UE and NAF to the UE, after having communicated with the BSF.
  • the BSF may push the security relevant data needed to create the security association between UE and NAF to the UE.
  • the user equipment transmits an authorisation request containing some form of user identification to the bootstrapping server function (BSF) 17.
  • BSF bootstrapping server function
  • This user ID in the GBA-PKI and GBA-PW embodiments is the username value.
  • the user ID in the GBA-LA embodiment used is the caller line identification value and / or IP address.
  • the BSF 17, on receiving the user identification value communicates with the credential server 16 to retrieve the user profile (Prof) together any required authentication vector.
  • the authentication vector includes a random number value (RAND), an authentication token (AUTN), an expected authentication response (XRES) and the shared identification value.
  • the shared identification value Ks. is stored in the UICC or similar smart card.
  • the shared identification value is the private key or any combination as described above comprising the private key.
  • the shared identification value is the password value (or in some embodiments the result of a one way function of the password value).
  • the BSF 17 transmits a message to the UE 14 demanding the UE authenticates itself to the BSF 17.
  • the message contains the random number value (RAND) and the authentication token (AUTN) received from the credential server.
  • the UE 14 runs AKA algorithms as known in the art to verify the authentication token is correct.
  • the UE 14 also generates a response message value (RES).
  • RES response message value
  • the UE does not use the AKA algorithm to authenticate the server, but other means to authenticate to the server, for example username / password, certificates, public/private key pairs, line identifier or similar means.
  • the BSF and UE are both trusted and the BSF may not need to be authenticated.
  • the BSF is trusted, but that do
  • the UE 14 transmits a request authorisation message to the BSF 17.
  • the request message contains a response value (RES) which is used to verify that the user is the same user as requesting the authorization procedure.
  • RES response value
  • step 311 the BSF, on receipt of the request message transmitted in step 309, checks whether the received RES value matches the expected response value (XRES) already stored at the BSF 17. If the values match, the process progresses to step 313.
  • XRES expected response value
  • step 313 the BSF 17 generates a bootstrapping transaction identification value (B-TID) which uniquely defines the bootstrapping.
  • B-TID bootstrapping transaction identification value
  • the BSF 17 transmits to the UE 14 an OK message containing the B-TID value and the Key lifetime value.
  • the Key lifetime value defines the lifespan of this current bootstrapping in order to reduce the probability of non authorized access to the system.
  • Ks_NAF cryptographic key material
  • the UE 14 uses the shared secret value to derive the key material (Ks_NAF).
  • Ks_NAF key material
  • Ks_NAF KDF(Ks, "gba-me”, RAND, IMPI, NAFJD)
  • KDF is the known key distribution function, a mathematical function which generates cryptographical key material dependent on the parameters within the brackets and is described in Appendix B of 3GPP TS 33 220.
  • the derivation parameters currently used as shown above are: the secret credential or key value Ks, the GBA type string "gba-me", the random number value received from the BSF 17 (RAND), the user's internet protocol multimedia private identity (IMPI), and the NAF identification value (NAFJD).
  • the key derivation function as specified in the 3GPP document is used however the parameters differ.
  • the parameters used to generate the key material are:-
  • KsJ 3 KIJMAF KDF(Ks, "gba-pki", RAND, Public credential, NAFJD)
  • the GBA type string provides an indication of the basis of the bootstrapping i.e. "gba-pki".
  • the secret credential value Ks in this embodiment of the present invention is a result of a one way function which at least contains the private key of the user (and may further contain the public key and whole certificate).
  • the public (semi-public) credential in some PKI embodiments is the username value associated with the private key and in other embodiments the caller line identification value.
  • the parameters used to generate the key material are:-
  • KsJA_NAF KDF(Ks, "gba-la”, RAND, Public Credential, NAFJD)
  • the GBA type string provides an indication of the basis of the bootstrapping i.e. "gba-la".
  • the secret credential value Ks in this embodiment of the present invention is the password or result of the one way function of the password value as described above.
  • the associated public (semi-public) credential in the line authentication embodiments is the caller line identification value as also described above.
  • the parameters used to generate the key material are:-
  • Ks_PW_NAF KDF(Ks, "gba-pw”, RAND, Public Credential, NAFJD)
  • the GBA type string provides an indication of the basis of the bootstrapping i.e. "gba-pw".
  • the secret credential value Ks in this embodiment of the present invention is the password or result of a one way function of the password value as described above.
  • the associated public (semi-public) credential is the usemame value associated with the password.
  • the random number value is not used to derive the key material. In further embodiments of the present invention, the random number value is replaced by a token such as a time stamp received from the application server. In some embodiments of the GBA- PKI embodiments the password of the user is also included as a further parameter or is used to replace the RAND value.
  • Figure 4 shows the method steps employed in embodiments of the present invention once the initial bootstrapping has been carried out in order that the UE with 'live' authentication keys authenticates itself with a network application function 25.
  • Steps 401 , 403 and 405 show in summary the result of the steps carried out by the bootstrapping operation as shown in figure 3.
  • Step 401 shows that the UE has stored a bootstrapping transaction identification value (B-TlD) and the shared identification value (Ks).
  • B-TlD bootstrapping transaction identification value
  • Ks shared identification value
  • Step 403 shows that the bootstrapping serving function (BSF) 17 has a copy of the bootstrapping transaction ID value (B-TID), the shared identification value (Ks), and an application specific part of the user profile (PROF) - detailing any special instructions as to which parts of the application the user is authorized to access, for example an age certificate enabling the application function to block adult material for minors.
  • B-TID bootstrapping transaction ID value
  • Ks shared identification value
  • PROF application specific part of the user profile
  • Step 405 shows the generation at the UE 14 of the Ks_NAF key material (the equivalent to step 317 from figure 3) from the PKI/LA/PW shared identification values as described above and using conventional Key Derivation Function (KDF) and AKA algorithms.
  • KDF Key Derivation Function
  • the UE 14 makes an application request to the NAF 25 for access for a specific application.
  • the application request contains the bootstrapping transaction identification value (B-TID).
  • B-TID bootstrapping transaction identification value
  • the request also contains application specific data (msg) such as the request for a specific element of the service required.
  • step 409 following the receipt of the application receipt at the NAF 25, the NAF 25 transmits an authorisation request to the BSF 17.
  • the authorisation request contains the bootstrap transaction ID (B-TID) received from the UE 14 together with the NAF ID value (NAF-ID).
  • step 411 on receipt of the authentication request from the NAF 25, the BSF 17 generates the key material required by the NAF 25 to enable data to be encrypted between the UE 14 and the NAF 25.
  • This key material Ks_NAF is generated according to the known key derivation function as previously described.
  • the BSF 17 also transmits an authorization answer to the NAF 25.
  • the authorisation answer contains the generated key material Ks_NAF, and may also contain the application specific part of the user profile (PROF), the bootstrap time (BOOTSTRAP time) defining the time when the last bootstrapping process was carried out and the key lifetime (Key lifetime) which defines the time within which the generated key is valid - and if the generated key has a lifetime.
  • the NAF 25 on receipt of the authorization answer, stores the application specific key material that was derived for the NAF, the application specific part of the user profile (PROF), the bootstrap time and the key lifetime.
  • PROF application specific part of the user profile
  • the NAF 25 having stored the information, transmits an application answer 415 to the user equipment 14 in response to the application request from step 407.
  • both the UE and NAF now contain encryption key material within which data may be encrypted before transmission between each other or that may be used for authentication of the UE to the NAF.
  • This streaming can only be performed where the user is correctly authorized to access the material.
  • the NAF should determine if the user has correctly purchased the material and also whether the user is suitable to view the material (for example in order to prevent adult themed material being accessed by minors).
  • the credential server which can have a user name, password identifier pairing or other information stored on the credential server there is no requirement to have identity data permanently stored (in the case of the fixed security module) or semi permanently stored (in the case of the UICC security module) within the user equipment.
  • identity data permanently stored (in the case of the fixed security module) or semi permanently stored (in the case of the UICC security module) within the user equipment.
  • this process can be used to access network application functions from fixed network resources as well as mobile network resources. It would be possible using embodiments of the present invention to access application servers and bootstrap and authenticate the user using the fixed network resource to connect to the application function using the same steps as described above.
  • a further advantage is that the private key identifier in the PKI embodiments is used only once during bootstrapping, and is not used between other servers. This therefore has additional security as fewer parties have access to the private key itself.
  • a further advantage is that the shared identifier Ks can be used directly without any requirement to generate instant private key identifiers (for example in preshared key -transport layer security (PSK TLS) and therefore no computationally complicated private key operations are required to be carried out for the client (excepting any private key recalculations after a specified time period - e.g. a day) and for the server.
  • PSK TLS preshared key -transport layer security
  • the UE there is no requirement for the UE to be able to handle revocation of the client's certificate in comparison to the Public Key Infrastructure (PKI) system.
  • PKI Public Key Infrastructure
  • the above described operations may require data processing in the various entities.
  • the data processing may be provided by means of one or more data processors.
  • Appropriately adapted computer program code product may be used for implementing the embodiments, when loaded to a computer.
  • the program code product for providing the operation may be stored on and provided by means of a carrier medium such as a carrier disc, card or tape. A possibility is to download the program code product via a data network. Implementation may be provided with appropriate software in a location server.
  • the BSF and credential server functionality is housed within a single server entity.
  • the exemplifying communication system shown and described in more detail in this disclosure uses the terminology of the 3 rd generation (3G) WCDMA (Wideband Code Division Multiple Access) networks, such as UMTS (Universal Mobile Telecommunications System) or CDMA2000 public land mobile networks (PLMN), embodiments of the proposed solution can be used in any communication system wherein advantage may be obtained by means of the embodiments of the invention.
  • the invention is not limited to environments such as cellular mobile or WLAN systems either.
  • the invention could be for example implemented as part of the network of computers known as the "Internet", and/or as an "Intranet”.
  • the user equipment 14 in some embodiments of the present invention can communicate with the network via a fixed connection, such as a digital subscriber line (DSL) (either asynchronous or synchronous) or public switched telephone network (PSTN) line via a suitable gateway.
  • DSL digital subscriber line
  • PSTN public switched telephone network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier (a user name, a public cryptographic key, an IP address, a caller line identification value, a password value, a private cryprographic key) associated with the user equipment; a transceiver arranged to communicate with a node (e.g. a credential server) in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node (e.g. a bootstrapping authentication server or a network application server) in the communications system.

Description

TITLE OF THE INVENTiON:
USER EQUIPMENT CREDENTIAL SYSTEM
BACKGROUND OF THE INVENTION: Field of the Invention:
The present disclosure relates to security in a communications system, and more particularly, but not exclusively, to management and creation of user security related data and credentials for user equipment.
Description of the Related Art:
A communication system can be seen as a facility that enables communication sessions or data sessions between entities such as user equipment and/or other nodes associated with the communication system. The communication may comprise, for example, communication of voice, data, multimedia and so on. An user equipment connected to a communication system may, for example, be provided with a two-way. telephone call or multi-way conference call or with a data connection. In addition voice call services, various other services, for example enhanced content services such as multimedia services or other data services, security services may be provided for a user. An user equipment may communicate data to and from a server entity, or between two or more user equipments.
A communication system typically operates in accordance with a given standard or specification, which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols, parameters, functions, reference points and interfaces, which shaii be used for a connection are typically defined by the standards or specifications. Communication systems providing wireless communication for user equipment are known. These systems are commonly referred to as mobile systems, although in certain systems the mobility may be restricted to substantially small areas. An example of the mobile systems is the public land mobile network (PLMN). Another example is a mobile system that is based, at least partially, on use of communication satellites. Mobile communications may also be provided by means of other types of systems, such as by means of wireless local area networks (WLAN), Personal Area Networks (PAN), Wide Area Networks (WAN) or some other form of network that provides Internet Protocol (IP) access.
In a wireless system an access node provides user equipment with access to the communication system. An user equipment may be in wireless communication with two or more access nodes at the same time. Communication on the wireless interface between the user equipment and the access node(s) can be based on an appropriate communication protocol. Examples of the various wireless access systems include CDMA (Code Division Multiple Access), WCDMA (Wide-band CDMA), TDMA (Time Division Multiple Access), FDMA (Frequency Division Multiple Access), or SDMA (Space Division Multiple Access), Institute of Electrical and Electronics Engineers (IEEE) 802.11 , DECT (Digital Enhanced Cordless Communication), WLAN, WAN or cable connection and further developments and hybrids thereof.
The operation of the network apparatus is controlled by an appropriate control arrangement commonly including a number of various control entities. One or more gateways or intermediate servers may also be provided for connecting a network to other networks or hiding network internal details from external nodes. For example, a PLMN network may be connected to other mobile or fixed line communication networks or data communication networks such as an IP (Internet Protocol) and/or other packet data networks. A user or the user equipment may need to be authenticated before he/she is allowed to access or otherwise use various applications and services. This may be required for security and privacy reasons, but also to enable correct billing of the service usage. For example, it may need to be verified that the user is whoever he/she claims to be, that the user has the right to use a certain service, that the user can be provided with an access to sensitive information and so on. In an authentication process, a user can be identified based on various values associated with the user known to a third party.
Various authentication mechanisms are already in place, or have been proposed. A non-limiting example is an authentication mechanism proposed by the third generation partnership project (3GPP) called the 'Generic Authentication Architecture' (GAA) or the GAA version defined by the Third Generation Partnership Project 2 (3GPP2). The GAA is indented to be used as a security procedure for various applications and services for users of mobile user equipment, such as mobile stations for cellular systems. GAA based security credentials can be used for authentication, but also for other security purposes, like integrity and confidentiality protection of messages. The GAA is intended to be based on shared secrets that are stored on specific secure storage entities provided in association with the user equipment and subscriber databases. The secure storage and credential generation entity of a user equipment may be provided by an appropriate security function, for example a security module, an identification module or another secure environment in the user equipment. Also, the storage and the credential generation can be performed by two different entities. The subscriber database may be provided by an appropriate network entity, for example a Home Location Register (HLR), Home Subscriber Server (HSS), Authentication Authorization and Accounting (AAA) server or Domain Name Service (DNS) server like database.
Furthermore in 3GPP there has been proposed (3GPP TS 33.220) an authentication infrastructure. This infrastructure may be utilised to secure interworking with application functions in the network side and on the user side to communicate in situations where they would not otherwise be able to do so.
This functionality is referred to as "bootstrapping of application security", or more generally simply as "bootstrapping", which is carried out in generic bootstrapping architecture (GBA).
The general principles of bootstrapping are that a generic bootstrapping server function (BSF) allows user equipment (UE) to authenticate therewith, and agree on session keys, which are then used for a secure interaction between a Network Application Function (NAF) and the UE. Such authentication is preferably based on authentication and key agreement (AKA). By running AKA algorithms, the mobile terminal and the network mutually authenticate each other and agree on service specific session keys. After this authentication, the UE and an network application function (NAF), which may also be referred to as a service provider, may run some application specific protocol where the security of messages is based on the service specific session keys agreed between the UE and the BSF.
The bootstrapping function procedure is not intended to be dependent upon any particular network application function. The server implementing the bootstrapping function must be trusted by the home operator to handle authentication vectors. Network application functions in the operator's home network are to be supported, but also the support of network application functions in a visited network, or even in a third network is possible.
In the proposals for implementation of bootstrapping techniques, it is proposed that the UE sends a service request to a NAF. The NAF must then communicate with the BSF in order to retrieve the service specific session key(s) required for authentication with the UE. Typically as described above the secure storage entity of a user equipment is provided by an appropriate security function, for example a security module, or an identification module such as a universal integrated circuit card (UICC) or a trusted environment in the terminal.
This approach has limitations. Firstly when the device is not intended to be used as a conventional telephone and therefore does not contain a UICC or equivalent subscriber information module (SlM) card. For example a user attempting to access a network function with a handheld device such as the Sony PlayStation Portable (PSP) would not be able to authenticate the user due to a lack of a UICC. Furthermore a user operating a tablet PC, personal digital assistant (PDA) personal computer or laptop connecting over a wireless or fixed link would not be able to access the network function and gain access to the service that the user may be used to from his mobile subscription. Also, it is currently not possible to have a generic single sign on process to NAF- based services over different access networks with an authentication that is bound to the presence of a UICC or similar smart card. Hence, users are required to remember a large range of passwords and Personal Identification Numbers (PIN) e.g. for Voice over IP solutions, access to his mobile phone, web service access etc.
Secondly where the device is to be used by more than one person, the switching between users requires the user equipment to be powered down, have the current UICC removed, the new UICC for the next user inserted and the user equipment to be powered back up, which is time consuming, user unfriendly, battery draining process and potentially capable of damaging the UICC. Although an integrated security module overcomes the problem of switching the UICC it also prevents the independent monitoring of each user. For example the device with a single module with a single ID would require further control entities to prevent children from being able to access adult material. SUMMARY OF THE INVENTION
Embodiments of the present invention aim to address one or several of the above problems.
There is provided according to the invention a user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
The at least one identifier preferably comprises a first identifier, wherein the first identifier is preferably a publicly known identifier.
The first identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; and a caller line identification value.
The at least one identifier preferably comprises a second identifier, wherein the further identifier is preferably a private identifier known to the user equipment and node only.
The second identifier is preferably at least one of: a password value; and a private cryptographic key.
The transceiver is preferably arranged to transmit the first identifier to the further node to initiate the authentication of the user equipment at the further node. The transceiver is preferably arranged to receive an authentication message from the further node.
The user equipment preferably further comprises a processor, the processor being arranged to process the authentication message.
The processor is preferably arranged to generate a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and the second identifier.
The processor is preferably arranged to generate a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and a result of a one way function of the second identifier.
According to a second aspect of the invention there is provided a method for authenticating a user equipment in a communications system, the method comprising: receiving at a user equipment from a node in the communications system at least one identifier associated with the user equipment; storing at the user equipment the at least one identifier; wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
The at least one identifier preferably comprises a first identifier, wherein the first identifier is preferably a publicly known identifier.
The first identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; and a caller line identification value. The at least one identifier preferably comprises a second identifier, wherein the further identifier is preferably a private identifier known to the user equipment and node only.
The second identifier is preferably at least one of: a password value; and a private cryptographic key.
The method for authenticating a user equipment preferably further comprising the step of transmitting the first identifier from the user equipment to the further node to initiate the authentication of the user equipment at the further node.
The method for authenticating a user equipment preferably further comprising the step of receiving at the user equipment an authentication message from the further node.
The method for authenticating a user equipment preferably further comprising the step of processing the authentication message received at the user equipment.
The method for authenticating a user equipment preferably further comprising the step of generating a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and the second identifier.
The method for authenticating a user equipment preferably further comprising the step of generating a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and a result of a one way function of the second identifier.
According to a third aspect of the invention there is provided a computer program arranged to operate a computer to perform a method for authenticating a user equipment in a communications system, the method comprising: receiving at a user equipment from a node in the communications system at least one identifier associated with the user equipment; storing at the user equipment the at least one identifier; wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
According to a fourth aspect of the invention there is provided a network comprising: at least one user equipment, a node and at least one further node, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the node wherein the transceiver is arranged to receive the at least one identifier from the node, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to the at least one further node in the network.
The at least one identifier preferably comprises a publicly known identifier.
The at least one identifier preferably comprises a private identifier known to the user equipment, the node and further node only.
The at least one identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
The node preferably comprises a credential server.
The further node preferably comprises at least one of a network application function node and a bootstrapping function node. According to a fifth aspect of the invention there is provided a node in a communications system comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the user equipment, wherein the transceiver is arranged to transmit the at least one identifier from the node to the user equipment, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
The at least one identifier preferably comprises a publicly known identifier.
The at least one identifier preferably comprises a private identifier known to the user equipment the node and the further node only.
The at least one identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
The node is preferably a credential server.
The further node is preferably at least one of a bootstrapping server and a network application server.
According to a sixth aspect of the invention there is provided a node in a communications system, for providing a user equipment a bootstrapping function comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the user equipment wherein the transceiver is arranged to receive the at least one identifier from the user equipment and wherein the at least one identifier is used by the user equipment to authenticate the user equipment. The at least one identifier preferably comprises at least one of a publicly known identifier.
The at least one identifier is preferably at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
The transceiver is preferably arranged to receive the at least one identifier from the UE, and wherein the node is arranged to initiate the authentication of the user equipment on receipt of the at least one identifier.
The transceiver is preferably arranged to transmit an authentication message to the user equipment.
The node preferably further comprises a processor, wherein the processor is arranged to generate a cryptographic key.
The transceiver preferably is arranged to transmit the cryptographic key to an application function server in dependence on a processed authentication message.
The cryptographic key is preferably arranged to secure communications between the user equipment and the application function server.
The node preferably comprises a bootstrapping function server.
According to a seventh aspect of the invention there is provided a node in a communications system, for providing a user equipment a application function comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a further node to receive the at least one identifier from a further node, wherein the at least one identifier is used to authenticate the user equipment.
The at least one identifier preferably comprises at least one publicly known identifier.
The at least one identifier preferably is at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
The transceiver is preferably further arranged to communicate with the user equipment to receive at least one further identifier from the UE, and wherein the node is arranged to initiate the authentication of the user equipment on receipt of the at least one further identifier.
The transceiver is preferably further arranged to transmit an authentication message to the user equipment.
The transceiver is preferably further arranged to receive from the further node a cryptographic key.
The cryptographic key is preferably arranged to secure communications between the user equipment and the node.
The node preferably comprises a network application server.
BRIEF DESCRIPTION OF DRAWINGS
For better understanding of the present invention, reference will now be made by way of example to the accompanying drawings in which:
Figure 1 shows a communication system wherein the present invention may be embodied;
Figure 2 shows the schematic view of a communications architecture wherein the present invention may be embodied;
Figures 3 shows a flowchart of the bootstrapping procedure as carried out in an embodiment of the present invention; and
Figure 4 shows a flowchart of an network application authentication procedure as carried out in an embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Some exemplifying and non-limiting embodiments of the invention are discussed below with reference to a mobile communication network such as a public landline mobile network (PLMN), for example used for a Digital Subscriber Line (DSL) connection. Before explaining these in more detail, a communication system comprising at least a PLMN is briefly explained with reference to Figure 1.
In a PLMN 10 a number of base stations 12 are arranged to wirelessly transmit signals to and receive signals from a plurality of mobile user equipment 14 (of which one is shown in figure 1). Likewise, mobile user equipment 14 is able to transmit wireless signals to and receive signals from base stations 12. The operation of the network 10 is typically controlled by means of appropriate controller entities. Data required for the operation of the PLMN is typically stored in appropriate data storage entities and servers.
Figure 1 shows a data storage 16 configured to store data relating to the authenticity of the user. This data storage is also known as a credential server. The credential server is arranged to store data known as a secret credential or shared secret, which is selected or generated and known only to the credential server and the user. A credential can be a cryptographic key, a password or another form of security token. This shared secret in a first embodiment of the invention is a credential generated when the user registers at the credential server for the first time. For example when a user registers to a Voice over IP service they may be asked to provide or generate a password in combination with a user name. This combination is typically used by the user to connect to the service. Although the user name is known to other parties the password is kept secret from all others except the user and the credential server. Sometimes even the username is considered to be secret.
In other embodiments of the present invention the credential is passed from the credential server 16 to the user equipment 14.In some embodiments of the invention the UE and the credential server each store a secret credential value associated with the UE and known only to each other. From this secret credential value there may be derived a certificate, username / password pair, or one or two secondary secret credentials. These secondary credential values are known to the network and a service providing entity (the service providing entity may be in some embodiments of the invention a third party).
In other embodiments of the present invention a credential is a public/private cryptographic key pair shared between the credential server 16 and the user equipment 14. In other embodiments other data may be used to in association with the credential to identify the user such as the caller line identifier value.
The user equipment (UE) 14 can be provided by any appropriate user terminal. The user equipment may contain or have access to one or more secure environments. In a mobile communications system, the user equipment constitutes a mobile terminal, for example a mobile telephone, a personal digital assistant (PDA) or a mobile PC (personal computer), or the like.
For use in a wireless communications system, the user equipment comprises receive and transmit circuitry and means for receiving and transmitting wireless signals for implementing calls and other signalling channels so that it is enabled to communicate with the base stations 12, for example to make voice call and to send and receive data. The user may also connect his device directly to a cable based network and therefore access services that reside in the wireless communication system via the IP protocol. The user equipment may also be enabled to process control instructions it may receive from the network and to send control information to the network.
A user may access various applications, for example service applications via the network he or she has access to. An application may be provided by a provider entity, for example any of service provider application servers 18. It is noted that the application servers (AS) need only be connected to the mobile network, but are not necessarily a part of the mobile network. The application server may be some kind of broadcasting server. This means that the operator of the network 10 may not necessarily have any or may only have a limited control on the operation of an application provider. Furthermore, a communication system may be provided by a plurality of different communication networks. Thus the application provider entity may be connected to another network than the network the user subscribes to. Also the network where a user has subscribed to may consist out of several network types, for example, UMTS, fixed line, WLAN or similar all run by the same operator.
A user or the user equipment commonly needs to be authenticated before he/she is allowed to access or otherwise use various applications and services via the network. Also the communication may be required to be secured. Figure 1 shows a security management server 17 adapted for user authentication. The security management server is capable of key generation. For example, the server 17 provides a bootstrapping function based on secret credential values stored in a credential database that may be part of the security management server or connected to it.
A user can be identified by the security management server 17 based on various credentials. These can be divided into public and private cryptographic key credentials or secret credentials. The secret credentials and private keys from the public/private key pairs are, as described above, typically only known by the operator whereas the public key credentials may be made public. Sometimes also semi-public credentials are used, for example IP addresses. Non-limiting examples of secret user credentials include International Mobile Subscriber Identity (IMSI) and Internet Protocol Multimedia Private Identity (IMPI). Non-limiting examples of public credentials include Mobile Subscriber Integrated System Digital Number (MSISDN), calling line identifier (CLF) and IP Multimedia Public Identity (IMPU).
To maintain the identity information user equipment 14 may be provided with an memory 15 arranged to store authentication information. The memory can be arranged to store a secure credential that is arranged to enable the networks to ensure that the user is who they claim to be or to secure a communication link. The memory may contain a number of security and other applications. A user may have several kinds of user identities, session credentials and service identifiers that are stored in the memory. The memory 15 in embodiments of the invention stores the shared secrets (with the subscriber data storage) and stores security keys generated from the shared secret. The generated shared secret may also be stored in a secondary memory that is connected to the primary memory that holds the shared secrets with the subscriber data storage. The secret credential values (shared keys with the subscriber data storage) may then be used in creation and receiving of trusted connections between the user equipment and an application, such as broadcasting content protection.
Figure 2 shows an example of the server architecture within which the embodiments of the present invention operate. More particularly, Figure 2 is a schematic block diagram of an improved arrangement, which in its non improved form is known as a generic authentication architecture (GAA) in accordance with the 3GPP system.
The improved generic authentication architecture (GAA) comprises a user equipment 14 which can communicate to a network application function (NAF) server 25 over an appropriate interface 4, for example an Ua interface. The network application server 25 is also known as the application server as shown in figure 1. The user equipment (UE) 14 can also communicate to a security management server (bootstrapping function (BSF) server) 17 via an appropriate interface 3, for example an Ub interface. But the data necessary for credential generation may also be pushed from the NAF over the Ua interface 4 to the UE or directly from the BSF to the UE. The security management server (the BSF server) 17 can communicate with the NAF server 25 over an appropriate interface 1 , for example a Zn interface. The security management server (BSF server) 17 can communicate with the data storage 16 configured to store subscriber information (which in a first embodiment of the invention is a credential server) via the interface 2, for example a Zh interface. The BSF may also contain itself the security data storage e.g. in form of an AAA server functionality of extended DNS server functionality. The NAF server 25 can in further embodiments of the invention be connected directly to the data storage 16 configured to store subscriber information over an appropriate interface 7 (represented in figure 2 as a dashed line), for example a Sh or Zh interface. Although not shown in figure 2, in some embodiments the user equipment 14 is connected to the credential server 16, in order that the UE 14 and Credential server swap the shared secret (e.g. usemame, password), calling line identifier, IP address or shared cryptographic keys (public/private key pairs). Although this has been described above in relation to one embodiment by the passing of data using a Network Attachment Subsystem (NASS) bundled authentication process, cable network, other ways of exchanging this information can be used. For example the information may be passed to the user off line - in the form of a letter, or as a file or part of a file on a portable media form (e.g. on a CD, DVD or removable flash memory unit). A one-way function may just cut off parts of a value that was the input to the function, but may also perform a sophisticated cryptographic algorithm.
In the following section three different credential combinations are described as non exhaustive examples of the type of credential that can be created as an initial step by the user to authenticate himself or herself in the absence of the use of the conventional identifiers as provided by the UICC.
GBA-PKI (Generic Bootstrapping Architecture - Public Key Infrastructure)
In a first embodiment of the present invention, the secret credential Ks shared by the UE 14 and the credential server 16 is a result of a one way function which has as the input a private cryptographic key associated with the user.
The cryptographic key is generated as part of a private/public key pair. The result of a one way function of the private key is in one embodiment generated at the UE 14 and passed to the credential server 16 in a secure way. In an alternate embodiment the key pair and the result of a one way function value is generated at the credential server 16 and passed to the UE in a secure way. In some embodiments the public key is distributed at the same time and in the same manner. In some embodiments the key pair is generated at a key generator server (not shown in figure 1 ) and distributed in a secure way to both the UE 14 and the credential server 16. In some embodiments of the invention the result of a one way function credential also includes the public key data or could contain the whole certificate.
The result of a one way function of the private key described above (which may also contain the public key and or the whole certificate) is associated with the user at the credential server by the means of public or semi-public credential. The public or semi public credential associated with the shared credential for example is the "username" data field used to register on the credential server. In a further example the public credential is the caller line identity value - a number which indicates from which PSTN connection the connection to the network is coming from. This although specifies only that the user is connected from a specific physical locality.
GBA-LA (Generic Bootstrapping Architecture - Line Authentication)
In a further embodiment of the present invention the secret credential Ks shared between the UE 14 and the credential server 16 is the password data field used when initially registering the user at the credential server. In some embodiments of the invention the secret credential shared between the UE 14 and the credential server 16 is a one way function of the password data field (The one way function receives a first value and returns an output or value in dependence of a known mapping or one way function). The user would provide his full password for authentication, but the value stored would be the one way function applied to the password. This value may in some embodiments also include some additional data (called salt) to make it harder for an attacker to derive an analogous value as a result of the one way function. In a further embodiment additional values generated either by the UE 14 or the credential server 16 or both are added to the one-way-function to produce the credential Ks. After applying the one way function, the resulting value may need to be reduced, due to length restrictions. The additional value can be for example a random value or a current timestamp. In a further embodiment of this type the private or secret credential is a credential value which is generated by a network gateway between the UE 14 and credential server 16. The credential value is distributed securely to the UE 14 and credential server 16.
The public or semi public credential described above is associated with the user equipment at the credential server. The public or semi-public credential associated with the user is the caller line identity value - a number which indicates to the network which PSTN connection the UE 14 is connected via. The operator may also map the calling line identifier to an IP address and use the IP address as the semi-public credential and instead or additionally to the calling line identifier.
GBA-PW (Generic Bootstrapping Architecture - Password Authentication)
In a further embodiment of the present invention the secret credential Ks shared between the UE 14 and the credential server 16 is the password data field used when initially registering the user at the credential server 16. In some embodiments of the invention the secret credential shared between the UE 14 and the credential server 16 is a one way function result of the password data field (The one way function receives a first value, the password value, and returns an output value in dependence of a known mapping or one way function). In a further embodiment additional values generated either by the UE 14 or the credential server 16 or both are added to the one-way-function to produce the secret identifier Ks. The additional value or values can be for example random values or current timestamps.
The public or semi-public credential is associated with the user at the credential server. The unique identifier associated with the public credential for example is the "username" data field initially used to register at the credential server.
The exemplifying embodiments of the present invention will be described with reference to the improved GAA (GBA) architecture as discussed in more detail below with regards to authorization of an user equipment 14 in accessing a specific application from a network application function server 25. Various possible components thereof will be described only briefly as the operation of these is not essential for embodying the invention.
The user equipment 14 communicates with an application entity, for example a network application function (NAF) server 25. The NAF server 25 provides a service to the user equipment 14 but before the network application function server 25 can deliver its services to the user equipment 14 in a secure manner an service specific authentication procedure and / or secure communication is needed that our invention bases on one of the three examples above
If the user equipment 14 wishes to access an application from the NAF server 25 but has not undergone an authentication that has resulted in the BSF recovering authentication key material or that the material recovered is no longer valid, the user equipment 14 undergoes an initial authentication procedure also known as bootstrapping. This can occur for example when a new user operates the user equipment or if a user has not used the user equipment for a predetermined time or had previously 'logged out' from the user equipment. In all three of the above examples the user using the UE is required to be authenticated.
Figure 3 shows the steps carried out within embodiments of the present invention in carrying out the bootstrapping authentication procedure. In another embodiment the NAF may push the security relevant data needed to create a security association between UE and NAF to the UE, after having communicated with the BSF. In another embodiment, the BSF may push the security relevant data needed to create the security association between UE and NAF to the UE.
In the first step 301 the user equipment transmits an authorisation request containing some form of user identification to the bootstrapping server function (BSF) 17. This user ID in the GBA-PKI and GBA-PW embodiments is the username value. The user ID in the GBA-LA embodiment used is the caller line identification value and / or IP address.
In the next step 303, the BSF 17, on receiving the user identification value communicates with the credential server 16 to retrieve the user profile (Prof) together any required authentication vector. The authentication vector includes a random number value (RAND), an authentication token (AUTN), an expected authentication response (XRES) and the shared identification value. In the prior art wireless communications environment the shared identification value (Ks). is stored in the UICC or similar smart card. In the GBA-PKI embodiment the shared identification value is the private key or any combination as described above comprising the private key. In the GBA-PW and GBA-LA embodiments the shared identification value is the password value (or in some embodiments the result of a one way function of the password value).
In the next step 305, the BSF 17 transmits a message to the UE 14 demanding the UE authenticates itself to the BSF 17. The message contains the random number value (RAND) and the authentication token (AUTN) received from the credential server.
In the next step 307, the UE 14 runs AKA algorithms as known in the art to verify the authentication token is correct. The UE 14 also generates a response message value (RES). In some embodiments of the present invention the UE does not use the AKA algorithm to authenticate the server, but other means to authenticate to the server, for example username / password, certificates, public/private key pairs, line identifier or similar means. In this embodiment the BSF and UE are both trusted and the BSF may not need to be authenticated. The BSF is trusted, but that do
In the following step 309, the UE 14 transmits a request authorisation message to the BSF 17. The request message contains a response value (RES) which is used to verify that the user is the same user as requesting the authorization procedure.
In the following step 311 , the BSF, on receipt of the request message transmitted in step 309, checks whether the received RES value matches the expected response value (XRES) already stored at the BSF 17. If the values match, the process progresses to step 313.
In step 313, the BSF 17 generates a bootstrapping transaction identification value (B-TID) which uniquely defines the bootstrapping.
In the next step 315, the BSF 17 transmits to the UE 14 an OK message containing the B-TID value and the Key lifetime value. The Key lifetime value defines the lifespan of this current bootstrapping in order to reduce the probability of non authorized access to the system.
On receipt of the ok message from the BSF 17, the user equipment 14 now derives cryptographic key material (Ks_NAF) which the UE can use to encrypt any data which would be sent to a network application function following this bootstrapping procedure and before the lifespan of the bootstrapping expires. The UE 14 uses the shared secret value to derive the key material (Ks_NAF).
The procedure for generating the key material (Ks_NAF) using UICC data is known in the art and is specified in 3GPP TS 33 220 V7.3.0 published in March 2006. In this the key material is generated by the function
Ks_NAF = KDF(Ks, "gba-me", RAND, IMPI, NAFJD)
where KDF is the known key distribution function, a mathematical function which generates cryptographical key material dependent on the parameters within the brackets and is described in Appendix B of 3GPP TS 33 220. The derivation parameters currently used as shown above are: the secret credential or key value Ks, the GBA type string "gba-me", the random number value received from the BSF 17 (RAND), the user's internet protocol multimedia private identity (IMPI), and the NAF identification value (NAFJD).
In embodiments of the present invention the key derivation function as specified in the 3GPP document is used however the parameters differ.
In the GBA-PKI embodiments of the present invention the parameters used to generate the key material are:-
KsJ3KIJMAF= KDF(Ks, "gba-pki", RAND, Public credential, NAFJD)
The GBA type string provides an indication of the basis of the bootstrapping i.e. "gba-pki". The secret credential value Ks in this embodiment of the present invention is a result of a one way function which at least contains the private key of the user (and may further contain the public key and whole certificate).
The public (semi-public) credential in some PKI embodiments is the username value associated with the private key and in other embodiments the caller line identification value.
In the GBA-LA embodiments of the present invention the parameters used to generate the key material are:-
KsJA_NAF= KDF(Ks, "gba-la", RAND, Public Credential, NAFJD)
The GBA type string provides an indication of the basis of the bootstrapping i.e. "gba-la". The secret credential value Ks in this embodiment of the present invention is the password or result of the one way function of the password value as described above. The associated public (semi-public) credential in the line authentication embodiments is the caller line identification value as also described above. In the GBA-PW embodiments of the present invention the parameters used to generate the key material are:-
Ks_PW_NAF= KDF(Ks, "gba-pw", RAND, Public Credential, NAFJD)
The GBA type string provides an indication of the basis of the bootstrapping i.e. "gba-pw". The secret credential value Ks in this embodiment of the present invention is the password or result of a one way function of the password value as described above. The associated public (semi-public) credential is the usemame value associated with the password.
In some embodiments of the present invention, the random number value is not used to derive the key material. In further embodiments of the present invention, the random number value is replaced by a token such as a time stamp received from the application server. In some embodiments of the GBA- PKI embodiments the password of the user is also included as a further parameter or is used to replace the RAND value.
Figure 4 shows the method steps employed in embodiments of the present invention once the initial bootstrapping has been carried out in order that the UE with 'live' authentication keys authenticates itself with a network application function 25.
Steps 401 , 403 and 405 show in summary the result of the steps carried out by the bootstrapping operation as shown in figure 3.
Step 401 shows that the UE has stored a bootstrapping transaction identification value (B-TlD) and the shared identification value (Ks).
Step 403 shows that the bootstrapping serving function (BSF) 17 has a copy of the bootstrapping transaction ID value (B-TID), the shared identification value (Ks), and an application specific part of the user profile (PROF) - detailing any special instructions as to which parts of the application the user is authorized to access, for example an age certificate enabling the application function to block adult material for minors.
Step 405 shows the generation at the UE 14 of the Ks_NAF key material (the equivalent to step 317 from figure 3) from the PKI/LA/PW shared identification values as described above and using conventional Key Derivation Function (KDF) and AKA algorithms.
In step 407, the UE 14 makes an application request to the NAF 25 for access for a specific application. The application request contains the bootstrapping transaction identification value (B-TID). The request also contains application specific data (msg) such as the request for a specific element of the service required.
In step 409, following the receipt of the application receipt at the NAF 25, the NAF 25 transmits an authorisation request to the BSF 17. The authorisation request contains the bootstrap transaction ID (B-TID) received from the UE 14 together with the NAF ID value (NAF-ID).
In step 411 , on receipt of the authentication request from the NAF 25, the BSF 17 generates the key material required by the NAF 25 to enable data to be encrypted between the UE 14 and the NAF 25. This key material Ks_NAF is generated according to the known key derivation function as previously described.
The BSF 17 also transmits an authorization answer to the NAF 25. The authorisation answer contains the generated key material Ks_NAF, and may also contain the application specific part of the user profile (PROF), the bootstrap time (BOOTSTRAP time) defining the time when the last bootstrapping process was carried out and the key lifetime (Key lifetime) which defines the time within which the generated key is valid - and if the generated key has a lifetime.
In step 413, the NAF 25 on receipt of the authorization answer, stores the application specific key material that was derived for the NAF, the application specific part of the user profile (PROF), the bootstrap time and the key lifetime.
In the step 415, the NAF 25, having stored the information, transmits an application answer 415 to the user equipment 14 in response to the application request from step 407.
Once this process has been completed both the UE and NAF now contain encryption key material within which data may be encrypted before transmission between each other or that may be used for authentication of the UE to the NAF.
The advantage with the embodiments of the present invention as described above can be described for example where the network application function is that of streaming digital video information containing digital rights management.
This streaming can only be performed where the user is correctly authorized to access the material. For example the NAF should determine if the user has correctly purchased the material and also whether the user is suitable to view the material (for example in order to prevent adult themed material being accessed by minors). In using the credential server which can have a user name, password identifier pairing or other information stored on the credential server there is no requirement to have identity data permanently stored (in the case of the fixed security module) or semi permanently stored (in the case of the UICC security module) within the user equipment. Furthermore this process can be used to access network application functions from fixed network resources as well as mobile network resources. It would be possible using embodiments of the present invention to access application servers and bootstrap and authenticate the user using the fixed network resource to connect to the application function using the same steps as described above.
A further advantage is that the private key identifier in the PKI embodiments is used only once during bootstrapping, and is not used between other servers. This therefore has additional security as fewer parties have access to the private key itself.
A further advantage is that the shared identifier Ks can be used directly without any requirement to generate instant private key identifiers (for example in preshared key -transport layer security (PSK TLS) and therefore no computationally complicated private key operations are required to be carried out for the client (excepting any private key recalculations after a specified time period - e.g. a day) and for the server.
Furthermore, there is no requirement for the UE to be able to handle revocation of the client's certificate in comparison to the Public Key Infrastructure (PKI) system. Although there is a requirement that the server BSF must contact the credential server in order to obtain the secret, this may be carried out in advance of demand when there is free processing time so that the user does not experience any significant delays in operation.
The above described operations may require data processing in the various entities. The data processing may be provided by means of one or more data processors. Appropriately adapted computer program code product may be used for implementing the embodiments, when loaded to a computer. The program code product for providing the operation may be stored on and provided by means of a carrier medium such as a carrier disc, card or tape. A possibility is to download the program code product via a data network. Implementation may be provided with appropriate software in a location server.
In some embodiments of the present invention the BSF and credential server functionality is housed within a single server entity.
It is noted that whilst in the above embodiments are described in relation to user equipment such as mobile stations, embodiments of the present invention are applicable to any other suitable type of user equipment.
Furthermore although we have described the user equipment connecting to a network application function over a Ub interface. Same or similar secret credential and associated public or semi-public credential values could communicate over various communication interfaces. For example embodiments incorporating the GBA-PW embodiment as described above could be used for authentication on application function over normal HTTP Digest connections. Furthermore embodiments incorporating the GBA-PKI embodiments can be used for authentication and security over TLS handshake interfaces. In the transport layer for security (TLS) handshake embodiments the lifetime and B-TID values can be sent as one of the parameters in the TLS handshake as outlined by 3GPP TS33.222. Furthermore the secret credential in this embodiment (Ks) can be the agreed TLS master key. This master key could be used for any kind of service, independent on the device platform used.
It is also noted that even though the exemplifying communication system shown and described in more detail in this disclosure uses the terminology of the 3rd generation (3G) WCDMA (Wideband Code Division Multiple Access) networks, such as UMTS (Universal Mobile Telecommunications System) or CDMA2000 public land mobile networks (PLMN), embodiments of the proposed solution can be used in any communication system wherein advantage may be obtained by means of the embodiments of the invention. The invention is not limited to environments such as cellular mobile or WLAN systems either. The invention could be for example implemented as part of the network of computers known as the "Internet", and/or as an "Intranet". Furthermore the user equipment 14 in some embodiments of the present invention can communicate with the network via a fixed connection, such as a digital subscriber line (DSL) (either asynchronous or synchronous) or public switched telephone network (PSTN) line via a suitable gateway.
It is also noted that while the above describes exemplifying embodiments of the invention, there are several variations and modifications which may be made to the disclosed solution without departing from the scope of the present invention as defined in the appended claims.

Claims

Claims
1. A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
2. A user equipment as claimed in claim 1, wherein the at least one identifier comprises a first identifier, wherein the first identifier is a publicly known identifier.
3. A user equipment as claimed in claim 2, wherein the first identifier is at least one of: a user name; a public cryptographic key; an IP address; and a caller line identification value.
4. A user equipment as claimed in claim 2, wherein the at least one identifier comprises a second identifier, wherein the further identifier is a private identifier known to the user equipment and node only.
5. A user equipment as claimed in claim 4, wherein the second identifier is at least one of: a password value; and a private cryptographic key.
6. A user equipment as claimed in claim 5, wherein the transceiver is arranged to transmit the first identifier to the further node to initiate the authentication of the user equipment at the further node.
7. A user equipment as claimed in claim 6, wherein the transceiver is arranged to receive an authentication message from the further node.
8. A user equipment as claimed in claim 7, wherein the user equipment further comprises a processor, the processor being arranged to process the authentication message.
9. A user equipment as claimed in claim 8, wherein the processor is generate a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and the second identifier.
10. A user equipment as claimed in claim 8, wherein the processor is arranged to generate a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and a result of a one way function of the second identifier.
11. A method for authenticating a user equipment in a communications system, the method comprising: receiving at a user equipment from a node in the communications system at least one identifier associated with the user equipment; storing at the user equipment the at least one identifier; wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
12. A method for authenticating a user equipment as claimed in claim 11 , wherein the at least one identifier comprises a first identifier, wherein the first identifier is a publicly known identifier.
13. A method for authenticating a user equipment as claimed in claim 12, wherein the first identifier is at least one of: a user name; a public cryptographic key; an IP address; and a caller line identification value.
14. A method for authenticating a user equipment as claimed in claim 12, wherein the at least one identifier comprises a second identifier, wherein the further identifier is a private identifier known to the user equipment and node only.
15. A method for authenticating a user equipment as claimed in claim 14, wherein the second identifier is at least one of: a password value; and a private cryptographic key.
16. A method for authenticating a user equipment as claimed in claim 15, further comprising the step of transmitting the first identifier from the user equipment to the further node to initiate the authentication of the user equipment at the further node.
17. A method for authenticating a user equipment as claimed in claim 16, further comprising the step of receiving at the user equipment an authentication message from the further node.
18. A method for authenticating a user equipment as claimed in claim 17, further comprising the step of processing the authentication message received at the user equipment.
19. A method for authenticating a user equipment as claimed in claim 18, further comprising the step of generating a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and the second identifier.
20. A method for authenticating a user equipment as claimed in claim 18, further comprising the step of generating a cryptographic key for encrypting communications between the user equipment and further node in dependence on the processed authentication message and a result of a one way function of the second identifier.
21. A computer program arranged to operate a computer to perform a method for authenticating a user equipment in a communications system, the method comprising: receiving at a user equipment from a node in the communications system at least one identifier associated with the user equipment; storing at the user equipment the at least one identifier; wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system .
22. A network comprising: at least one user equipment, a node and at least one further node, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the node wherein the transceiver is arranged to receive the at least one identifier from the node, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to the at least one further node in the network.
23. A network as claimed in claim 22, wherein the at least one identifier comprises a publicly known identifier.
24. A network as claimed in claim 22, wherein the at least one identifier comprises a private identifier known to the user equipment, the node and further node only.
25. A network as claimed in claims 22 to 24, wherein the at least one identifier is at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
26. A network as claimed in claims 22 to 25, wherein the node comprises a credential server.
27. A network as claimed in claims 22 to 26, wherein the further node comprises at least one of a network application function node and a bootstrapping function node.
28. A node in a communications system comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the user equipment, wherein the transceiver is arranged to transmit the at least one identifier from the node to the user equipment, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.
29. A node as claimed in claim 28, wherein the at least one identifier comprises a publicly known identifier.
30. A node as claimed in claim 28, wherein the at least one identifier comprises a private identifier known to the user equipment the node and the further node only.
31. A node as claimed in claim 30, wherein the at least one identifier is at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
32. A node as claimed in claims 28 to 31 , wherein the node is a credential server.
33. A node as claimed in claims 28 to 31, wherein the further node is at least one of a bootstrapping server and a network application server.
34. A node in a communications system, for providing a user equipment a bootstrapping function comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with the user equipment wherein the transceiver is arranged to receive the at least one identifier from the user equipment and wherein the at least one identifier is used by the user equipment to authenticate the user equipment.
35. A node as claimed in claim 34, wherein the at least one identifier comprises at least one of a publicly known identifier.
36. A node as claimed in claim 34 and 35, wherein the at least one identifier is at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
37. A node as claimed in claim 34, wherein the transceiver is arranged to receive the at least one identifier from the UE, and wherein the node is arranged to initiate the authentication of the user equipment on receipt of the at least one identifier.
38. A node as claimed in claim 37, wherein the transceiver is arranged to transmit an authentication message to the user equipment.
39. A node as claimed in claim 38, wherein the node further comprises a processor, wherein the processor is arranged to generate a cryptographic key.
40. A node as claimed in claim 39, wherein the transceiver is arranged to transmit the cryptographic key to an application function server in dependence on a processed authentication message.
41. A node as claimed in claim 40, wherein the cryptographic key is arranged to secure communications between the user equipment and the application function server.
42. A node as claimed in claims 34 to 41 , wherein the node comprises a bootstrapping function server.
43. A node in a communications system, for providing a user equipment a application function comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a further node to receive the at least one identifier from a further node, wherein the at least one identifier is used to authenticate the user equipment.
44. A node as claimed in claim 43, wherein the at least one identifier comprises at least one publicly known identifier.
45. A node as claimed in claim 43 and 44, wherein the at least one identifier is at least one of: a user name; a public cryptographic key; an IP address; a caller line identification value; a password value; and a private cryptographic key.
46. A node as claimed in claim 43, wherein the transceiver is further arranged to communicate with the user equipment to receive at least one further identifier from the UE, and wherein the node is arranged to initiate the authentication of the user equipment on receipt of the at least one further identifier.
47. A node as claimed in claim 43, wherein the transceiver is further arranged to transmit an authentication message to the user equipment.
48. A node as claimed in claims 43 to 47, wherein the transceiver is further arranged to receive from the further node a cryptographic key.
49. A node as claimed in claim 48, wherein the cryptographic key is arranged to secure communications between the user eqμipment and the node.
50. A node as claimed in claimed in claims 43 to 49, wherein the node comprises a network application server.
PCT/IB2007/001904 2006-07-06 2007-06-25 User equipment credential system WO2008004106A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
DK07734965.2T DK2039199T3 (en) 2006-07-06 2007-06-25 ACCESSORIES SYSTEM FOR USER EQUIPMENT
EP07734965.2A EP2039199B1 (en) 2006-07-06 2007-06-25 User equipment credential system
PL07734965T PL2039199T3 (en) 2006-07-06 2007-06-25 User equipment credential system
ES07734965T ES2706540T3 (en) 2006-07-06 2007-06-25 User equipment credentials system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US81851706P 2006-07-06 2006-07-06
US60/818,517 2006-07-06

Publications (1)

Publication Number Publication Date
WO2008004106A1 true WO2008004106A1 (en) 2008-01-10

Family

ID=38596670

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/001904 WO2008004106A1 (en) 2006-07-06 2007-06-25 User equipment credential system

Country Status (7)

Country Link
US (2) US9485232B2 (en)
EP (1) EP2039199B1 (en)
DK (1) DK2039199T3 (en)
ES (1) ES2706540T3 (en)
PL (1) PL2039199T3 (en)
TR (1) TR201819540T4 (en)
WO (1) WO2008004106A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009145443A3 (en) * 2008-03-31 2010-01-21 Samsung Electronics Co., Ltd. Method and system for registering a smartcard terminal with a broadcast server
JP2012517185A (en) * 2009-02-05 2012-07-26 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Apparatus and method for protecting bootstrap messages in a network
EP3099094A1 (en) * 2015-05-28 2016-11-30 Vodafone IP Licensing Limited Setting a password on a device

Families Citing this family (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TR201819540T4 (en) 2006-07-06 2019-01-21 Nokia Technologies Oy User Equipment Credential System
US8196188B2 (en) * 2006-09-06 2012-06-05 Devicescape Software, Inc. Systems and methods for providing network credentials
US8743778B2 (en) * 2006-09-06 2014-06-03 Devicescape Software, Inc. Systems and methods for obtaining network credentials
US9326138B2 (en) * 2006-09-06 2016-04-26 Devicescape Software, Inc. Systems and methods for determining location over a network
US8194589B2 (en) * 2006-09-06 2012-06-05 Devicescape Software, Inc. Systems and methods for wireless network selection based on attributes stored in a network database
US8554830B2 (en) * 2006-09-06 2013-10-08 Devicescape Software, Inc. Systems and methods for wireless network selection
US8191124B2 (en) * 2006-09-06 2012-05-29 Devicescape Software, Inc. Systems and methods for acquiring network credentials
US8549588B2 (en) * 2006-09-06 2013-10-01 Devicescape Software, Inc. Systems and methods for obtaining network access
US8769284B2 (en) * 2006-12-29 2014-07-01 Nokia Corporation Securing communication
CN101345723B (en) * 2007-07-11 2011-04-06 华为技术有限公司 Management authentication method and system of client gateway
US20090180614A1 (en) * 2008-01-10 2009-07-16 General Instrument Corporation Content protection of internet protocol (ip)-based television and video content delivered over an ip multimedia subsystem (ims)-based network
US9262594B2 (en) 2008-01-18 2016-02-16 Microsoft Technology Licensing, Llc Tamper evidence per device protected identity
ES2687238T3 (en) * 2008-02-25 2018-10-24 Nokia Solutions And Networks Oy Secure boot architecture method based on password-based summary authentication
US8934404B2 (en) * 2008-03-03 2015-01-13 Qualcomm Incorporated Access point with proxy functionality for facilitating power conservation in wireless client terminals
US9402277B2 (en) * 2008-03-03 2016-07-26 Qualcomm Incorporated Proxy server for facilitating power conservation in wireless client terminals
US8478360B2 (en) * 2008-03-03 2013-07-02 Qualcomm Incorporated Facilitating power conservation in wireless client terminals
EP2264992A4 (en) * 2008-04-02 2014-07-30 Nec Corp Communication system and communication method
US20090271852A1 (en) * 2008-04-25 2009-10-29 Matt Torres System and Method for Distributing Enduring Credentials in an Untrusted Network Environment
US9218469B2 (en) * 2008-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp System and method for installing authentication credentials on a network device
US8484705B2 (en) * 2008-04-25 2013-07-09 Hewlett-Packard Development Company, L.P. System and method for installing authentication credentials on a remote network device
US20090276837A1 (en) * 2008-04-30 2009-11-05 Microsoft Corporation Credential equivalency and control
US8750506B2 (en) * 2008-07-31 2014-06-10 Telefonaktiebolaget Lm Ericsson (Publ) Methods, nodes, system, computer programs and computer program products for secure user subscription or registration
US20110191842A1 (en) * 2008-09-09 2011-08-04 Telefonaktiebolaget L M Ericsson (Publ) Authentication in a Communication Network
JP5632380B2 (en) * 2008-10-13 2014-11-26 デバイススケープ・ソフトウェア・インコーポレーテッド System and method for identifying a network
US20100263022A1 (en) * 2008-10-13 2010-10-14 Devicescape Software, Inc. Systems and Methods for Enhanced Smartclient Support
US8639273B2 (en) * 2009-02-06 2014-01-28 Qualcomm Incorporated Partitioned proxy server for facilitating power conservation in wireless client terminals
US8935529B2 (en) * 2009-11-30 2015-01-13 Telefonaktiebolaget L M Ericsson (Publ) Methods and systems for end-to-end secure SIP payloads
EP2514134A1 (en) * 2009-12-18 2012-10-24 Nokia Corp. Credential transfer
CN102111759A (en) 2009-12-28 2011-06-29 中国移动通信集团公司 Authentication method, system and device
US8761064B2 (en) 2010-04-14 2014-06-24 Qualcomm Incorporated Power savings through cooperative operation of multiradio devices
US8527017B2 (en) 2010-04-14 2013-09-03 Qualcomm Incorporated Power savings through cooperative operation of multiradio devices
US8566594B2 (en) * 2010-04-14 2013-10-22 Qualcomm Incorporated Power savings through cooperative operation of multiradio devices
EP2676399A4 (en) 2011-02-14 2016-02-17 Devicescape Software Inc Systems and methods for network curation
WO2012173539A1 (en) * 2011-06-16 2012-12-20 Telefonaktiebolaget L M Ericsson (Publ) Authentication server and communication device
US9014023B2 (en) 2011-09-15 2015-04-21 International Business Machines Corporation Mobile network services in a mobile data network
US8797981B2 (en) * 2011-12-19 2014-08-05 International Business Machines Corporation Subscriber database for services at the edge of a mobile data network
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
CN105432102A (en) 2013-05-22 2016-03-23 康维达无线有限责任公司 Network assisted bootstrapping for machine-to-machine communication
US9100175B2 (en) 2013-11-19 2015-08-04 M2M And Iot Technologies, Llc Embedded universal integrated circuit card supporting two-factor authentication
US9350550B2 (en) 2013-09-10 2016-05-24 M2M And Iot Technologies, Llc Power management and security for wireless modules in “machine-to-machine” communications
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US10498530B2 (en) 2013-09-27 2019-12-03 Network-1 Technologies, Inc. Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys
US9208300B2 (en) * 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
WO2015061977A1 (en) * 2013-10-30 2015-05-07 Hewlett-Packard Development Company, L.P. User authentication
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
US10700856B2 (en) 2013-11-19 2020-06-30 Network-1 Technologies, Inc. Key derivation for a module using an embedded universal integrated circuit card
JP6170844B2 (en) * 2014-02-14 2017-07-26 株式会社Nttドコモ Authentication information management system
CN105307173A (en) * 2014-06-17 2016-02-03 中兴通讯股份有限公司 Communication network architecture, access authentication method and system based on communication network architecture
EP3180934B1 (en) * 2014-08-15 2018-10-31 Telefonaktiebolaget LM Ericsson (publ) Methods and nodes for mapping subscription to service user identity
US9853977B1 (en) 2015-01-26 2017-12-26 Winklevoss Ip, Llc System, method, and program product for processing secure transactions within a cloud computing system
WO2017039320A1 (en) * 2015-08-31 2017-03-09 삼성전자 주식회사 Method and device for downloading profile in communication system
US9979730B2 (en) * 2015-10-30 2018-05-22 Futurewei Technologies, Inc. System and method for secure provisioning of out-of-network user equipment
EP3414927B1 (en) * 2016-02-12 2020-06-24 Telefonaktiebolaget LM Ericsson (PUBL) Securing an interface and a process for establishing a secure communication link
US10140147B2 (en) * 2017-02-16 2018-11-27 Sanctum Solutions Inc. Intelligently assisted IoT endpoint device
US10382450B2 (en) 2017-02-21 2019-08-13 Sanctum Solutions Inc. Network data obfuscation
FR3077175A1 (en) * 2018-01-19 2019-07-26 Orange TECHNIQUE FOR DETERMINING A KEY FOR SECURING COMMUNICATION BETWEEN USER EQUIPMENT AND AN APPLICATION SERVER
WO2020106546A1 (en) * 2018-11-20 2020-05-28 Intel Corporation Mobile cellular networks authenticated access
US20220321326A1 (en) * 2019-06-05 2022-10-06 Mastercard International Incorporated Security model for distributed computing system
EP3816915A1 (en) 2019-11-04 2021-05-05 Mastercard International Incorporated Monitoring in distributed computing system
FR3104875B1 (en) * 2019-12-17 2024-05-10 Electricite De France Method for managing the authentication of equipment in a data communication system, and system for implementing the method
US20230291548A1 (en) * 2022-03-08 2023-09-14 Western Digital Technologies, Inc. Authorization requests from a data storage device to multiple manager devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000072506A1 (en) * 1999-05-21 2000-11-30 International Business Machines Corporation Method and apparatus for initializing secure communications among, and for exclusively pairing wireless devices
US20020132605A1 (en) * 2000-12-08 2002-09-19 Ben Smeets Method and system for authentication of units in a communications network
WO2003056746A1 (en) * 2002-01-03 2003-07-10 Telefonaktiebolaget Lm Ericsson (Publ) Method for establishing connections between rf devices and system comprising such rf devices
US20040128509A1 (en) * 2001-02-16 2004-07-01 Christian Gehrmann Method and system for establishing a wireless communication link
WO2005053267A1 (en) * 2003-11-20 2005-06-09 Nokia Corporation A method and device relating to security in a radio communications network

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0409704D0 (en) * 2004-04-30 2004-06-02 Nokia Corp A method for verifying a first identity and a second identity of an entity
GB0414421D0 (en) * 2004-06-28 2004-07-28 Nokia Corp Authenticating users
US20060020791A1 (en) * 2004-07-22 2006-01-26 Pekka Laitinen Entity for use in a generic authentication architecture
US8260259B2 (en) * 2004-09-08 2012-09-04 Qualcomm Incorporated Mutual authentication with modified message authentication code
FI20041447A0 (en) * 2004-11-09 2004-11-09 Nokia Corp Determination of a key derivation function
TWI475862B (en) * 2005-02-04 2015-03-01 高通公司 Secure bootstrapping for wireless communications
US8214887B2 (en) * 2005-03-20 2012-07-03 Actividentity (Australia) Pty Ltd. Method and system for providing user access to a secure application
TWI307235B (en) * 2005-12-30 2009-03-01 Ind Tech Res Inst Method for applying certificate
US8522025B2 (en) * 2006-03-28 2013-08-27 Nokia Corporation Authenticating an application
US8261078B2 (en) * 2006-06-09 2012-09-04 Telefonaktiebolaget Lm Ericsson (Publ) Access to services in a telecommunications network
TR201819540T4 (en) 2006-07-06 2019-01-21 Nokia Technologies Oy User Equipment Credential System
US20100050243A1 (en) * 2006-12-04 2010-02-25 Sxip Identify Corp. Method and system for trusted client bootstrapping

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000072506A1 (en) * 1999-05-21 2000-11-30 International Business Machines Corporation Method and apparatus for initializing secure communications among, and for exclusively pairing wireless devices
US20020132605A1 (en) * 2000-12-08 2002-09-19 Ben Smeets Method and system for authentication of units in a communications network
US20040128509A1 (en) * 2001-02-16 2004-07-01 Christian Gehrmann Method and system for establishing a wireless communication link
WO2003056746A1 (en) * 2002-01-03 2003-07-10 Telefonaktiebolaget Lm Ericsson (Publ) Method for establishing connections between rf devices and system comprising such rf devices
WO2005053267A1 (en) * 2003-11-20 2005-06-09 Nokia Corporation A method and device relating to security in a radio communications network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Universal Mobile Telecommunications System (UMTS); Generic Authentication Architecture (GAA); Generic bootstrapping architecture (3GPP TS 33.220 version 7.4.0 Release 7); ETSI TS 133 220", ETSI STANDARDS, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE, SOPHIA-ANTIPO, FR, vol. 3-SA3, no. V740, June 2006 (2006-06-01), XP014034450, ISSN: 0000-0001 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009145443A3 (en) * 2008-03-31 2010-01-21 Samsung Electronics Co., Ltd. Method and system for registering a smartcard terminal with a broadcast server
US8355717B2 (en) 2008-03-31 2013-01-15 Samsung Electronics Co., Ltd Method and system for registering a smartcard terminal with a broadcast server
JP2012517185A (en) * 2009-02-05 2012-07-26 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Apparatus and method for protecting bootstrap messages in a network
EP3099094A1 (en) * 2015-05-28 2016-11-30 Vodafone IP Licensing Limited Setting a password on a device
US10298397B2 (en) 2015-05-28 2019-05-21 Vodafone Ip Licensing Limited Setting a password on a device
EP3726871A1 (en) * 2015-05-28 2020-10-21 Vodafone IP Licensing Limited Setting a password on a device

Also Published As

Publication number Publication date
EP2039199B1 (en) 2018-10-31
ES2706540T3 (en) 2019-03-29
TR201819540T4 (en) 2019-01-21
US10284555B2 (en) 2019-05-07
PL2039199T3 (en) 2019-06-28
US20080016230A1 (en) 2008-01-17
DK2039199T3 (en) 2019-01-21
US20170026371A1 (en) 2017-01-26
US9485232B2 (en) 2016-11-01
EP2039199A1 (en) 2009-03-25

Similar Documents

Publication Publication Date Title
US10284555B2 (en) User equipment credential system
EP3752941B1 (en) Security management for service authorization in communication systems with service-based architecture
US10411884B2 (en) Secure bootstrapping architecture method based on password-based digest authentication
US8122250B2 (en) Authentication in data communication
JP4663011B2 (en) Method for matching a secret key between at least one first communication subscriber and at least one second communication subscriber to protect the communication connection
US8582762B2 (en) Method for producing key material for use in communication with network
EP2005702B1 (en) Authenticating an application
EP2037621B1 (en) Method and device for deriving local interface key
KR101050335B1 (en) Method for generating and distributing encryption keys in mobile wireless system and corresponding mobile wireless system
US9693226B2 (en) Method and apparatus for securing a connection in a communications network
US20060059344A1 (en) Service authentication
EP1933498B1 (en) Method, system and device for negotiating about cipher key shared by ue and external equipment
US7844834B2 (en) Method and system for protecting data, related communication network and computer program product
US8875236B2 (en) Security in communication networks
WO2008006312A1 (en) A realizing method for push service of gaa and a device
US20240340164A1 (en) Establishment of forward secrecy during digest authentication
Jønvik et al. Strong authentication using dual SIM

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07734965

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2007734965

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: RU