WO2008058841A2 - Procédé d'amorçage - Google Patents

Procédé d'amorçage Download PDF

Info

Publication number
WO2008058841A2
WO2008058841A2 PCT/EP2007/061442 EP2007061442W WO2008058841A2 WO 2008058841 A2 WO2008058841 A2 WO 2008058841A2 EP 2007061442 W EP2007061442 W EP 2007061442W WO 2008058841 A2 WO2008058841 A2 WO 2008058841A2
Authority
WO
WIPO (PCT)
Prior art keywords
server
bootstrapping
bsf
naf
terminal
Prior art date
Application number
PCT/EP2007/061442
Other languages
German (de)
English (en)
Other versions
WO2008058841A3 (fr
Inventor
Matthias Franz
Günther Horn
Wolf-Dietrich Moeller
Original Assignee
Nokia Siemens Networks Gmbh & Co. Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Gmbh & Co. Kg filed Critical Nokia Siemens Networks Gmbh & Co. Kg
Publication of WO2008058841A2 publication Critical patent/WO2008058841A2/fr
Publication of WO2008058841A3 publication Critical patent/WO2008058841A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the invention relates to a bootstrapping method for providing a common temporarily valid application-specific key for a terminal and an application server.
  • Figure 1 shows an example of a network architecture according to the prior art.
  • a mobile terminal or a user terminal UE can establish a data connection via different access networks, which each have a plurality of base stations BS and a gateway GW in the mobile radio area, and, for example, via visited networks with a home network of the subscriber.
  • the access networks can have different standardized access technologies.
  • An access network may be, for example, a 3GPP access network.
  • GBA Generic Bootstrapping Architecture
  • the subscriber's home network has one
  • Bootstrapping Server BSF and a home subscriber system server HSS are home subscriber system servers.
  • FIG. 2 shows the structure of a GBA network according to the prior art.
  • the bootstrapping server BSF is connected to a user terminal UE via a U b interface.
  • the user terminal is, for example, a mobile terminal such as a cell phone.
  • the bootstrapping server BSF is connected via a Z n interface to an application server NAF (Network Application Function) on which an application program runs.
  • NAF Network Application Function
  • the bootstrapping server BSF is connected via a Z n interface to the home subscriber system server HSS, in which a long-term key or a long-term valid key is stored.
  • the bootstrapping server BSF can be connected via a D z interface to a server for locating the associated home subscriber system server HSS.
  • This server for localizing a home subscriber system server HSS for a Subscriber is also referred to as the Subscriber Locator Function (SLF) server.
  • SLF Subscriber Locator Function
  • a long-term security relationship or a long-term valid key that is known jointly to the user terminal UE and the home subscriber system server HSS is used to establish a short-term security relationship between the user terminal UE and the application server NAF build.
  • a temporarily valid key is derived from the long-term valid key.
  • the application server NAF can be located in the subscriber's home network, in a visited network or at another location (3 rd party server).
  • the bootstrapping server BSF is always located in the subscriber's home network and is the only component within the GBA network architecture that contacts the home subscriber system server HSS.
  • the bootstrapping server BSF receives a request from the user terminal UE via the U b interface, it loads cryptographic intermediate keys or derived keys from the HSS server via the Z h interface. These cryptographic intermediate keys are derived from the long-term valid common key or the long-term key which is stored in the HSS server and which is also known to the user terminal UE. Subsequently, the bootstrapping server BSF, in response to a request from the application server NAF, which receives it via the Z n interface, derives an application-specific cryptographic key from the cryptographic intermediate key or base key and transmits these derived application-specific keys to the application server NAF.
  • the user terminal UE also derives the same intermediate key or base key and the same application-specific short-term valid key as the bootstrapping server BSF. This is possible because the user terminal UE the long-term valid key is also known.
  • the application-specific and temporarily valid keys to the application server NAF both the application server and the user terminal UE have the same temporary valid application-specific key (Ks NAF) and can use this to secure a data connection via the U a -
  • HSS Home subscriber system server
  • each subscriber has an associated home subscriber system server HSS.
  • HSS home subscriber system server
  • the bootstrapping In order for a subscriber or a user terminal UE to be able to find the correct home subscriber system server HSS, the bootstrapping
  • the SLF Subscriber Longer Function
  • the request to the SLF server can be dispensed with.
  • the user terminal UE and the application server NAF contact the bootstrapping server BSF by deriving a DNS name of the bootstrapping server BSF on the basis of a subscriber identity or a temporarily valid user identifier B-TID to inform the network operator.
  • the invention provides a bootstrapping method for providing a common temporarily valid application-specific key (Ks_NAF) for a terminal (UE) and an application server (NAF) with the following steps:
  • BSF bootstrapping server
  • a temporarily valid second user identifier (B-TID) is assigned to this terminal (UE) and a temporary valid base key (Ks) by the selected bootstrapping server (BSF) is formed; and wherein upon receipt of a request message originating from the application server (NAF) and having the same temporarily valid second user identifier (B-TID), the selected bootstrapping server (BSF) selects the temporary valid application-specific key (Ks_NAF) from the derived temporary base key (Ks) and transmits to the application server (NAF).
  • Ks_NAF temporary valid application-specific key
  • the first user identifier is formed by a permanently valid user identifier, if this is advantageous.
  • This first user identifier is preferably an IMPI (IP Multimedia Private Identity).
  • the bootstrapping server BSF is selected by a B-SLF (Subscriber Locator Function) server.
  • B-SLF Subscriber Locator Function
  • the messages are transmitted between the terminal and the selected bootstrapping server via a BSF proxy server.
  • the messages between the application server NAF and the selected bootstrapping server BSF are also transmitted via a BSF proxy server.
  • the B-SLF server transmits to the BSF proxy server an address of the selected bootstrapping server.
  • the BSF proxy server temporarily stores the address of the selected bootstrapping server.
  • the selected bootstrapping server BSF authenticates the terminal UE with the aid of a home-subscriber-system server HSS.
  • the home subscriber system server HSS transmits an authentication vector AV to the selected bootstrapping server BSF.
  • This transmitted authentication vector AV preferably has an authentication challenge, an authentication response, a cipher key and an integrity key.
  • the selected bootstrapping server BSF forms the temporarily valid base key from the encryption key CK and the integrity key IK.
  • the selected bootstrapping server generates the temporarily valid second user identifier B-TID.
  • the temporarily valid second user identifier B-TID is transmitted from the selected bootstrapping server BSF to the bootstrapping proxy server in a message containing the temporarily valid second user identifier B-TID and the validity period of the formed base key Ks caches and then forwards the message to the terminal UE.
  • the terminal UE when a service is requested from the application server NAF, the terminal UE transmits the data forwarded by the bootstrapping proxy server to the terminal UE temporarily valid second user identifier B-TID to the application server NAF in a service request message.
  • the application server NAF sends a
  • Service request message with the temporarily valid second user identifier B-TID to the bootstrapping proxy server, which forwards the service request message to the selected bootstrapping server BSF.
  • the terminal UE forms the temporary valid base key.
  • the terminal UE derives the temporarily valid application-specific key Ks NAF from the temporarily valid base key Ks.
  • the selected bootstrapping server BSF generates the temporarily valid second user identifier B-TID and encodes therein from which bootstrapping server BSF the generated second user identifier B-TID originates.
  • the invention further provides a bootstrapping proxy server for a generic bootstrapping architecture (GBA) network, which forwards messages between a terminal UE and a bootstrapping server BSF selected on the basis of a permanent user identifier.
  • GBA generic bootstrapping architecture
  • the bootstrapping proxy server stores a temporarily valid user identifier B-TID, which is assigned by a bootstrapping server BSF and assigned to the respective bootstrapping server BSF. In one embodiment of the bootstrapping proxy server according to the invention, the bootstrapping proxy server forwards messages between an application server NAF and the selected bootstrapping server BSF.
  • Figure 1 a network according to the prior art
  • Figure 2 the network architecture of a GBA network according to the prior art
  • FIG. 3 is a signal diagram for explaining a possible embodiment of the bootstrapping system according to the invention.
  • FIG. 4 shows a first embodiment of a GBA network extended according to the invention with a BSF proxy server according to the invention
  • FIG. 5 a GBA network architecture for the embodiment shown in Figure 4;
  • FIG. 6 shows a further embodiment of an extended network according to the invention with a BSF proxy server
  • Figure 7 a GBA network architecture for the embodiment shown in Figure 6;
  • FIG. 8 shows a further embodiment of an extended network according to the invention with a BSF proxy server.
  • the bootstrapping method according to the invention serves to provide a common, temporarily valid, application-specific key Ks_NAF for a terminal UE and an application server NAF.
  • Ks_NAF application-specific key
  • Bootstrapping server BSF-A and BSF-B provided.
  • a BSF proxy server is provided in the bootstrapping method according to the invention for the transmission of messages between the terminal UE and a selected bootstrapping server BSF. Messages between the application server NAF and the selected bootstrapping server are also transmitted via the BSF proxy server.
  • the selection of the bootstrapping server BSF is performed by a subscriber locator function server B-SLF.
  • the B-SLF server reports the first bootstrapping server BSF-A in order to localize the bootstrapping server BSF.
  • the network has two home-subscriber-system servers HSS-X and HSS-Y, which are located by means of another subscriber location-function server H-SLF.
  • H-SLF home-subscriber-system server
  • the H-SLF function performs the function of a conventional SLF server.
  • Bootstrapping server for example, the bootstrapping server BSF-A, from a group of existing bootstrapping server, for example, one consisting of the bootstrap servers BSF-A, BSF-B selected group, the selection of the bootstrapping server BSF preferably by a corresponding SLF server B-SLF takes place.
  • the selection of the bootstrapping server BSF takes place on the basis of a first user identifier received by the terminal UE.
  • This first user ID is a permanently valid or long-term user ID.
  • This first long-term user identifier may be, for example, an IMPI.
  • a temporarily valid second user identifier B-TID is assigned to this terminal UE by the selected bootstrapping server BSF and a temporarily valid base key is formed by the selected bootstrapping server BSF.
  • this bootstrapping server BSF After receiving a request message received from the application server NAF, which has the same temporarily valid second user identifier B-TID, by the selected bootstrapping server BSF, this bootstrapping server BSF derives the temporarily valid application-specific key Ks NAF from the temporarily valid base key Ks and ü transmits this temporary valid application-specific key Ks NAF to the application server NAF.
  • a first step S1 the user terminal UE transmits a long-term valid user identifier in a message.
  • This first user identifier is a permanent or long-term valid user identifier, for example an IMPI.
  • the user terminal UE thus initiates the bootstrapping process, for example by determining a DNS name of the BSF server.
  • a DNS server provides the IP address of the BSF proxy server, and the user terminal UE then sends, for example, an http request via the U b interface to the BSF proxy server.
  • the user terminal UE For a 2G GBA network, the user terminal UE first sets up a TLS tunnel to the BSF proxy server.
  • the BSF proxy server in step S2 transmits a message containing this permanently valid first user ID, to the Subscriber Location Function server B-SLF via the D z * interface.
  • the BSF proxy server merely forwards the received http request message to the B-SLF server.
  • the D z interface as specified in the 3GPP standard, will be extended in this regard.
  • the subscriber location function server B-SLF sends in step S3 a message back to the BSF proxy server, which contains the name of the selected bootstrapping server BSF or an address of the selected bootstrapping server BSF.
  • the address of the bootstrapping server BSF-A is transmitted to the BSF proxy server.
  • the Subscriber Location Function server B-SLF proceeds as follows. The B-SLF server first determines the subscribers HSS belonging to the subscriber. The B-SLF server then uses a stored table to determine the registered BSF server associated with the determined HSS server and sends a corresponding message to the BSF proxy server, for example using an http redirect function.
  • the BSF proxy server stores the received BSF name or the address of the selected BSF server, wherein the BSF name or the BSF address assigned to the received long-term valid first user ID of the subscriber is stored , Storing the BSF name is not mandatory, but avoids repeated transmission of requests from the BSF proxy server via the D z * interface.
  • the BSF proxy server forwards the request for the desired service received from the UE to the selected BSF server in step S4. In the example shown in FIG. 3, the request is forwarded by the BSF proxy server to the BSF server BSF-A in step S4.
  • the selected BSF server BSF-A processes the received message according to the 3GPP standard, whereby the BSF Server replaces its own DNS name with the DNS name of the BSF proxy server.
  • the selected BSF server transmits an HSS request message to a subscriber location function server H-SLF.
  • the H-SLF server supplies the requesting BSF server BSF-A with the address of the home subscriber system server HSS in step S6. In the illustrated example, this is the address of the home subscriber server HSS-Y.
  • the HSS-Y sends an authentication vector AV to the requesting bootstrapping server BSF-A in step S8.
  • the authentication vector AV transmitted to the selected bootstrapping server BSF-A has an authentication scheme, an authentication response or an authentication response.
  • an encryption key CK Cipher Key
  • an integrity key IK Integrity Key
  • the authentication noise received in the authentication vector AV is transmitted from the bootstrapping server BSF-A to the BSF proxy server in step S9, and from there to the user terminal UE in step S10.
  • the user terminal UE calculates a response or an authentication response and transmits it in step Sil to the BSF proxy server, which forwards this message to the BSF server BSF-A in step S12.
  • the BSF / Bootstrapping server BSF-A checks whether the authentication response received from the user terminal UE is correct. Subsequently, the selected bootstrapping server generates a temporarily valid second user identifier B-TID and transmits it to the BSF proxy server in step S13.
  • the selected bootstrapping server BSF-A forms a temporary valid base key BSF from the encryption key CK and from the integrity key IK of the authentication vector AV, which it has received in step S8 from the home-subscriber system server HSS-Y.
  • the bootstrapping proxy server BSF proxy receives in step S13 the temporarily valid second user identifier B-TID and the validity period (key lifetime) of the base key Ks formed by the selected bootstrapping server BSF-A and forwards the temporarily valid second user identifier B-TID. TID together with the validity period to the user terminal UE in step S14 on.
  • the bootstrapping proxy server temporarily stores the temporarily valid second user identifier B-TID and the validity period of the basic key Ks formed before it is used in the
  • the bootstrapping proxy server preferably also stores the BSF names for the validity period of the user identifier B-TID and of the base key K.
  • the user terminal UE If the user terminal UE wishes to use an application or service, it sends a service request message to the application server NAF in step S15.
  • the application server then transmits a request for a temporary valid application-specific key Ks NAF in
  • Step S16 to the BSF proxy server, which forwards this request to the selected bootstrapping server BSF-A in step S17.
  • the bootstrapping server BSF-A derives the temporarily valid application-specific key Ks NAF from the temporarily valid base key Ks and transmits this temporary valid application-specific key Ks NAF in step S18 to the BSF proxy server, which provides this temporary valid application-specific Key Ks_NAF in step S19 to the application server NAF forwards.
  • Step S20 in step S21 a cryptographically secured data exchange between the user terminal UE and the application server NAF via the interface U a using the temporary valid application-specific key Ks_NAF, which is known to both the user terminal UE and the application server NAF.
  • the application server NAF receives the temporarily valid application-specific key Ks NAF from the selected bootstrapping server. Server BSF-A.
  • the user terminal UE derives the temporary valid application-specific key Ks NAF from the temporarily valid base key Ks itself.
  • FIG. 4 shows a possible embodiment of a GBA network extended according to the invention, which contains a BSF proxy server.
  • a plurality of bootstrapping servers BSF are provided, each of which has an associated home subscriber system server HSS.
  • the bootstrapping server function BSF is integrated in the HSS server.
  • FIG. 5 shows a GBA network architecture for the embodiment shown in FIG.
  • FIG. 6 shows a further embodiment of a GBA network extended according to the invention, wherein in this embodiment also several BSF servers are provided which communicate with a common BSF proxy server.
  • each BSF or bootstrapping server can exchange HSS data with different home-subscriber servers.
  • Each BSF server may be connected to multiple HSS servers and each HSS server may be connected to different BSF servers. Since each BSF server can exchange data with different HSS servers in the embodiment shown in FIG. 6, it requires a subscriber location function H-SLF for finding the associated HSS server.
  • FIG. 7 shows a GBA network architecture for the embodiment shown in Figure 6.
  • the BSF or bootstrapping server is connected via its own interface D z to a subscriber location function server H-SLF for locating the home subscriber server HSS.
  • the BSF proxy server in turn is connected to a B-SLF server via a D z * interface to find the correct BSF server.
  • the selected bootstrapping server BSF generates the temporarily valid second user identifier B-TID and encodes therein from which bootstrapping server BSF the generated second user identifier B-TID originates. This enables the application server NAF to be able to access the BSF server directly and that the BSF proxy server does not have to store the temporarily valid second user identifier B-TID and the associated validity periods.
  • FIG. 8 shows a further embodiment of the inventive extended GBA network, wherein each BSF or bootstrapping server can be connected to more than one home subscriber server.
  • All BSF servers and the BSF proxy server are locally configured with a BSF name, whereby the name of the BSF proxy server is standardized according to today's GBA specifications.
  • All DNS servers provide the IP address of the proxy server on request.
  • the B-SLF server Upon request, the B-SLF server will provide the DNS name or IP address of the selected BSF server for a given subscriber, for example, given the given IMPI.
  • the supplied DNS name is different from the BSF name standardized in today's GBA specifications.
  • the user terminal UE initiates the bootstrapping process and determines the DNS name of the bootstrapping server BSF, which in this embodiment refers to the BSF proxy, which, however, need not be known to the user terminal. Subsequently, the user terminal UE sends a first http request via the U b interface. In the case of a 2G GBA network architecture, the user terminal UE sets up a TLS tunnel to the BSF proxy server. The http request reaches the BSF proxy server because the DNS name of the bootstrapping server BSF is translated into the IP address of the BSF proxy server.
  • the BSF proxy server transmits a message with the long-term valid first user ID IMPI via a D z * interface to the B-SLF server.
  • the B-SLF server sends a message back to the BSF proxy server stating the DNS name or IP address of the server for the participant valid BSF server. This DNS message or the IP address associated with the subscriber identity may be stored by the BSF proxy server.
  • the BSF proxy server forwards the original HTTP request received from the user terminal to the BSF or bootstrapping server specified by the B-SLF server. If the request is for a 2G GBA network and the BSF server requests a TLS tunnel, it will be established.
  • the transmitted message is processed by the BSF or bootstrapping server and a response is transmitted to the BSF proxy server, which forwards this message without changes to the user terminal UE.
  • the user terminal UE processes the received message and sends another http request to the user
  • the BSF proxy server which forwards these to the correct bootstrapping server BSF.
  • the BSF server processes the received message and sends back a response to the BSF proxy server, which stores the temporarily valid second user ID B-TID and the associated validity period together with the IP address of the BSF server.
  • the BSF proxy server then forwards the message unchanged to the user terminal UE, wherein after expiration of the validity period all entries belonging to the temporarily valid second user identifier B-TID are deleted by the BSF proxy server.
  • the DNS server that responds to the DNS requests is configured to translate the DNS request for the standardized BSF name into the IP address of the respective BSF server rather than into the IP address of the BSF server. Address of the BSF proxy server.
  • the network according to the invention it is possible to provide a plurality of BSF servers or bootstrapping servers, without this being noticeable for the user terminal UE and the application server NAF.
  • the network according to the invention is downwardly compatible, since the user terminals UE and the application terminals Server NAF can use the interfaces U a , U b , Z n in the usual way.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé d'amorçage pour la fourniture d'une clé (Ks_NAF) commune, valable temporairement, spécifique à l'application, pour un terminal (UE) et un serveur d'application (NAF). Selon ledit procédé, un serveur d'amorçage (BSF) est sélectionné parmi plusieurs serveurs d'amorçage disponibles sur la base d'une première caractéristique d'utilisateur reçue par le terminal (UE). Après authentification réussie du terminal (UE) par le serveur d'amorçage (BSF) choisi, une deuxième caractéristique (B-TID) valable temporairement est affectée à ce terminal (UE) et une clé de base (Ks) valable temporairement est formée par le serveur d'amorçage (BSF) choisi. Après réception par le serveur d'amorçage (BSF) choisi, d'une information de requête provenant du serveur d'application (NAF), présentant la même deuxième caractéristique (B-TID) valable temporairement, le serveur d'amorçage (BSF) choisi déduit la clé (Ks_NAF) valable temporairement, spécifique à l'application, à partir de la clé de base (Ks) valable temporairement, et la transmet au serveur d'application (NAF).
PCT/EP2007/061442 2006-11-16 2007-10-24 Procédé d'amorçage WO2008058841A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006054091.3 2006-11-16
DE102006054091A DE102006054091B4 (de) 2006-11-16 2006-11-16 Bootstrapping-Verfahren

Publications (2)

Publication Number Publication Date
WO2008058841A2 true WO2008058841A2 (fr) 2008-05-22
WO2008058841A3 WO2008058841A3 (fr) 2008-07-24

Family

ID=39311199

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/061442 WO2008058841A2 (fr) 2006-11-16 2007-10-24 Procédé d'amorçage

Country Status (2)

Country Link
DE (1) DE102006054091B4 (fr)
WO (1) WO2008058841A2 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015036782A1 (fr) * 2013-09-13 2015-03-19 Vodafone Ip Licensing Limited Communication avec un dispositif
CN109618328A (zh) * 2018-11-29 2019-04-12 爱立信(中国)通信有限公司 通信方法和通信设备以及记录介质
US10484869B2 (en) 2015-07-13 2019-11-19 Vodafone Ip Licensing Limited Generic bootstrapping architecture protocol

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236106A1 (en) * 2005-04-18 2006-10-19 Sarvar Patel Providing fresh session keys

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1265676C (zh) * 2004-04-02 2006-07-19 华为技术有限公司 一种实现漫游用户使用拜访网络内业务的方法
GB0409704D0 (en) * 2004-04-30 2004-06-02 Nokia Corp A method for verifying a first identity and a second identity of an entity
JP2006032203A (ja) * 2004-07-20 2006-02-02 Nissan Motor Co Ltd 燃料電池システム
FI20050384A0 (fi) * 2005-04-14 2005-04-14 Nokia Corp Geneerisen todentamisarkkitehtuurin käyttö Internet-käytäntöavainten jakeluun matkaviestimissä

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060236106A1 (en) * 2005-04-18 2006-10-19 Sarvar Patel Providing fresh session keys

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Generic Authentication Architecture (GAA); Generic bootstrapping architecture (3GPP TS 33.220 version 7.5.0 Release 7); ETSI TS 133 220" ETSI STANDARDS, LIS, Bd. 3-SA3, Nr. V7.5.0, 1. September 2006 (2006-09-01), XP014035742 ISSN: 0000-0001 *
"Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Numbering, addressing and identification (3GPP TS 23.003 version 6.11.0 Release 6); ETSI TS 123 003" ETSI STANDARDS, LIS, Bd. 3-CN2;3-CN4, Nr. V6.11.0, 1. September 2006 (2006-09-01), XP014035447 ISSN: 0000-0001 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015036782A1 (fr) * 2013-09-13 2015-03-19 Vodafone Ip Licensing Limited Communication avec un dispositif
US20160234170A1 (en) 2013-09-13 2016-08-11 Vodafone Ip Licensing Limited Communicating with a device
US10313308B2 (en) 2013-09-13 2019-06-04 Vodafone Ip Licensing Ltd Communicating with a device
US20190306123A1 (en) * 2013-09-13 2019-10-03 Vodafone Ip Licensing Ltd Communicating with a device
GB2518301B (en) * 2013-09-13 2020-07-15 Vodafone Ip Licensing Ltd Identifying a server instance in communications with a bootstrapping server
US11044234B2 (en) 2013-09-13 2021-06-22 Vodafone Ip Licensing Ltd Communicating with a device
US10484869B2 (en) 2015-07-13 2019-11-19 Vodafone Ip Licensing Limited Generic bootstrapping architecture protocol
CN109618328A (zh) * 2018-11-29 2019-04-12 爱立信(中国)通信有限公司 通信方法和通信设备以及记录介质
CN109618328B (zh) * 2018-11-29 2019-10-08 爱立信(中国)通信有限公司 通信方法和通信设备以及记录介质

Also Published As

Publication number Publication date
DE102006054091B4 (de) 2008-09-11
WO2008058841A3 (fr) 2008-07-24
DE102006054091A1 (de) 2008-05-21

Similar Documents

Publication Publication Date Title
EP1365620B1 (fr) Procédé pour le rattachement d'un terminal de communication dans un réseau de service (IMS)
DE60320028T2 (de) Single Sign-On (SSO) für Benutzer von Paketfunknetz-Roaming in einem Multinationalen Betreibernetz
DE60202527T2 (de) Verfahren und system zur behandlung von mehrfachanmeldungen
DE19722424C1 (de) Verfahren zum Sichern eines Zugreifens auf ein fernab gelegenes System
DE102006038037A1 (de) Verfahren und System zum Bereitstellen eines zugangsspezifischen Schlüssels
WO2007031389A1 (fr) Systeme de telecommunication, et procede pour commander un echange de terminal d'abonne entre deux reseaux
DE10138718A1 (de) Verfahren zur Übermittlung von Chiffrierungsinformationen an Teilnehmer einer Multicast-Gruppe
DE102006026929A1 (de) Verfahren zur mehrfachen Registrierung eines multimodalen Kommunikationsendgerätes
WO2007051793A1 (fr) Forçage de l'ip mobile proxy (pmip) a la place de l'ip mobile client (cmip) de maniere specifique a l'abonne
EP3799379B1 (fr) Procédé et système de communication à base d'ip permettant de changer les instances de commande de connexion sans nouvel enregistrement des abonnés finaux
EP1597861B1 (fr) Procede pour la transmission de donnees dans un reseau local sans fil
DE602004008293T2 (de) Transparente Zugangsauthentifikation in GPRS-Kern-Netzwerken
WO2005039141A1 (fr) Procede de securisation du trafic de donnees entre un reseau de telephonie mobile et un reseau ims
WO2008058841A2 (fr) Procédé d'amorçage
EP2443852B1 (fr) Procede de transmission rapide et securisee d'une clef de chiffrement
EP1285547B1 (fr) Procede et systeme pour annoncer une station abonnee a la fonction de gestion d'etat de service cscf de service par paquets dans un systeme de communication
EP2031832B1 (fr) Procédé de préparation et d'activation d'un réseau personnel
DE102006040313B3 (de) Verfahren und Anordnung zur automatischen Konfiguration eines lokalen Funknetzwerkes
DE10238928B4 (de) Verfahren zur Authentifizierung eines Nutzers eines Kommunikationsendgerätes bei Nutzung eines Dienstnetzes
DE60037674T2 (de) Verfahren und gerät zur durchführung von sicherheitsprozeduren unter einbeziehung von mobilstationen in hybriden, zellularen telekommunikationssystemen
EP1844619A1 (fr) Reseau radio mobile, procede pour faire fonctionner un terminal dans un tel reseau, et terminal comprenant des circuits electroniques integres pour enregistrer des parametres d'identification du terminal
EP2056631B1 (fr) Procédé de configuration d'un réseau personnel dans un réseau radio mobile
EP1985086B1 (fr) Procédé pour transmettre des données dans un réseau de communication
DE10356091A1 (de) Verfahren zur Sicherung des Datenverkehrs zwischen einem Mobilfunknetz und einem IMS-Netz
WO2008074620A2 (fr) Procédé et serveur pour fournir une clé à usage spécifique

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07821805

Country of ref document: EP

Kind code of ref document: A2