WO2009004590A3 - Method, apparatus, system and computer program for key parameter provisioning - Google Patents

Method, apparatus, system and computer program for key parameter provisioning Download PDF

Info

Publication number
WO2009004590A3
WO2009004590A3 PCT/IB2008/052665 IB2008052665W WO2009004590A3 WO 2009004590 A3 WO2009004590 A3 WO 2009004590A3 IB 2008052665 W IB2008052665 W IB 2008052665W WO 2009004590 A3 WO2009004590 A3 WO 2009004590A3
Authority
WO
WIPO (PCT)
Prior art keywords
information
user equipment
key
processing instruction
equipment processing
Prior art date
Application number
PCT/IB2008/052665
Other languages
French (fr)
Other versions
WO2009004590A2 (en
Inventor
Marc Blommaert
Silke Holtmanns
Original Assignee
Nokia Corp
Nokia Inc
Marc Blommaert
Silke Holtmanns
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corp, Nokia Inc, Marc Blommaert, Silke Holtmanns filed Critical Nokia Corp
Publication of WO2009004590A2 publication Critical patent/WO2009004590A2/en
Publication of WO2009004590A3 publication Critical patent/WO2009004590A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

A method includes receiving, for a specific user equipment, an inquiry for key generation-related information, and user equipment processing instruction information, generating first key information on the received user equipment processing instruction information, encrypting at least core-network related dynamic identity information based on the generated key information, and sending the key generation-related information comprising at least the encrypted core-network related dynamic identity information and the received user equipment processing instruction information. Also described is a method that includes receiving key generation-related information that has at least encrypted core-network related dynamic identity information and user equipment processing instruction information, generating first key information on the received user equipment processing instruction information, decrypting the received encrypted core-network related dynamic identity information based on the generated first key information, and deriving second key information based on the decrypted core-network related dynamic identity information. These methods protect certain data in a network initiated GBA (push) bootstrapping from tampering and observation.
PCT/IB2008/052665 2007-07-03 2008-07-02 Method, apparatus, system and computer program for key parameter provisioning WO2009004590A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US92958907P 2007-07-03 2007-07-03
US60/929,589 2007-07-03

Publications (2)

Publication Number Publication Date
WO2009004590A2 WO2009004590A2 (en) 2009-01-08
WO2009004590A3 true WO2009004590A3 (en) 2009-02-26

Family

ID=40094130

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/052665 WO2009004590A2 (en) 2007-07-03 2008-07-02 Method, apparatus, system and computer program for key parameter provisioning

Country Status (2)

Country Link
TW (1) TW200915814A (en)
WO (1) WO2009004590A2 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2394452B1 (en) 2009-02-05 2017-12-06 Telefonaktiebolaget LM Ericsson (publ) Network unit of a device management network system for protection of a bootstrap message, and corresponding device, method and computer program
CN105144600B (en) * 2013-05-31 2018-11-02 英特尔Ip公司 Hybrid digital and analog beam for large-scale antenna array shape
GB2518257A (en) 2013-09-13 2015-03-18 Vodafone Ip Licensing Ltd Methods and systems for operating a secure mobile device
CN106487501B (en) * 2015-08-27 2020-12-08 华为技术有限公司 Key distribution and reception method, key management center, first network element and second network element

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060079205A1 (en) * 2004-09-08 2006-04-13 James Semple Mutual authentication with modified message authentication code
WO2007008120A1 (en) * 2005-07-07 2007-01-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for authentication and privacy
US20070086591A1 (en) * 2005-10-13 2007-04-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for establishing a security association

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060079205A1 (en) * 2004-09-08 2006-04-13 James Semple Mutual authentication with modified message authentication code
WO2007008120A1 (en) * 2005-07-07 2007-01-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for authentication and privacy
US20070086591A1 (en) * 2005-10-13 2007-04-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for establishing a security association

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
3GPP: "3rd Generation Partnership Project;Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA);Generic Bootstrapping Architecture (GBA) Push Function (Release 7)", 3GPP DRAFT; S3-070456_33223-040(RM)_V1, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. tsg_sa\WG3_Security\TSGS3_47_Tallinn\Docs, no. Tallinn; 20070522, 25 May 2007 (2007-05-25), XP050279928 *
NOKIA ET AL: "GBA push: Key derivation for broadcast NAF and privacy", 3GPP DRAFT; S3-070563-GBA PUSH NAF NAME 030707V1, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. tsg_sa\WG3_Security\TSGS3_48_Montreal\Docs, no. Montreal; 20070710, 3 July 2007 (2007-07-03), XP050280030 *

Also Published As

Publication number Publication date
TW200915814A (en) 2009-04-01
WO2009004590A2 (en) 2009-01-08

Similar Documents

Publication Publication Date Title
WO2003077084A3 (en) Implementation of storing secret information in data storage reader products
WO2008030704A3 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
US20120170740A1 (en) Content protection apparatus and content encryption and decryption apparatus using white-box encryption table
WO2008001327A3 (en) Method and apparatus for encrypting/decrypting data
WO2008032304A3 (en) Method and system for secure data collection and distribution
EP2544400A3 (en) PUF based Cryptographic communication system and cryptographic communication method
CN107005577B (en) Fingerprint data processing method and processing device
WO2000072500A3 (en) Information encryption system and method
CA2585987A1 (en) System and method for protecting master encryption keys
WO2009151832A3 (en) Method and system for securing a payment transaction
TW200701728A (en) Data-encrypting/decrypting method, data-saving media using the method, and data-encrypting/decrypting module
CN101164063A (en) Method and apparatus for managing digital content
CN103177222A (en) Processing method for file shell adding and shell removing and device thereof
CN101140610B (en) Contents decryption method using DRM card
CN107306254B (en) Digital copyright protection method and system based on double-layer encryption
ATE542325T1 (en) METHOD AND DEVICE FOR SECURE DISTRIBUTION OF PROGRAM CONTENT
CN101539977B (en) Method for protecting computer software
CN105208028A (en) Data transmission method and related device and equipment
MX2018007696A (en) Method and system for enhancing the security of a transaction.
EP1611725B8 (en) Method and apparatuses for provisioning data access
WO2007106586A3 (en) Decryption key reuse in ancrypted digital data stream distribution systems
WO2009004590A3 (en) Method, apparatus, system and computer program for key parameter provisioning
CN101399663B (en) Method, system and device for digital content authentication
CN112528309A (en) Data storage encryption and decryption method and device
US20150200777A1 (en) Data securing method, data securing system and data carrier

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08763453

Country of ref document: EP

Kind code of ref document: A2