WO2016074694A1 - Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques - Google Patents

Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques Download PDF

Info

Publication number
WO2016074694A1
WO2016074694A1 PCT/EP2014/074150 EP2014074150W WO2016074694A1 WO 2016074694 A1 WO2016074694 A1 WO 2016074694A1 EP 2014074150 W EP2014074150 W EP 2014074150W WO 2016074694 A1 WO2016074694 A1 WO 2016074694A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption algorithms
information
specific encryption
subscriber identity
identity module
Prior art date
Application number
PCT/EP2014/074150
Other languages
English (en)
Inventor
Guenther Horn
Original Assignee
Nokia Solutions And Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Solutions And Networks Oy filed Critical Nokia Solutions And Networks Oy
Priority to PCT/EP2014/074150 priority Critical patent/WO2016074694A1/fr
Publication of WO2016074694A1 publication Critical patent/WO2016074694A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption

Definitions

  • the present invention relates to apparatuses, methods, systems, computer programs, computer program products and computer-readable media regarding enforcing the use of specific encryption algorithms.
  • the present invention relates to security in 3GPP (3 rd Generation Partnership Project) networks, and is motivated, in particular, by the current work on enhancements for GSM (Global System for Mobile Communication) EDGE (Enhanced Data Rates for GSM Evolution) Radio Access Network (GERAN) that aims at better supporting the Internet of Things (loT).
  • GSM Global System for Mobile Communication
  • EDGE Enhanced Data Rates for GSM Evolution
  • GERAN Radio Access Network
  • LoT Internet of Things
  • PS packet-switching
  • GPRS General Packet Radio Service
  • the present invention is also applicable to other types of 3GPP-defined networks used for other purposes.
  • the GERAN loT work aims at enhancing GERAN in various respects to better support low-cost, long-lived terminals for machine-type communication.
  • a part of the envisaged enhancements relates to security. It has been well known for a long time that GSM security suffers from significant weaknesses. Nevertheless, no significant progress has been made over the past years regarding GSM security. This is mainly due to the requirement cited in 3GPP TR 33.801 (document [1 ]), clause 1 1 .12: "It is required that a new mobile should still work in an old network.” This requirement offers the possibility for an attacker who presents a fake network to the terminal to pretend that the network is an old one not supporting the security enhancements. In this way, the attacker can "bid down" to a weaker security level, effectively nullifying the usefulness of the security enhancements through an active false network attack.
  • UMTS Universal Mobile Telecommunication System
  • AKA Authentication and Key Agreement
  • Document [1 ] discloses a discussion of a method for enforcing the use of certain encryption algorithms, called 'Special RAND' (cf. clause 10.1 .1 of document [1 ]).
  • 'Special RAND' is tailored to the use of GSM authentication and modifies the random number RAND, instead of using UMTS AKA.
  • document [2] describes use of the so-called AMF (Authentication Management Field) of UMTS AKA. However, it is not described there how to use the AMF to enforce the use of encryption algorithms in the terminal.
  • AMF Authentication Management Field
  • a method comprising: composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
  • a mobile equipment receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
  • an apparatus for use in a register comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus for use in a server comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus for use in a mobile equipment comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • the mobile equipment receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
  • an apparatus for use in a mobile equipment comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus for use in a subscriber identity module comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus comprising: means for composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
  • an apparatus comprising: means for determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and means for transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the- air mechanisms.
  • an apparatus comprising: means for receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
  • an apparatus comprising: means for obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and
  • an apparatus comprising: means for storing, in a subscriber identity module, information on the use of specific encryption algorithms, and
  • a computer program product comprising code means adapted to produce steps of any of the methods as described above when loaded into the memory of a computer.
  • a computer program product as defined above, wherein the computer program product comprises a computer- readable medium on which the software code portions are stored.
  • Fig. 1 is a flowchart illustrating an example of a method according to example versions of the present invention
  • Fig. 2 is a flowchart illustrating an example of another method according to example versions of the present invention.
  • FIG. 3 is a flowchart illustrating an example of another method according to example versions of the present invention
  • Fig. 4 is a flowchart illustrating an example of another method according to example versions of the present invention
  • Fig. 5 is a flowchart illustrating an example of another method according to example versions of the present invention.
  • Fig. 6 is block diagram illustrating an example of an apparatus according to example versions of the present invention. Detailed Description
  • the basic system architecture of a communication network where examples of embodiments of the invention are applicable may comprise a commonly known architecture of one or more communication systems comprising a wired or wireless access network subsystem and a core network.
  • Such an architecture may comprise one or more communication network control elements, access network elements, radio access network elements, access service network gateways or base transceiver stations, such as a base station (BS), an access point or an eNB, which control a respective coverage area or cell and with which one or more communication elements or terminal devices such as a
  • UE or another device having a similar function such as a modem chipset, a chip, a module etc., which can also be part of a UE or attached as a separate element to a UE, or the like, are capable to communicate via one or more channels for transmitting several types of data.
  • core network elements such as gateway network elements, policy and charging control network elements, mobility management entities, operation and maintenance elements, and the like may be comprised.
  • the communication network is also able to communicate with other networks, such as a public switched telephone network or the Internet.
  • the communication network may also be able to support the usage of cloud services.
  • BSs and/or eNBs or their functionalities may be implemented by using any node, host, server or access node etc. entity suitable for such a usage.
  • network elements and communication devices such as terminal devices or user devices like UEs, communication network control elements of a cell, like a BS or an eNB, access network elements like APs and the like, as well as corresponding functions as described herein may be implemented by software, e.g. by a computer program product for a computer, and/or by hardware.
  • nodes or network elements may comprise several means, modules, units, components, etc. (not shown) which are required for control, processing and/or communication/signaling functionality.
  • Such means, modules, units and components may comprise, for example, one or more processors or processor units including one or more processing portions for executing instructions and/or programs and/or for processing data, storage or memory units or means for storing instructions, programs and/or data, for serving as a work area of the processor or processing portion and the like (e.g. ROM, RAM, EEPROM, and the like), input or interface means for inputting data and instructions by software (e.g. floppy disc, CD-ROM, EEPROM, and the like), a user interface for providing monitor and manipulation possibilities to a user (e.g. a screen, a keyboard and the like), other interface or means for establishing links and/or connections under the control of the processor unit or portion (e.g.
  • radio interface means comprising e.g. an antenna unit or the like, means for forming a radio communication part etc.) and the like, wherein respective means forming an interface, such as a radio communication part, can be also located on a remote site (e.g. a radio head or a radio station etc.).
  • a remote site e.g. a radio head or a radio station etc.
  • the invention specifically addresses the question how the network can securely instruct the terminal to use a particular set of encryption algorithms to protect the communication over the radio interface, while preventing an attacker from downgrading the security of the communication through enforcing the use of a weaker algorithm.
  • the problem addressed by the present invention is that these minimum security requirements should be allowed to be updated securely and automatically over time as GERAN loT terminals are expected to have a long life and run without human intervention.
  • the idea of the invention can be extended in an easy way to environments other than the GERAN loT, e.g. the Circuit-Switched (CS) domain of GSM (by instructing a terminal to no longer use A5/3), or to UMTS or LTE networks and the like.
  • CS Circuit-Switched
  • Some example versions of the present invention specifically address the question how the network can securely instruct the terminal to use a particular set of encryption algorithms to protect the communication over the radio interface, while preventing an attacker from downgrading the security of the communication through enforcing the use of a weaker algorithm.
  • the AMF Authentication Management Field
  • the AMF is a field sent from the HLR (Home Location Register) or HSS (Home Subscriber Server) to the user equipment together with the authentication challenge.
  • the AMF is seen, and hence can be evaluated, by both the ME (Mobile Equipment) and the USIM (Universal Subscriber Identity Module).
  • the AMF is integrity-protected, and the USIM can verify the integrity of this field, hence the AMF provides a secure means of conveying information from the HLR or HSS to the UE.
  • the AMF comprises 16 bits numbered from “0” to “15”, where bit “0” is the most significant bit and bit “15” is the least significant bit. Bit “0” is called the “AMF separation bit” and is used for the purposes of EPS (Evolved Packet System). Bits “1 “ to “7” are reserved for future standardization use and bits “8" to “15” can be used for proprietary purposes.
  • EPS Evolved Packet System
  • the fourth variant uses the OTA (Over The Air) management of the USIM.
  • an AMF bit x (x being one bit of the bits "1 " to “7”) is used, which indicates the following: if the bit x is set to 1 , the ME shall use only algorithms of a certain minimum strength, e.g. GEA4 or stronger. According to the first variant, the AMF bit must be in the standardized part of the AMF (bits "1 " to “7", as set out above, with bit "0" being already in use) because it needs to be evaluated in the ME and, hence, cannot be proprietary. If the bit x is set to "0", there are no specific requirements regarding the encryption algorithms. In such a case, the HSS or HLR including the Authentication Centre (AuC) must be capable of setting the AMF bit x dependent on
  • serving network node e.g. SGSN
  • ⁇ type of subscription e.g. loT.
  • the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
  • the ME must be capable of evaluating the AMF bit x and interpret it as an instruction to use only certain encryption algorithms.
  • an AMF bit y (y being one bit of the bits "1 " to "7") is used, which indicates the following: if the bit y is set to 1 , the ME shall contact the USIM to fetch further information on encryption algorithms from the USIM, if the bit y is set to 0, the ME shall not contact the USIM to fetch further information on encryption algorithms from the USIM.
  • the AMF bit must be in the standardized part of the AMF (bits "1 " to “7”, as set out above, with bit “0” being already in use) because it needs to be evaluated in the ME and, hence, cannot be proprietary.
  • serving network node e.g. SGSN
  • the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
  • the ME must be capable of evaluating the AMF bit y and interpret it as an instruction to fetch further information on the use of encryption algorithms from the USIM.
  • the USIM must be capable of storing information on the use of encryption algorithms and sending it to the ME upon request.
  • an AMF bit z (z being one bit of the bits "1 " to “15”) is used, which indicates the following: if the bit is set to 1 , the USIM shall modify the information on encryption algorithms so that now only algorithms of a certain minimum strength are allowed, e.g. only GEA4 or stronger. If the bit z is set to "0", the USIM does not modify the information.
  • the information on encryption algorithms in the USIM is now assumed to be dynamically changing, depending on the value of the AMF bit z, and the ME is assumed to always fetch information on encryption algorithms from the USIM.
  • the AMF bit could also be in the proprietary part of the AMF as, in principle, though not always in practice, the operator owning the HLR or HSS could instruct his provider of USIMs to implement a proprietary meaning of the AMF bit. But the ME behavior would have to be standardized anyhow.
  • the HSS or HLR including the Authentication Centre (AuC) must be capable of setting AMF bit z dependent on
  • serving network node e.g. SGSN
  • type of subscription e.g. loT.
  • the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
  • the ME must be capable of always fetching further information on the use of encryption algorithms from the USIM.
  • the USIM must be capable of storing information on the use of encryption algorithms, modify it depending on the value of the AMF bit z and send the information to the ME upon request.
  • a fourth variant according to example versions of the present invention relates to modifying information on encryption algorithms in the USIM via OTA mechanisms (e.g. via the SIM application toolkit).
  • the OTA mechanisms are protected in a proprietary way.
  • OTA server that must be capable of sending updated information on encryption algorithms to selected sets of UEs, e.g. depending on the type of subscription.
  • the ME must be capable of always fetching further information on the use of encryption algorithms from the USIM.
  • the USIM must be capable of storing information on the use of encryption algorithms, modify it depending on the updating information received OTA and send the information to the ME upon request.
  • the above described four variants are of course not limited to signaling the use of GEA4 in the context of GERAN loT, but could also be used to signal the use of e.g. encryption or integrity algorithms in UMTS or LTE.
  • Fig. 1 is a flowchart illustrating an example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a register, like a HSS or a HLR including the AuC, or the like.
  • the method comprises composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment in a step S1 1 , and transmitting, by the register, the message to the user equipment in a step S12.
  • the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to use specific encryption algorithms. According to some example versions of the present invention, the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to obtain information on specific encryption algorithms to be used from a subscriber identity module of the user equipment.
  • the management field includes a bit for dynamically changing information on specific encryption algorithms in the subscriber identity module of the user equipment.
  • the bit is set depending on capabilities of a serving gateway node serving the user equipment and a type of subscription of the user equipment.
  • the register is a Home Subscriber Server or a Home Location Register including an Authentication Centre.
  • Fig. 2 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a server, like an OTA server, or the like.
  • the method comprises determining, by a server, updated information on specific encryption algorithms to be used by a user equipment in a step S21 , and transmitting, by the server, in a step S22, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
  • Fig. 3 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a mobile equipment or the like.
  • the method comprises receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment in a step S31 , evaluating, by the mobile equipment, in a step S32 the information regarding use of specific encryption algorithms, and using, by the mobile equipment, the specific encryption algorithms based on the information in a step S33.
  • evaluating the information comprises interpreting the information as an instruction to use the specific encryption algorithms.
  • evaluating the information comprises interpreting the information as an instruction to obtain information on the use of the specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and the method further comprises using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
  • Fig. 4 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a mobile equipment or the like.
  • the method comprises obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment in a step S41 , and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module in a step S42.
  • Fig. 5 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a subscriber identity module, like a USIM, or the like.
  • the method comprises storing, in a subscriber identity module, in a step S51 , information on the use of specific encryption algorithms, and, in a step S52, transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
  • the method further comprises receiving, at the subscriber identity module, a message including updated information on the use of specific encryption algorithms, modifying, by the subscriber identity module, the stored information on the use of specific encryption algorithms based on the updated information, and transmitting, by the subscriber identity module, upon request, the modified information to the mobile equipment.
  • the specific encryption algorithms are encryption algorithms having a specific minimum strength.
  • Fig. 6 is a block diagram showing an example of an apparatus according to some example versions of the present invention.
  • a block circuit diagram illustrating a configuration of an apparatus 60 is shown, which is configured to implement the above described aspects of the invention.
  • the apparatus 60 shown in Fig. 6 may comprise several further elements or functions besides those described herein below, which are omitted herein for the sake of simplicity as they are not essential for understanding the invention.
  • the apparatus may be also another device having a similar function, such as a chipset, a chip, a module etc., which can also be part of an apparatus or attached as a separate element to the apparatus, or the like.
  • the apparatus 60 may comprise a processing function or processor 61 , such as a CPU or the like, which executes instructions given by programs or the like.
  • the processor 61 may comprise one or more processing portions dedicated to specific processing as described below, or the processing may be run in a single processor. Portions for executing such specific processing may be also provided as discrete elements or within one or further processors or processing portions, such as in one physical processor like a CPU or in several physical entities, for example.
  • Reference sign 62 denotes transceiver or input/output (I/O) units (interfaces) connected to the processor 61 .
  • the I/O units 62 may be used for communicating with one or more other network elements, entities, terminals or the like.
  • the I/O units 62 may be a combined unit comprising communication equipment towards several network elements, or may comprise a distributed structure with a plurality of different interfaces for different network elements.
  • the apparatus 60 further comprises at least one memory 63 usable, for example, for storing data and programs to be executed by the processor 61 and/or as a working storage of the processor 61 .
  • the processor 61 is configured to execute processing related to the above described aspects.
  • the apparatus 60 may be implemented in or may be part of a network element like a serving gateway, a packet data network gateway or the like, and may be configured to perform a method as described in connection with Fig. 2.
  • the processor 61 is configured to perform receiving, by a first network element, a message including an indication of a quality of service modification initiated by a charging entity, composing, by the first network element, a message including an information element indicating that the quality of service modification is initiated by the charging entity, and forwarding, by the first network element, the message including the information element to a second network element.
  • the apparatus 60 may be implemented in or may be part of a register, like a HSS or a HLR including the AuC, or the like, and may be configured to perform a method as described in connection with Fig. 1 .
  • the processor 61 is configured to perform composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment, and transmitting, by the register, the message to the user equipment.
  • the apparatus 60 may be implemented in or may be part of a server, like an OTA server, or the like, and may be configured to perform a method as described in connection with Fig. 2.
  • the processor 61 is configured to perform determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
  • the apparatus 60 may be implemented in or may be part of a mobile equipment or the like, and may be configured to perform a method as described in connection with Fig. 3.
  • the processor 61 is configured to perform receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment, evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and using, by the mobile equipment, the specific encryption algorithms based on the information.
  • the apparatus 60 may be implemented in or may be part of a mobile equipment or the like, and may be configured to perform a method as described in connection with Fig. 4.
  • the processor 61 is configured to perform obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
  • the apparatus 60 may be implemented in or may be part of a subscriber identity module, like a USIM, or the like, and may be configured to perform a method as described in connection with Fig. 5.
  • the processor 61 is configured to perform storing, in a subscriber identity module, information on the use of specific encryption algorithms, and transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
  • the apparatus for use in a register generally have the same structural components, wherein these components are configured to execute the respective functions of the register, server, mobile equipment, and subscriber identity module, respectively, as set out above.
  • the apparatus may comprise further units/means that are necessary for its respective operation, respectively. However, a description of these units/means is omitted in this specification.
  • the arrangement of the functional blocks of the apparatus is not construed to limit the invention, and the functions may be performed by one block or further split into sub-blocks.
  • the apparatus or some other means
  • the apparatus is configured to perform some function
  • this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function.
  • a (i.e. at least one) processor or corresponding circuitry potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function.
  • such function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression "unit configured to” is construed to be equivalent to an expression such as "means for").
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the aspects/embodiments and its modification in terms of the functionality implemented;
  • CMOS Complementary MOS
  • BiMOS Bipolar MOS
  • BiCMOS Bipolar CMOS
  • ECL emitter Coupled Logic
  • TTL Transistor-Transistor Logic
  • ASIC Application Specific IC
  • FPGA Field- programmable Gate Arrays
  • CPLD Complex Programmable Logic Device
  • DSP Digital Signal Processor
  • - devices, units or means can be implemented as individual devices, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, unit or means is preserved;
  • an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for execution/being run on a processor;
  • a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing, for example.
  • respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts.
  • the mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the present invention.
  • Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person.
  • Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.
  • a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne des appareils, des procédés, des programmes informatiques, des produits de programmes informatiques et des supports lisibles par ordinateur concernant la mise en application de l'utilisation d'algorithmes de chiffrement spécifiques. La présente invention comporte les étapes suivantes: un registre compose un message comprenant un champ de gestion, le champ de gestion comprenant des informations concernant l'utilisation d'algorithmes de chiffrement spécifiques par un équipement d'utilisateur, le registre envoie le message à l'équipement d'utilisateur
PCT/EP2014/074150 2014-11-10 2014-11-10 Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques WO2016074694A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/074150 WO2016074694A1 (fr) 2014-11-10 2014-11-10 Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/074150 WO2016074694A1 (fr) 2014-11-10 2014-11-10 Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques

Publications (1)

Publication Number Publication Date
WO2016074694A1 true WO2016074694A1 (fr) 2016-05-19

Family

ID=51905029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/074150 WO2016074694A1 (fr) 2014-11-10 2014-11-10 Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques

Country Status (1)

Country Link
WO (1) WO2016074694A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11283607B2 (en) 2018-07-19 2022-03-22 British Telecommunications Public Limited Company Dynamic data encryption

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998053629A1 (fr) * 1997-05-20 1998-11-26 Motorola, Inc. Securisation de carte sim a plusieurs numeros
WO1999001848A1 (fr) * 1997-07-02 1999-01-14 Sonera Oyj Procedure de commande d'applications stockees dans un module d'identification d'abonne
EP1213680A2 (fr) * 2000-11-30 2002-06-12 Avx Corporation Dispositif électronique avec un lecteur de carte et un ensemble de connecteurs
US20040185829A1 (en) * 2000-05-22 2004-09-23 Bart Vinck Method for establishing a connection between a terminal and an operating mobile radio network, mobile radio network and terminal used in such a method
WO2006007879A1 (fr) * 2004-07-22 2006-01-26 Telecom Italia S.P.A. Procede et systeme pouvant ameliorer la robustesse d'une messagerie protegee dans un reseau de communications mobiles
WO2006029384A2 (fr) * 2004-09-08 2006-03-16 Qualcomm Incorporated Authentification mutuelle avec code d'authentification de message modifie
WO2007110094A1 (fr) * 2006-03-27 2007-10-04 Telecom Italia S.P.A. Système de mise en application de politiques de sécurité sur des dispositifs de communications mobiles

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998053629A1 (fr) * 1997-05-20 1998-11-26 Motorola, Inc. Securisation de carte sim a plusieurs numeros
WO1999001848A1 (fr) * 1997-07-02 1999-01-14 Sonera Oyj Procedure de commande d'applications stockees dans un module d'identification d'abonne
US20040185829A1 (en) * 2000-05-22 2004-09-23 Bart Vinck Method for establishing a connection between a terminal and an operating mobile radio network, mobile radio network and terminal used in such a method
EP1213680A2 (fr) * 2000-11-30 2002-06-12 Avx Corporation Dispositif électronique avec un lecteur de carte et un ensemble de connecteurs
WO2006007879A1 (fr) * 2004-07-22 2006-01-26 Telecom Italia S.P.A. Procede et systeme pouvant ameliorer la robustesse d'une messagerie protegee dans un reseau de communications mobiles
WO2006029384A2 (fr) * 2004-09-08 2006-03-16 Qualcomm Incorporated Authentification mutuelle avec code d'authentification de message modifie
WO2007110094A1 (fr) * 2006-03-27 2007-10-04 Telecom Italia S.P.A. Système de mise en application de politiques de sécurité sur des dispositifs de communications mobiles

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (3G TS 33.102 version 3.4.0 Release 1999)", 3GPP STANDARD; 3G TS 33.102, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V3.4.0, 1 March 2000 (2000-03-01), pages 1 - 69, XP050376388 *
YU-LUN HUANG ET AL: "Provable Secure AKA Scheme with Reliable Key Delegation in UMTS", SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, 2009. SSIRI 2009. THIRD IEEE INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 8 July 2009 (2009-07-08), pages 243 - 252, XP031563010, ISBN: 978-0-7695-3758-0 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11283607B2 (en) 2018-07-19 2022-03-22 British Telecommunications Public Limited Company Dynamic data encryption

Similar Documents

Publication Publication Date Title
AU2016243284B2 (en) Authentication and key agreement with perfect forward secrecy
CN113271595B (zh) 移动通信方法、装置及设备
US11234128B2 (en) Managing undesired service requests in a network
CN111788839A (zh) 用户身份隐私保护和网络密钥管理
MX2012014243A (es) Metodos y aparatos que facilitan la sincronizacion de configuraciones de seguridad.
JP2020509648A (ja) 異なる無線通信システム間のアイドルモードモビリティにおけるセキュリティコンテキストの管理
CN104066070A (zh) 终端注册方法、终端发现方法、终端及装置
CN102318386A (zh) 向网络的基于服务的认证
US11622268B2 (en) Secure communication method and secure communications apparatus
US20190274039A1 (en) Communication system, network apparatus, authentication method, communication terminal, and security apparatus
US20220279471A1 (en) Wireless communication method for registration procedure
JP2022530955A (ja) マルチsim装置及びサブスクリプション情報を検証する方法及びプロセス
WO2016184140A1 (fr) Procédé de vérification d'identificateur d'équipement, système, équipement et support de stockage
US8620317B2 (en) Method and apparatus for communicating network features during a routing area update procedure
CN110692224B (zh) 隐私保护能力
WO2016074694A1 (fr) Mise en application de l'utilisation d'algorithmes de chiffrement spécifiques
US10492056B2 (en) Enhanced mobile subscriber privacy in telecommunications networks
CN115942307A (zh) 针对4g或5g网络中的攻击的增强的用户装备安全性
AU2019224247B2 (en) Radio communication system, security proxy device, and relay device
US20190069170A1 (en) Security in isolated lte networks
WO2024065502A1 (fr) Authentification et gestion de clés pour des applications (akma) pour des scénarios d'itinérance
WO2016082872A1 (fr) Blocage de connexions imbriquées

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14799710

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14799710

Country of ref document: EP

Kind code of ref document: A1