Communication between a communication device and a network device
First Claim
1. A communication device for communicating with a network device of a communication network, the communication device comprising:
- at least one processor circuit; and
at least one memory connected to the at least one processor circuit and storing program instructions that are executed by the at least one processor to perform operations comprising;
receiving, via a network, an authentication request from the network device, the authentication request comprising a challenge, a challenge verification code, a first Diffie-Hellman (DH) parameter, and a first verification code for the first DH parameter;
forwarding said challenge and said challenge verification code to an identity module used by the communication device to provide authentication request challenge responses for the communication device to connect to the communication network, wherein the identity module is hardware based and is physically connected to the communication device;
receiving at least one result parameter as a response from the identity module, the at least one result parameter having been generated by the identity module and being one of a ciphering key (CK), an integrity key (1K) and a response parameter (RES);
determining, based on said result parameter and said first verification code, whether said first DH parameter is authentic; and
responsive to determining that the first DH parameter is authentic, generating a second DH parameter and a second verification code that is based on the second DH parameter and sending, through the network, the second DH parameter, the second verification code, and the response parameter in an authentication response message to the network device for the network device to generate a session key for communication with the communication device.
3 Assignments
0 Petitions
Accused Products
Abstract
A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.
45 Citations
28 Claims
-
1. A communication device for communicating with a network device of a communication network, the communication device comprising:
-
at least one processor circuit; and at least one memory connected to the at least one processor circuit and storing program instructions that are executed by the at least one processor to perform operations comprising; receiving, via a network, an authentication request from the network device, the authentication request comprising a challenge, a challenge verification code, a first Diffie-Hellman (DH) parameter, and a first verification code for the first DH parameter; forwarding said challenge and said challenge verification code to an identity module used by the communication device to provide authentication request challenge responses for the communication device to connect to the communication network, wherein the identity module is hardware based and is physically connected to the communication device; receiving at least one result parameter as a response from the identity module, the at least one result parameter having been generated by the identity module and being one of a ciphering key (CK), an integrity key (1K) and a response parameter (RES); determining, based on said result parameter and said first verification code, whether said first DH parameter is authentic; and responsive to determining that the first DH parameter is authentic, generating a second DH parameter and a second verification code that is based on the second DH parameter and sending, through the network, the second DH parameter, the second verification code, and the response parameter in an authentication response message to the network device for the network device to generate a session key for communication with the communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 21, 22, 23, 24, 25)
-
-
17. A method for a communication device in communication with a network device of a communication network, the method being performed by the communication device and comprising:
-
receiving, via a network, an authentication request from the network device, the authentication request comprising a challenge, a challenge verification code, a first Diffie-Hellman (DH) parameter, and a first verification code for the first DH parameter; forwarding said challenge and said challenge verification code to an identity module used by the communication device to provide authentication request challenge responses for the communication device to connect to the communication network, wherein the identity module is hardware based and is physically connected to the communication device; receiving at least one result parameter as a response from the identity module, the at least one result parameter having been generated by the identity module and being one of a ciphering key (CK), an integrity key (IK) and a response parameter (RES); determining, based on said result parameter and said first verification code, whether said first DH parameter is authentic; and responsive to determining that the first DH parameter is authentic, generating a second DH parameter and a second verification code that is based on the secon DH parameter, and sending, through the network, the second DH parameter, the second verification code, and the response parameter in an authentication response message to the network device for the network device to generate a session key for communication with the communication device. - View Dependent Claims (19, 20, 26)
-
-
27. A computer program product comprising a non-transitory computer-readable storage medium storing program code for a communication device in communication with a network device of a communication network, the program code, which when run in the communication device, causes the communication device to:
-
receive, via a network, an authentication request from the network device, the authentication request comprising a challenge, a challenge verification code, a first Diffie-Hellman (DH) parameter, and a first verification code for the first DH parameter; forward said challenge and said challenge verification code to an identity module used by the communication device to provide authentication request challenge responses for the communication device to connect to the communication network, wherein the identity module is hardware based and is physically connected to the communication device; receive at least one result parameter as a response from the identity module, the at least one result parameter having been generated by the identity module and being one of a ciphering key (CK), an integrity key (IK) and a response parameter (RES); determine, based on said result parameter and said first verification code, whether said first DH parameter is authentic; and responsive to determining the first DH parameter is authentic, generate a second DH parameter and a second verification code and send, through the network, the second DH parameter, the second verification code, and the response parameter in an authentication response message to the network device for session key generation based on the first DH parameter and the second DH parameter. - View Dependent Claims (28)
-
Specification