Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
First Claim
Patent Images
1. A method to discourage a MITM attacker in a data communications system that includes a client and a server, comprising:
- directing the client to use a HMAC-MD5 keyed hash function when producing Digest credentials; and
using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
84 Citations
23 Claims
-
1. A method to discourage a MITM attacker in a data communications system that includes a client and a server, comprising:
-
directing the client to use a HMAC-MD5 keyed hash function when producing Digest credentials; and
using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method to discourage a MITM attacker in a data communications system that includes client and a server, comprising:
in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an algorithm field to indicate an algorithm=“
AKAv2-HMAC-MD5”
or “
AKAv1-HMAC-MD5”
, where in AKAv2 a value A1′
is defined as follows;
Let A1′
=K∥
opad∥
MD5(K∥
ipad∥
A1),so that A1′
is the contents of the HMAC part, and the result is;
where K is composed of an AKA Integrity Key (IK), an AKA Cipher Key (CK), a concatenation of IK and CK, or a cryptographic combination of IK and CK.
-
8. A method to discourage a MITM attacker in a data communications system that includes client and a server, comprising:
in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an algorithm field to indicate an algorithm=“
AKAv2-HMAC-MD5”
, where a value A1′
is defined as follows;
Let A1′
=K∥
opad∥
MD5(K∥
ipad∥
A1),so that A1′
is the contents of the HMAC part, and the result is;
where K is composed of one of an AKA Integrity Key (IK), an AKA Cipher Key (CK), a concatenation of IK and CK, or a cryptographic combination of IK and CK.
-
9. A data communications system that includes a client and a server, comprising in said server a function to direct the client to use a HMAC-MD5 keyed hash function when producing Digest credentials;
- and said server comprising a function, in response to said server, to use at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
- View Dependent Claims (10, 11, 12, 13, 14)
-
15. A wireless communications system comprising functionality to authenticate User Equipment using a Digest Authentication and Key Agreement (AKA) authentication procedure, comprising in a server a function to direct the User Equipment to employ a HMAC-MD5 keyed hash function when producing Digest credentials;
- and said User Equipment, responsive to said server, using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
- View Dependent Claims (16, 17)
- 18. In a wireless communications system comprising a server and user equipment and operating to authenticate the user equipment using a Digest Authentication and Key Agreement (AKA) authentication procedure, said server comprising a function to direct the User Equipment to employ a HMAC-MD5 keyed hash function when producing Digest credentials through the use of at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK).
- 21. In a wireless communications system comprising a server and user equipment and operating to authenticate the user equipment using a Digest Authentication and Key Agreement (AKA) authentication procedure, said user equipment comprising a function that is responsive to receipt of a message from the server to employ a HMAC-MD5 keyed hash function when producing Digest credentials through the use of at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK).
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNokia Technologies Oy (Nokia Corporation)
-
Original AssigneeNokia Corporation
-
InventorsNiemi, Aki, Haukka, Tao
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/171
-
CPC Class CodesH04L 63/061 for key exchange, e.g. in p...H04L 63/08 for authentication of entit...H04L 63/0892 by using authentication-aut...H04L 63/14 for detecting or protecting...H04L 63/1466 Active attacks involving in...H04L 63/162 at the data link layerH04L 9/0643 Hash functions, e.g. MD5, S...H04L 9/0844 with user authentication or...H04L 9/3271 using challenge-responseH04W 12/0433 Key management protocolsH04W 12/069 using certificates or pre-s...H04W 12/122 Counter-measures against at...
