Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
First Claim
Patent Images
1. A method to discourage a MITM attacker in a data communications system that includes a client and a server, comprising:
- directing the client to use a HMAC-MD5 keyed hash function when producing Digest credentials; and
using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method and system to discourage a MITM attacker in a data communications system that includes client and a server. The method includes, in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an “algorithm” field to ‘algorithm=“AKAv1-HMAC-MD5”’ for directing the client to use the HMAC-MD5 keyed hash function when producing Digest credentials; and using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
84 Citations
23 Claims
-
1. A method to discourage a MITM attacker in a data communications system that includes a client and a server, comprising:
-
directing the client to use a HMAC-MD5 keyed hash function when producing Digest credentials; and
using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method to discourage a MITM attacker in a data communications system that includes client and a server, comprising:
in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an algorithm field to indicate an algorithm=“
AKAv2-HMAC-MD5”
or “
AKAv1-HMAC-MD5”
, where in AKAv2 a value A1′
is defined as follows;
Let A1′
=K∥
opad∥
MD5(K∥
ipad∥
A1),so that A1′
is the contents of the HMAC part, and the result is;
where K is composed of an AKA Integrity Key (IK), an AKA Cipher Key (CK), a concatenation of IK and CK, or a cryptographic combination of IK and CK.
-
8. A method to discourage a MITM attacker in a data communications system that includes client and a server, comprising:
in a Digest Authentication and Key Agreement (AKA) challenge sent to the client from the server, setting an algorithm field to indicate an algorithm=“
AKAv2-HMAC-MD5”
, where a value A1′
is defined as follows;
Let A1′
=K∥
opad∥
MD5(K∥
ipad∥
A1),so that A1′
is the contents of the HMAC part, and the result is;
where K is composed of one of an AKA Integrity Key (IK), an AKA Cipher Key (CK), a concatenation of IK and CK, or a cryptographic combination of IK and CK.
-
9. A data communications system that includes a client and a server, comprising in said server a function to direct the client to use a HMAC-MD5 keyed hash function when producing Digest credentials;
- and said server comprising a function, in response to said server, to use at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
- View Dependent Claims (10, 11, 12, 13, 14)
-
15. A wireless communications system comprising functionality to authenticate User Equipment using a Digest Authentication and Key Agreement (AKA) authentication procedure, comprising in a server a function to direct the User Equipment to employ a HMAC-MD5 keyed hash function when producing Digest credentials;
- and said User Equipment, responsive to said server, using at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK) in the keyed hash function.
- View Dependent Claims (16, 17)
- 18. In a wireless communications system comprising a server and user equipment and operating to authenticate the user equipment using a Digest Authentication and Key Agreement (AKA) authentication procedure, said server comprising a function to direct the User Equipment to employ a HMAC-MD5 keyed hash function when producing Digest credentials through the use of at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK).
- 21. In a wireless communications system comprising a server and user equipment and operating to authenticate the user equipment using a Digest Authentication and Key Agreement (AKA) authentication procedure, said user equipment comprising a function that is responsive to receipt of a message from the server to employ a HMAC-MD5 keyed hash function when producing Digest credentials through the use of at least one of an AKA Integrity Key (IK) or an AKA Cipher Key (CK).
Specification