Method and apparatus for providing bootstrapping procedures in a communication network
First Claim
1. A method for authenticating comprising:
- establishing a key with a terminal in a communication network according to a key agreement protocol, wherein the terminal is configured to operate using spread spectrum;
tying the agreed key to an authentication procedure to provide a security association that supports reuse of the key; and
generating a master key based on the agreed key.
2 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
81 Citations
57 Claims
-
1. A method for authenticating comprising:
-
establishing a key with a terminal in a communication network according to a key agreement protocol, wherein the terminal is configured to operate using spread spectrum;
tying the agreed key to an authentication procedure to provide a security association that supports reuse of the key; and
generating a master key based on the agreed key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for authenticating comprising:
-
establishing a shared key with a network element in a communication network according to a key agreement protocol, wherein the network element is configured to tie the agreed key to an authentication procedure to provide a security association that supports reuse of the key; and
generating a master key based on the agreed key. - View Dependent Claims (9, 10, 11, 12)
-
-
13. An apparatus for authenticating comprising:
an authentication module configured to establish a shared key with a network element in a communication network according to a key agreement protocol, wherein the network element is configured to tie the agreed key to an authentication procedure to provide a security association that supports reuse of the key, the authentication module being further configured to generate a master key based on the agreed key. - View Dependent Claims (14, 15, 16, 17, 18)
-
19. A method for authenticating comprising:
-
generating a message for authenticating communication with a network element configured to perform bootstrapping;
setting a password field of the message to a function of a secret key; and
specifying key establishment information within a payload of the message, wherein the message is transmitted according to a transport protocol for accessing information over a data network. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method for authenticating comprising:
-
receiving a message from a terminal, according to a transport protocol for accessing information over a data network, requesting authentication, wherein the message includes a password field that is a function of a secret key and a payload containing key establishment information specifying parameters for determining another secret key; and
generating a master key based on the secret keys. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. An apparatus for authenticating comprising:
an authentication module configured to generate a message for authenticating communication with a network element configured to perform bootstrapping, and to set a password field of the message to be a function of a secret key, the message having a payload that includes new key establishment information, wherein the message is transmitted according to a transport protocol for accessing information over a data network. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
-
39. A method for authenticating comprising:
-
receiving an authentication request specifying a user identity from a terminal;
forwarding the user identity to a location register configured to generate based on the user identity, cryptographic parameters including a random secret data, and a secret data generated from the random secret data according to a cryptographic algorithm;
receiving the generated cryptographic parameters from the location register;
generating an authentication vector by converting the cryptographic parameters to key parameters including an authenticating token and an authentication response;
transmitting the authenticating token to a terminal configured to output the authentication response;
validating an authentication response from the terminal using the authentication response from the authentication vector; and
generating a master key based on the key parameters. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. A method for authenticating comprising:
-
generating an authentication request specifying a user identity;
transmitting the authentication request to a network element configured to provide bootstrapping, wherein the network element forwards the user identity to a location register configured to generate, based on the user identity, cryptographic parameters including a random secret data, and a secret data generated from the random secret data according to a cryptographic algorithm, wherein the network element generates an authentication vector by converting the cryptographic parameters to key parameters including an authenticating token and an authentication response;
receiving the authenticating token from the network element;
outputting the authentication response based on the authenticating token;
determining a digest response using the authentication response;
transmitting the digest response to the network element for validation; and
generating a master key based on the key parameters. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. An apparatus for authenticating comprising:
-
an authentication module configured to generate an authentication request specifying a user identity; and
a transceiver configured to transmit the authentication request to a network element configured to provide bootstrapping, wherein the network element forwards the user identity to a location register configured to generate, based on the user identity, cryptographic parameters including a random secret data, and a secret data generated from the random secret data according to a cryptographic algorithm, wherein the network element generates an authentication vector by converting the cryptographic parameters to key parameters including an authenticating token and an authentication response, wherein the transceiver is further configured to receive the authenticating token from the network element, and the authentication module is further configured to output the authentication vector based on the authenticating token, to determine a digest response using the authentication response, and to generate a master key based on the key parameters upon validation of the digest response by the network element. - View Dependent Claims (52, 53, 54, 55, 56, 57)
-
Specification