Method for refreshing a pairwise master key

US 20070005972A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method of communication involving a supplicant, an authenticator, and an authentication server having an established security association based on a first key, the supplicant and the authenticator having an established security association based on a second key, comprising:

modifying the second key using the first key in response to determining if a challenge response from the supplicant is valid.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method for communication involving a supplicant, an authenticator, and an authentication server having an established security association based on a first key. The supplicant and the authenticator also have an established security association based on a second key. The method may include modifying the second key using the first key in response to determining that a challenge response from the supplicant is valid.

Citations

19 Claims

1. A method of communication involving a supplicant, an authenticator, and an authentication server having an established security association based on a first key, the supplicant and the authenticator having an established security association based on a second key, comprising:
- modifying the second key using the first key in response to determining if a challenge response from the supplicant is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising:
    - providing a challenge to the supplicant;
      
      receiving the challenge response from the supplicant; and
      
      determining whether the challenge response is valid.
  - 3. The method of claim 2, wherein providing the challenge comprises providing a random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 4. The method of claim 3, wherein receiving the challenge response comprises receiving a first message authentication code determined using the first key, the random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 5. The method of claim 4, wherein determining that the challenge response is valid comprises validating the first message authentication code.
  - 6. The method of claim 5, comprising generating a second message authentication code using the first key, the random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 7. The method of claim 6, comprising providing the second message authentication code to the supplicant.
  - 8. The method of claim 7, wherein modifying the second key comprises determining the second key using a hash function of the first key, the random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 9. The method of claim 1, comprising:
    - receiving a challenge from the supplicant;
      
      providing a challenge response to the supplicant; and
      
      receiving an indication that the challenge response was validated by the supplicant.
  - 10. The method of claim 1, comprising determining at least one third key based upon the modified second key.

11. A method of communication involving a supplicant, an authenticator, and an authentication server having an established security association based on a first key, the supplicant and the authenticator having an established security association based on a second key, comprising:
- modifying the second key using the first key in response to determining if a first challenge response from the authenticator is valid.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, comprising:
    - receiving a challenge from the authenticator;
      
      providing a second challenge response to the authenticator;
      
      receiving the first challenge response from the authenticator in response to providing the second challenge response; and
      
      determining whether the first challenge response is valid.
  - 13. The method of claim 12, wherein receiving the challenge comprises receiving a random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 14. The method of claim 13, wherein receiving the first challenge response comprises receiving a first message authentication code determined using the first key, a random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 15. The method of claim 14, wherein determining that the first challenge response is valid comprises validating the first message authentication code.
  - 16. The method of claim 15, wherein providing the second challenge response comprises generating a second message authentication code using the first key, a random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 17. The method of claim 16, wherein providing the second challenge response comprises providing the second message authentication code.
  - 18. The method of claim 17, wherein modifying the second key comprises determining the second key using a hash function of the first key, a random number generated by the authenticator, and at least one of a random number, a counter, and a nonce generated by the supplicant, the nonce comprising at least one of a random number and a counter.
  - 19. The method of claim 11, comprising determining at least one third key based upon the modified second key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Mizikovsky, Semyon, Rance, Robert

Granted Patent

US 7,596,225 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/068   using time-dependent keys, ...

H04L 63/0869   for achieving mutual authen...

H04L 9/0891   Revocation or update of sec...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Method for refreshing a pairwise master key

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method for refreshing a pairwise master key

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links