Method and apparatus for securely generating application session keys

US 20070101122A1
Filed: 09/25/2006
Published: 05/03/2007
Est. Priority Date: 09/23/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

generating a session key, within a secure module of a communication device, to secure a communication session; and

forwarding the session key to an unsecure module of the communication device, the unsecure module being configured to execute an application that uses the session key to establish the communication session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for securely generating application session keys within a secure module of a user terminal. The secure module includes a secure memory and a secure processor configured to perform session key generation. The secure module is configured to send the session keys to a mobile equipment.

165 Citations

27 Claims

1. A method comprising:
- generating a session key, within a secure module of a communication device, to secure a communication session; and
  
  forwarding the session key to an unsecure module of the communication device, the unsecure module being configured to execute an application that uses the session key to establish the communication session.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, further comprising:
    - receiving a request from the application within the unsecure module for the session key, the request specifying an application identification number, a secret, and a plurality of random numbers for use in generating the session key.
  - 3. A method according to claim 2, wherein the session key is generated according to a Transport Layer Security (TLS)/Pre-Shared Key procedure.
  - 4. A method according to claim 3, wherein the secure module is a User Identity Module (UIM), and the unsecure module is a Mobile Equipment (ME).
  - 5. A method according to claim 3, wherein the secure module resides in a first device, and the unsecure module resides in a second device.
  - 6. A method according to claim 3, wherein the communication session is established over a communication network that is either a spread spectrum cellular network or a wireless local area network.

7. An apparatus comprising:
- a secure processor configured to generate a session key to secure a communication session, wherein the session key is forwarded to an unsecure module, the unsecure module being configured to execute an application that uses the session key to establish the communication session.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. An apparatus according to claim 7, wherein the secure processor is further configured to receive a request from the application within the unsecure module for the session key, the request specifying an application identification number, a secret, and a plurality of random numbers for use in generating the session key.
  - 9. An apparatus according to claim 8, wherein the session key is generated according to a Transport Layer Security (TLS)/Pre-Shared Key procedure.
  - 10. An apparatus according to claim 9, wherein the secure processor resides within a secure module, the secure module being a User Identity Module (UIM), and the unsecure module being a Mobile Equipment (ME).
  - 11. An apparatus according to claim 9, wherein the User Identity Module (UIM) includes a Key Derivation Module (KDM) and a Key Provisioning Module (KPM), the Key Derivation Module being configured to communicate with the application, and the Key Provisioning Module being configured to execute a pre-shared key application for generating a pre-shared key from which the session key is derived.
  - 12. An apparatus according to claim 9, wherein the communication network is either a spread spectrum cellular network or a wireless local area network.

13. An apparatus comprising:
- a secure module configured to generate a session key to secure a communication session; and
  
  an unsecure module configured to receive the session key and to execute an application that uses the session key to establish the communication session.
- View Dependent Claims (14, 15)
- - 14. An apparatus according to claim 13, wherein the unsecure module is further configured to generate a request for the session key, the request specifying an application identification number, a secret, and a plurality of random numbers for use in generating the session key.
  - 15. An apparatus according to claim 13, further comprising:
    - a transceiver configured to receive user input to initiate establishment of the communication session; and
      
      a display configured to display the user input.

16. A method comprising:
- generating a request, by an application resident within an unsecure module of a communication device, for a session key to secure a communication session; and
  
  forwarding the request to a secure module of the communication device, the secure module being configured to generate the session key in response to the request, wherein the application resident within the unsecure module uses the session key to establish the communication session.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A method according to claim 16, wherein the request specifies an application identification number, a secret, and a plurality of random numbers for use in generating the session key.
  - 18. A method according to claim 16, wherein the session key is generated according to a Transport Layer Security (TLS)/Pre-Shared Key procedure.
  - 19. A method according to claim 16, wherein the secure module is a User Identity Module (UIM), and the unsecure module is a Mobile Equipment (ME).
  - 20. A method according to claim 16, wherein the communication session is established over a communication network that is either a spread spectrum cellular network or a wireless local area network.

21. An apparatus comprising:
- a non-secure processor configured to run an application to generate a request for a session key to secure a communication session, wherein the request is forwarded to a secure module that is configured to generate the session key in response to the request, wherein the application uses the session key to establish the communication session.
- View Dependent Claims (22, 23, 24, 25)
- - 22. An apparatus according to claim 21, wherein the request specifies an application identification number, a secret, and a plurality of random numbers for use in generating the session key.
  - 23. An apparatus according to claim 21, wherein the session key is generated according to a Transport Layer Security (TLS)/Pre-Shared Key procedure.
  - 24. An apparatus according to claim 21, wherein the secure module is a User Identity Module (UIM), and the unsecure module is a Mobile Equipment (ME).
  - 25. An apparatus according to claim 21, wherein the communication session is established over a communication network that is either a spread spectrum cellular network or a wireless local area network.

26. An apparatus comprising:
- means for securely generating a session key to provide security for a communication session; and
  
  means for forwarding the session key to an unsecure module that is configured to execute an application that uses the session key to establish the communication session.
- View Dependent Claims (27)
- - 27. An apparatus according to claim 26, further comprising:
    - means for receiving a request from the application for the session key, the request specifying an application identification number, a secret, and a plurality of random numbers for use in generating the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Guo, Yile

Application Number

US11/526,386
Publication Number

US 20070101122A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/166   at the transport layer

H04L 9/0844   with user authentication or...

Method and apparatus for securely generating application session keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

165 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securely generating application session keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links