Re-authentication system and method in communication system

US 20070112967A1
Filed: 08/11/2006
Published: 05/17/2007
Est. Priority Date: 11/14/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for performing re-authentication in a communication system, the method comprising the steps of:

transmitting, from a user Authorization, Authentication and Accounting (AAA-U) server to a device Authorization, Authentication and Accounting (AAA-D) server, a user Master Session Key (MSK_U) which is generated by performing user re-authentication for a mobile station (MS) according to a twice Extensible Authentication Protocol (EAP-in-EAP) scheme;

generating a new MSK_U (MSK_U1), in the AAA-D server by using the MSK_U and a device Master Session Key (MSK_D) having been generated at initial device authentication for the MS, and then transmitting the MSK_U1 from the AAA-D server to a BS;

generating a Pairwise Master Key (PMK) in the base station (BS) by using the MSK_U1; and

generating an Authorization Key (AK) in the MS and the BS by using the PMK.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are a system and a method for performing re-authentication in a communication system. A user Authorization, Authentication and Accounting server transmits a user Master Session Key (MSK_U), which is generated by performing user re-authentication for a mobile station (MS) according to a twice Extensible Authentication Protocol scheme, to a device Authorization, Authentication and Accounting server that generates a new user Master Session Key (MSK_U1) by using the MSK_U and a device Master Session Key generated at initial device authentication for the MS. A base station (BS) generates a Pairwise Master Key (PMK) by using the MSK_U1, and the MS and BS generate an authorization key by using the PMK.

35 Citations

View as Search Results

20 Claims

1. A method for performing re-authentication in a communication system, the method comprising the steps of:
- transmitting, from a user Authorization, Authentication and Accounting (AAA-U) server to a device Authorization, Authentication and Accounting (AAA-D) server, a user Master Session Key (MSK_U) which is generated by performing user re-authentication for a mobile station (MS) according to a twice Extensible Authentication Protocol (EAP-in-EAP) scheme;
  
  generating a new MSK_U (MSK_U1), in the AAA-D server by using the MSK_U and a device Master Session Key (MSK_D) having been generated at initial device authentication for the MS, and then transmitting the MSK_U1 from the AAA-D server to a BS;
  
  generating a Pairwise Master Key (PMK) in the base station (BS) by using the MSK_U1; and
  
  generating an Authorization Key (AK) in the MS and the BS by using the PMK.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as claimed in claim 1, wherein the MSK_U1 is generated by combining the MSK_U and the MSK_D.
  - 3. The method as claimed in claim 1, wherein the MSK_U1 is generated by a Key Derivation Function(KDF) given in the following equation as
    MSK_—
    - U1=KDF(MSK_—D, MSK_—U|‘
      
      CombinedMSK’
      
      ) where the KDF function generates the MSK_U1 by combining the MSK_U and the MSK_D.
  - 4. The method as claimed in claim 1, wherein the AK is generated using the PMK and a parameter for concatenation of an identifier of the MS and an identifier of the BS.
  - 5. The method as claimed in claim 1, wherein the AK is generated by a Dot16KDF function given in the following equation as
    AK=Dot16KDF(PMK,MSID|BSID|‘
    - AK’
      
      ,160) where MSID denotes an identifier of the MS, BSID denotes an identifier of the BS, ‘
      
      AK’
      
      represents that a key generated by the Dot16KDF function is an AK, numeral 160 represents that an AK generated by the Dot16KDF function has a length of 160 bits, and the Dot16KDF function generates an AK having a length of 160 bits by using the PMK and a parameter for concatenation of the MSID and the BSID.

6. A system for performing re-authentication in a communication system, the system for performing re-authentication comprising:
- a user Authorization, Authentication and Accounting (AAA-U) server for transmitting a user Master Session Key (MSK_U), which is generated by performing user re-authentication for a mobile station (MS) according to a twice Extensible Authentication Protocol (EAP-in-EAP) scheme, to a device Authorization, Authentication and Accounting (AAA-D) server;
  
  the AAA-D server for generating a new MSK_U (MSK_U1) by using the MSK_U and a device Master Session Key (MSK_D) having been generated at initial device authentication for the MS, and then transmitting the MSK_U1 to a base station (BS);
  
  the BS for generating a Pairwise Master Key (PMK) by using the MSK_U1, and generating an Authorization Key (AK) by using the PMK; and
  
  the MS for generating the AK by using the PMK.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The system for performing re-authentication as claimed in claim 6, wherein the AAA-D server generates the MSK_U1 by combining the MSK_U and the MSK_D.
  - 8. The system for performing re-authentication as claimed in claim 6, wherein the AAA-D server generates the MSK_U1 by a Key Derivation Function (KDF) given in the following equation as,
    MSK _—
    - U1=KDF(MSK_—D, MSK_—U|‘
      
      CombinedMSK’
      
      ) where the KDF function generates the MSK_U1 by combining the MSK_U and the MSK_D.
  - 9. The system for performing re-authentication as claimed in claim 6, wherein the BS generates the AK by using the PMK and a parameter for concatenation of an identifier of the MS and an identifier of the BS.
  - 10. The system for performing re-authentication as claimed in claim 6, wherein the MS generates the AK by using the PMK and a parameter for concatenation of an identifier of the MS and an identifier of the BS.
  - 11. The system for performing re-authentication as claimed in claim 6, wherein the BS generates the AK by a Dot16KDF function given in the following equation as,
    AK=Dot16KDF(PMK,MSID|BSID|‘
    - AK’
      
      ,160) where MSID denotes an identifier of the MS, BSID denotes an identifier of the BS, ‘
      
      AK’
      
      represents that a key generated by the Dot16KDF function is the AK, numeral 160 represents that the AK generated by the Dot16KDF function has a length of 160 bits, and the Dot16KDF function generates the AK having a length of 160 bits by using the PMK and a parameter for concatenation of the MSID and the BSID.
  - 12. The system for performing re-authentication as claimed in claim 6, wherein the MS generates the AK by a Dot16KDF function as given in a following equation,
    AK=Dot16KDF(PMK,MSID|BSID|‘
    - AK’
      
      ,160) where MSID denotes an identifier of the MS, BSID denotes an identifier of the BS, ‘
      
      AK’
      
      represents that a key generated by the Dot16KDF function is the AK, numeral 160 represents that the AK generated by the Dot16KDF function has a length of 160 bits, and the Dot16KDF function generates the AK having a length of 160 bits by using the PMK and a parameter for concatenation of the MSID and the BSID.

13. A method for performing re-authentication in a communication system, the method comprising the steps of:
- receiving a user Master Session Key (MSK_U), which is generated by performing user re-authentication for a mobile station (MS) according to a twice Extensible Authentication Protocol (EAP-in-EAP) scheme, from a user Authorization, Authentication and Accounting (AAA-U) server; and
  
  generating a new MSK_U (MSK_U1) by using the MSK_U and a device Master Session Key (MSK_D) having been generated at initial device authentication for the MS, transmitting the MSK_U1 to a base station (BS), and controlling the BS to generate a Pairwise Master Key (PMK) by using the MSK_U1.
- View Dependent Claims (14, 15)
- - 14. The method as claimed in claim 13, wherein the MSK_U1 is generated by combining the MSK_U and the MSK_D.
  - 15. The method as claimed in claim 13, wherein the MSK_U1 is generated by a Key Derivation Function (KDF) given in the following equation as,
    MSK_—
    - U1=KDF(MSK _—D, MSK_—U|‘
      
      CombinedMSK’
      
      ) where the KDF function generates the MSK_U1 by combining the MSK_U and the MSK_D.

16. A method for performing re-authentication in a -communication system, the method comprising the steps of:
- receiving a user Master Session Key (MSK_U) and a new MSK_U (MSK_U1), which is generated by using a device Master Session Key (MSK_D) having been generated at initial device authentication for a mobile station (MS), from a device Authorization, Authentication and Accounting (AAA-D) server;
  
  generating a Pairwise Master Key (PMK) by using the MSK_U1; and
  
  generating an Authorization Key (AK) by using the PMK, wherein a user Authorization, Authentication and Accounting (AAA-U) server generates the MSK_U by performing user re-authentication for the MS according to a twice Extensible Authentication Protocol (EAP-in-EAP) scheme.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as claimed in claim 16, wherein the MSK_U1 is generated by combining the MSK_U and the MSK_D.
  - 18. The method as claimed in claim 16, wherein the MSK_U1 is generated by a Key Derivation Function (KDF) given in the following equation as,
    MSK_—
    - U1=KDF(MSK_—D, MSK _—U|‘
      
      CombinedMSK’
      
      ) where the KDF function generates the MSK_U1 by combining the MSK_U and the MSK_D.
  - 19. The method as claimed in claim 16, wherein the AK is generated by using the PMK and a parameter for concatenation of an identifier of the MS and an identifier of the BS.
  - 20. The method as claimed in claim 16, wherein the AK is generated by a Dot16KDF function given in the following equation as,
    AK=Dot16KDF(PMK, MSID|BSID|‘
    - AK’
      
      ,160) where MSID denotes an identifier of the MS, BSID denotes an identifier of the BS, ‘
      
      AK’
      
      represents that a key generated by the Dot16KDF function is the AK, numeral 160 represents that the AK generated by the Dot16KDF function has a length of 160 bits, and the Dot16KDF function generates the AK having a length of 160 bits by using the PMK and a parameter for concatenation of the MSID and the BSID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Song, Jun-Hyuk, Lee, Ji-Cheol, Alper, Emin

Application Number

US11/503,011
Publication Number

US 20070112967A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/162   at the data link layer

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/71   Hardware identity

H04W 84/12   WLAN [Wireless Local Area N...

Re-authentication system and method in communication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Re-authentication system and method in communication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links