Authentication in communications networks
First Claim
1. A method of authenticating a user equipment in a communications network, the method comprising:
- sending a message from a network entity to the user equipment including a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity said options including a “
shared key”
-based authentication procedure;
selecting an option from the set and in the event that the “
shared-key”
-based authentication procedure is selected, generating a shared secret from a security key established in a generic bootstrapping architecture (GBA) over a second interface between the user equipment and a bootstrapping service function; and
using the shared secret to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.
52 Citations
26 Claims
-
1. A method of authenticating a user equipment in a communications network, the method comprising:
-
sending a message from a network entity to the user equipment including a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity said options including a “
shared key”
-based authentication procedure;
selecting an option from the set and in the event that the “
shared-key”
-based authentication procedure is selected, generating a shared secret from a security key established in a generic bootstrapping architecture (GBA) over a second interface between the user equipment and a bootstrapping service function; and
using the shared secret to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network entity for use in a communications network comprising:
-
means for establishing an internet protocol communication with a user equipment over an interface;
means for accessing a shared secret to be used in a key-based authentication procedure for authenticating communication with the user equipment, said shared secret having been established in a generic bootstrapping architecture (GBA);
means for dispatching a message to a user equipment including a set of options for the key-based authentication procedure, the set of options including at least the option of using the shared secret derived from GBA in the “
shared-key”
-based authentication procedure; and
means operable when the “
shared-key”
-based authentication procedure is selected for validating an authorisation payload received from the user equipment over the interface and computed using the shared secret. - View Dependent Claims (19, 20)
-
-
21. A user equipment for using a communications network comprising:
-
means for establishing a communication channel with a network entity in the communications network;
means for receiving a message which includes a set of options for the authentication procedure, the set of options including at least the option of using the shared secret derived from GBA in the “
shared-key”
-based authentication procedure for authenticating communication over the channel;
means for selecting one of the set of options;
means operable when the “
shared-key”
-based authentication procedure is selected for using a security key derived from a generic bootstrapping architecture to generate the shared secret;
means for computing an authentication payload for transmission to a network entity using the shared secret; and
means for transmitting the payload in a message over the channel according to an internet protocol. - View Dependent Claims (22, 23)
-
-
24. A method of authenticating a user equipment in a communications network, the method comprising:
-
establishing a security key in a generic bootstrapping architecture (GBA) over a first interface between the user equipment and a bootstrapping service function;
generating a shared secret from the security key;
sending a message from a network entity to the user equipment including notification that the shared secret is to be used in a key-based authentication procedure for authenticating an internet protocol communication over a second interface between the user equipment and the network entity; and
using the shared secret to compute and verify an authentication payload in the key-based authentication procedure for the communication over the second interface.
-
-
25. A network entity for use in a communications network comprising:
-
means for establishing an internet protocol communication with a user equipment over an interface;
means for accessing a shared secret to be used in a key-based authentication procedure for authenticating communication with the user equipment, said shared secret having been established in a generic bootstrapping architecture (GBA);
means for dispatching a message to a user equipment including a notification that the shared secret is to be used in the key-based authentication procedure; and
means for validating an authorisation payload received from the user equipment over the interface and computed using the shared secret.
-
-
26. A user equipment for using a communications network comprising:
-
means for establishing a communication channel with a network entity in the communications network;
means for receiving a message which includes a notification that a shared secret is to be used in a key-based authentication procedure for authenticating communication over the channel;
means for using a security key derived from a generic bootstrapping architecture to generate the shared secret;
means for computing an authentication payload for transmission to a network entity using the shared secret; and
means for transmitting the payload in a message over the channel according to an internet protocol.
-
Specification