Security level establishment under generic bootstrapping architecture

US 20070240205A1
Filed: 03/23/2007
Published: 10/11/2007
Est. Priority Date: 03/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;

returning a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information; and

establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security level establishment for an application in a terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms, the terminal equipment comprising a credential establishment entity and an application entity, comprising a request for a credential for the application from the application entity to the credential establishment entity and a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information.

32 Citations

View as Search Results

40 Claims

1. A method comprising:
- sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  returning a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, further comprising:
    - determining, at the application entity, a security level of the returned credential based on the credential quality information.
  - 3. The method according to claim 2, further comprising:
    - comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application.
  - 4. The method according to claim 1, further comprising:
    - notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 5. The method according to claim 1, wherein the credential quality information comprises a type of bootstrapping mechanism on the basis of which the requested credential is generated.
  - 6. The method according to claim 5, wherein the type of bootstrapping mechanism is one of the following:
    - subscriber identity module based type;
      
      universal subscriber identity module based type;
      
      Internet protocol multimedia services subscriber identity module based type;
      
      cellular authentication and voice encryption based type;
      
      point-to-point challenge handshake authentication protocol based type;
      
      removable user identity module based type;
      
      or digital certificate based type.
  - 7. The method according to claim 1, wherein the credential quality information comprises credential deletion information defining at least one condition under which the requested credential is to be deleted at the application entity.
  - 8. The method according to claim 7, wherein the credential deletion information defines as a condition at least one of the following:
    - removing a smartcard from the terminal equipment;
      
      powering-down the terminal device;
      
      or revocation of credentials.
  - 9. The method according to claim 7, further comprising:
    - pushing a credential deletion notice from the credential establishment entity to the application entity that the condition is fulfilled; and
      
      deleting the returned credential from the application entity upon receipt of the credential deletion notice.
  - 10. The method according to claim 1, further comprising:
    - pushing, from the credential establishment entity to the application entity, a credential deletion command for deleting a credential at the application entity; and
      
      deleting the credential from the application entity upon receipt of the credential deletion command, wherein the credential deletion command is pushed when a predetermined condition is fulfilled at the credential establishment entity.
  - 11. The method according to claim 1, wherein the credential establishment entity is a generic authentication architecture server and the application entity is a generic authentication architecture client.
  - 12. The method according to claim 1, wherein the terminal equipment is based on an open platform environment.
  - 13. The method according to claim 12, wherein the credential establishment entity comprises a generic bootstrapping architecture application programming interface.

14. A method of operating an application entity in a terminal equipment, the method comprising:
- sending a request for a credential for an application in the terminal equipment from the application entity to a credential establishment entity of the terminal equipment;
  
  receiving, from the credential establishment entity a response which comprises the requested credential and credential quality information; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method according to claim 14, further comprising:
    - determining a security level of the received credential based on the credential quality information.
  - 16. The method according to claim 15, further comprising:
    - comparing the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application.
  - 17. The method according to claim 14, further comprising:
    - notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 18. The method according to claim 14, further comprising:
    - deleting the returned credential from the application entity, when a predetermined condition is fulfilled.
  - 19. The method according to claim 14, wherein the application entity is a generic authentication architecture client.

20. A method of operating a credential establishment entity in a terminal equipment, the method comprising:
- receiving, from an application entity of the terminal equipment, a request for a credential for an application of the terminal equipment;
  
  acquiring the required credential and credential quality information associated thereto;
  
  returning a response to the application entity, wherein the response comprises the acquired credential and credential quality information; and
  
  establishing a security level for the application under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (21, 22)
- - 21. The method according to claim 20, wherein the credential establishment entity is a generic authentication architecture server.
  - 22. The method according to claim 20, wherein the credential establishment entity comprises a generic bootstrapping architecture application programming interface.

23. A computer program embodied on a computer-readable medium comprising program code configured to perform a security level establishment for an application in a terminal equipment, the computer program being configured to perform:
- sending a request for a credential for the application from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  returning a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information; and
  
  establishing a security level for the application under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

24. A computer program embodied in a computer-readable medium comprising program code configured to operate an application entity in a terminal equipment the computer program being configured to perform:
- sending a request for a credential for an application in the terminal equipment from the application entity to a credential establishment entity of the terminal equipment;
  
  receiving, from the credential establishment entity a response which comprises the requested credential and credential quality information; and
  
  establishing a security level for the application under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

25. A computer program embodied in a computer-readable medium comprising program code configured to operate a credential establishment entity in a terminal equipment, the computer program being configured to perform:
- receiving, from an application entity of the terminal equipment, a request for a credential for an application in the terminal equipment;
  
  acquiring the required credential and credential quality information associated thereto;
  
  returning a response to the application entity, wherein the response comprises the acquired credential and credential quality information; and
  
  establishing a security level for the application under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

26. A system comprising:
- means for sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  means for returning a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information; and
  
  means for establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The system according to claim 26, further comprising:
    - means for determining, at the application entity, a security level of the returned credential based on the credential quality information.
  - 28. The system according to claim 27, further comprising:
    - means for comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity is configured to refrain from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application.
  - 29. The system according to claim 26, further comprising:
    - means for notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 30. The system according to claim 26, further comprising:
    - means for deleting the returned credential from the application entity, when a predetermined condition is fulfilled.
  - 31. The system according to claim 26, wherein the credential establishment entity is a generic authentication architecture server and the application entity is a generic authentication architecture client.
  - 32. The system according to claim 26, wherein the terminal equipment is based on an open platform environment.
  - 33. The system according to claim 26, wherein the terminal equipment is based on a closed platform environment.
  - 34. The system according to claim 32, wherein the credential establishment entity comprises a generic bootstrapping architecture application programming interface.

35. An apparatus, comprising:
- means for sending a request for a credential for an application of a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  means for returning a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information; and
  
  means for establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The apparatus according to claim 35, further comprising:
    - means for determining, at the application entity, a security level of the returned credential based on the credential quality information.
  - 37. The apparatus according to claim 36, further comprising:
    - means for comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity is configured to refrain from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application.
  - 38. The apparatus according to claim 35, further comprising:
    - means for notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 39. The apparatus according to claim 35, further comprising:
    - means for deleting the returned credential from the application entity, when a predetermined condition is fulfilled.
  - 40. The apparatus according to claim 35, wherein the apparatus comprises a terminal equipment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Laitinen, Pekka, Holtmanns, Silke

Granted Patent

US 8,037,522 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

H04W 12/033   of the user plane, e.g. use...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Security level establishment under generic bootstrapping architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Security level establishment under generic bootstrapping architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links