Method for Securing an Authentication and Key Agreement Protocol
First Claim
1. An authentication method in a network including a secure server, an authentication server, and at least a terminal (HT) which hosts an personal token (SE) said authentication method comprising;
- a. in the secure server, performing a calculation on the basis of a random (RAND) and a secret key thereby producing derived key material (Ck, Ik);
b. sending said derived key material (Ck, Ik) together with said random and together with additional data (AUTN, XRES, MAC, SQN, Ak, AMF) from the secure server (SS) to the authentication server (AS);
c. in said authentication server, modifying at least part of said additional data (MAC*, SQN*) by means of at least part of said derived key material (Ck, Ik);
d. sending said additional data (AUTN, AUTN*, XRES, MAC, SQN, Ak, AMF, Mac*, SQN*) and said random (RAND) through the hosting terminal to said personal token;
e. in the personal token, performing a calculation based on the received random (RAND) for re-computing said at least part of said derived key material (Ck, Ik) as used in the authentication server for modifying said part of the additional data;
f. in the token, using said re-computed at least part of the derived key material for interpreting the modified part of the received additional data.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention concerns a personal token for a terminal in a communication network including an authentication server and a secure server producing derived key material on the basis of a random and a secret key (K), said personal token including program instructions for re-computing the derived key material (Ck, Ik) on the basis of the received random and the secret key (K) as stored in the personal token, characterized in that the personal token includes program instructions for using a re-computed part of the derived key material in order to interpret the received additional data.
-
Citations
31 Claims
-
1. An authentication method in a network including a secure server, an authentication server, and at least a terminal (HT) which hosts an personal token (SE) said authentication method comprising;
-
a. in the secure server, performing a calculation on the basis of a random (RAND) and a secret key thereby producing derived key material (Ck, Ik);
b. sending said derived key material (Ck, Ik) together with said random and together with additional data (AUTN, XRES, MAC, SQN, Ak, AMF) from the secure server (SS) to the authentication server (AS);
c. in said authentication server, modifying at least part of said additional data (MAC*, SQN*) by means of at least part of said derived key material (Ck, Ik);
d. sending said additional data (AUTN, AUTN*, XRES, MAC, SQN, Ak, AMF, Mac*, SQN*) and said random (RAND) through the hosting terminal to said personal token;
e. in the personal token, performing a calculation based on the received random (RAND) for re-computing said at least part of said derived key material (Ck, Ik) as used in the authentication server for modifying said part of the additional data;
f. in the token, using said re-computed at least part of the derived key material for interpreting the modified part of the received additional data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An authentication method in a network including a secure server, an authentication server, and at least a terminal which hosts a personal token said authentication method comprising the following steps:
-
a. in the secure server, performing a calculation on the basis of a random (RAND) and a secret key for producing derived key material (Ck, Ik);
b. sending said derived key material (Ck, Ik) together with said random and together with additional data (AUTN, XRES, MAC, SQN, Ak, AMF) from the secure server (SS) to the authentication server (AS);
b′
. in said authentication server, using a data basis of the personal tokens in the network for determining whether the token to be authenticated is a first type personal token or a second type personal tokenin the case the token is a first type personal token;
c1. modifying at least part of said additional data (MAC*, SQN*) by means of at least part of said derived key material (Ck, Ik), d1. sending said additional data (AUTN, AUTN*, XRES, MAC, SQN, Ak, AMF, Mac*, SQN*) and said random (RAND) through the hosting terminal to said personal token. e1. in the personal token, re-computing said at least part of said derived key material (Ck, Ik) on the basis of the received RAND and the secret key K;
f1. in the token, using said re-computed at least part of the derived key material for interpreting the modified part of the received additional data; and
g1. maintaining in the token said re-computed part of the derived key material;
in the case the token is a second type personal token;
c2. sending said additional data (AUTN, AUTN*, XRES, MAC, SQN, Ak, AMF, Mac*, SQN*) and said random (RAND) through the hosting terminal to said personal token without performing said modification based on said part of the derived key material. d2. in the personal token, re-computing said at least part of said derived key material (Ck, Ik) on the basis of the received RAND and the secret key K and transmitting from the personal token to the terminal said at least part of the derived key material.
-
- 17. A personal token for a terminal in a communication network including an authentication server and a secure server producing derived key material on the basis of a random and a secret key (K), said personal token including program instructions for re-computing the derived key material (Ck, Ik) on the basis of the received random and the secret key (K) as stored in the personal token, wherein the personal token includes program instructions for using a re-computed part of the derived key material in order to interpret the received additional data.
-
30. An authentication server in a communication network, which authenticates terminals each of which terminals hosts an personal token, said authentication server comprising the following:
-
a. receiving from a secure server a random, derived key material (Ck, Ik) produced on the basis of said random and additional data (AUTN, XRES, MAC, SQN, Ak, AMF);
b. modifying at least part of said additional data (MAC*, SQN*) by means of at least part of said derived key material (Ck, Ik); and
c. sending said additional data (AUTN, AUTN*, XRES, MAC, SQN, Ak, AMF, Mac*, SQN*) and said random (RAND) through a terminal to the personal token hosted in a terminal.
-
-
31. A computer program for an authentication server in a communication network, which server authenticates terminals in the network each of which terminals hosts an personal token, said computer program including program instructions for executing the following steps:
-
a. receiving from a secure server a random, derived key material (Ck, Ik) produced on the basis of said random and additional data (AUTN, XRES, MAC, SQN, Ak, AMF);
b. modifying at least part of said additional data (MAC*, SQN*) by means of at least part of said derived key material (Ck, Ik); and
c. sending said additional data (AUTN, AUTN*, XRES, MAC, SQN, Ak, AMF, Mac*, SQN*) and said random (RAND) through a terminal to the personal token hosted in the terminal.
-
Specification