AUTHENTICATION METHOD AND KEY GENERATING METHOD IN WIRELESS PORTABLE INTERNET SYSTEM
First Claim
1. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
- a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node;
b) obtaining one or more basic key for generating an authorization key shared with the second node according to the authentication process;
c) generating the authorization key based on a first node identifier, a second node identifier, and the basic key; and
d) exchanging a security algorithm and SA (security association) information with the second node based on additional authentication process messages including authorization key-related parameter and security-related parameter.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication method and authorization key generation method in a wireless portable Internet system is provided. In a wireless portable Internet system, the base station and the subscriber station share an authorization key when an authentication process is performed according to a predetermined authentication method negotiated therebetween. Particularly, the subscriber station and the base station perform an additional authentication process including an authorization key-related parameter and a security-related parameter and exchanges a security algorithm and SA (Security Association) information. In addition, an authorization key is derived from one or more basic key obtained through various authentication processes as an input key of an authorization key generation algorithm. Therefore, reliability of a security related parameter received from the receiving node can be enhanced and an authorization key having a hierarchical and secure structure can be provided.
82 Citations
41 Claims
-
1. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
-
a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node; b) obtaining one or more basic key for generating an authorization key shared with the second node according to the authentication process; c) generating the authorization key based on a first node identifier, a second node identifier, and the basic key; and d) exchanging a security algorithm and SA (security association) information with the second node based on additional authentication process messages including authorization key-related parameter and security-related parameter. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
2. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
-
a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node; b) obtaining one or more basic keys for generating an authorization key shared between the first and second nodes according to the authentication process; and c) exchanging a security algorithm and SA (Security Association) information with the second node based on additional authentication process messages including the authorization key-related parameter and security-related parameter, the second node, wherein the step c) further comprises generating an authorization key based on the first node identifier, a first random number that the first node randomly generates, the basic key, the second node identifier, and a second random number that the second node randomly generates.
-
-
3. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
-
a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node; b) obtaining an authorization key shared between the first and second nodes according to the authentication process; and c) exchanging a security algorithm and SA (Security Association) information with the second node based on additional authentication process messages including authorization key-related parameter and security-related parameter.
-
-
32. An authorization key generation method when a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authorization key generation method comprising:
-
a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node and obtaining a first basic key for generating an authorization key; b) generating a second basic key from the first basic key; and c) generating the authorization key by performing a key generation algorithm using the second basic key as an input key and using the first node identifier, the second node identifier, and a predetermined string word as input data. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
33. An authorization key generation method when a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authorization key generation method comprising:
-
a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node and obtaining a first basic key for generating an authorization key; b) generating a second basic key from the first basic key; and c) generating the authorization key by performing a key generation algorithm using the second basic key as the input key and using a first node identifier, a first random number that the first node randomly generates, a second node identifier, a second random number that the second node randomly generates, and predetermined string word as the input data.
-
-
39. A message authentication key generation method for generating a message authentication key parameter for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the message authentication key generation method comprising:
-
a) when an authentication process performs an authenticated EAP-based authentication process after an RSA-based authentication process according to an negotiation between the first node and the second node, the first node obtaining a basic key shared with the second nodes through an RSA-based authentication process; b) obtaining result data by performing a key generation algorithm using the basic key as an input key and using a first node identifier, a second node identifier, and a predetermined string word as input data; c) extracting predetermined bits of the result data, and using first predetermined bits of the extracted bits as message authentication keys for generating message authentication code parameter of an uplink message; and d) extracting predetermined bits of the result data and generating second predetermined bits of the extracted bit as a message authentication keys for generating a message authentication code parameter of a downlink message. - View Dependent Claims (40, 41)
-
Specification