AUTHENTICATION METHOD AND KEY GENERATING METHOD IN WIRELESS PORTABLE INTERNET SYSTEM

US 20090019284A1
Filed: 03/09/2006
Published: 01/15/2009
Est. Priority Date: 03/09/2005
Status: Abandoned Application

First Claim

Patent Images

1. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:

a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node;

b) obtaining one or more basic key for generating an authorization key shared with the second node according to the authentication process;

c) generating the authorization key based on a first node identifier, a second node identifier, and the basic key; and

d) exchanging a security algorithm and SA (security association) information with the second node based on additional authentication process messages including authorization key-related parameter and security-related parameter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method and authorization key generation method in a wireless portable Internet system is provided. In a wireless portable Internet system, the base station and the subscriber station share an authorization key when an authentication process is performed according to a predetermined authentication method negotiated therebetween. Particularly, the subscriber station and the base station perform an additional authentication process including an authorization key-related parameter and a security-related parameter and exchanges a security algorithm and SA (Security Association) information. In addition, an authorization key is derived from one or more basic key obtained through various authentication processes as an input key of an authorization key generation algorithm. Therefore, reliability of a security related parameter received from the receiving node can be enhanced and an authorization key having a hierarchical and secure structure can be provided.

82 Citations

View as Search Results

41 Claims

1. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
- a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node;
  
  b) obtaining one or more basic key for generating an authorization key shared with the second node according to the authentication process;
  
  c) generating the authorization key based on a first node identifier, a second node identifier, and the basic key; and
  
  d) exchanging a security algorithm and SA (security association) information with the second node based on additional authentication process messages including authorization key-related parameter and security-related parameter.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 4. The authentication method of claim 1, wherein the authentication method is at least one of a Rivest Shamir Adleman (RSA)-based authentication scheme for performing a mutual equipment authorization by the subscriber station and the base station;
    - an Extensible Authentication Protocol (EAP)-based authentication scheme for performing a subscriber station equipment and base station equipment authentication and user authentication by using a higher EAP protocol;
      
      an authentication scheme for performing the RSA-based authentication and then the EAP-based authentication; and
      
      an authentication scheme for performing the RSA-based authentication and then an authenticated EAP-based authentication.
  - 5. The authentication method of claim 1, wherein the corresponding node identifier is given as a subscriber station MAC (media access control) address when the first node or the second node is given as the subscriber station.
  - 6. The authentication method of claim 1, wherein when the RSA-based authentication process is performed at the step a), the step b) includes obtaining a pre-PAK (pre-Primary Authorization Key) according to the RSA-based authentication process, generating a PAK (Primary Authorization Key) with the pre-PAK, and setting the PAK as the basic key.
  - 7. The authentication method of claim 1, wherein when the EAP-based authentication process is performed at the step a), the step b) includes selectively obtaining an MSK (Master Session Key) according to a higher EAP authorization protocol characteristic;
    - generating a PMK (Pairwise Master Key) with the obtained MSK; and
      
      setting the PMK as a basic key.
  - 8. The authentication method of claim 1, wherein when the RSA-based authentication process and then the EAP-based authentication process are performed at the step a), the step b) includes obtaining a pre-PAK after the RSA based authentication process and generating a PAK based on the pre-PAK;
    - selectively obtaining an MSK (Master Session Key) according to an EAP authorization protocol characteristic after the EAP-based authentication process or the authenticated EAP-based authentication process and generating a PMK (Pairwise Master Key) with the obtained MSK; and
      
      setting the PMK or the PAK as the basic key.
  - 9. The authentication method of claim 4, wherein the step a) in the case of the performing of the RSA-based authentication further includes performing the subscriber station equipment authentication according to the RSA authentication request message that the base station receives from the subscriber station, the message including a subscriber station certificate and further including at least one of a subscriber station random number that the subscriber station randomly generates and a message authentication parameter;
    - transmitting an RSA authentication response message to the subscriber station and requesting the base station equipment authentication, the RSA authentication response message including an encrypted pre-PAK, a base station certificate, and a key sequence number, and further including at least one of the subscriber station random number, a base station random number that the base station randomly generates, a key lifetime, and a message authentication parameter, when the subscriber station equipment is successfully authenticated; and
      
      ,finishing the RSA-based authentication process when the RSA authentication acknowledge message including a base station equipment success result code is received from the subscriber station.
  - 10. The authentication method of claim 9, comprising the base station informing of a subscriber station authentication failure by transmitting an RSA authentication failure message to the subscriber station when the subscriber station equipment is not successfully authenticated;
    - andthe subscriber station informing of a base station authentication failure by transmitting an RSA authentication acknowledgement message including an authentication failure result code to the base station when the base station equipment is not successfully authenticated,wherein the RSA authentication failure message and the RSA authentication acknowledgement message further include at least one of the subscriber station random number, the base station random number, an Error Code and a Display-String informing of a failure reason, and a message authentication parameter for authenticating a message.
  - 11. The authentication method of claim 4, wherein the step a) in the case of the performing of the EAP-based authentication includes the base station starting an EAP-based authentication process according to an EAP authorization start message for informing of an authentication process start transmitted from the subscriber station;
    - performing a user authentication by transmitting EAP data through an EAP data transfer message to the subscriber station whenever the base station receives the EAP data from a higher EAP authorization protocol layer; and
      
      finishing the EAP-based authentication when an EAP authorization success message is received from the subscriber station.
  - 12. The authentication method of claim 11, wherein the subscriber station transmits the EAP data through the EAP data transfer message to the base station whenever the subscriber station receives the EAP data from the higher EAP authorization protocol layer.
  - 13. The authentication method of claim 11, wherein the number of EAP data transfer messages transmitted between the subscriber station and the base station is variable according to the higher authentication protocol.
  - 14. The authentication method of claim 1, wherein the step for exchanging the security algorithm and the SA information further includes determining validity of the received message by the receiving node receiving the message of the additional authentication process,the validity determining step includes determining whether the message authentication code parameter included in the received message is equal to the message authentication code parameter directly generated by the receiving node based on the authorization key;
    - determining whether the random number included in the received message is equal to the random number included in the random number previously transmitted to the receiving node;
      
      determining whether the authorization key identifier included in the received message is equal to the authorization key identifier contained in the receiving node; and
      
      ,determining the message to be valid when the message satisfies the equality of the message authentication code parameters, the random numbers, and the authorization key identifiers.
  - 15. The authentication method of claim 1, further comprising:
    - the base station starting a SA-TEK process by transmitting a SA-TEK challenge message to the subscriber station;
      
      receiving a SA-TEK request message including all the security-related algorithms that the subscriber station supports from the subscriber station and verifying the message to be valid; and
      
      transmitting a SA-TEK response message including SA and security-related algorithms that the base station can provide to the subscriber station when the message is verified to be valid.
  - 16. The authentication method of claim 15, further comprising the subscriber station receiving a SA-TEK challenge message from the base station;
    - transmitting the SA-TEK request message including all the security-related algorithms that the subscriber station supports to the base station according to the received SA-TEK challenge message;
      
      verifying the received SA-TEK response message to be valid; and
      
      finishing the SA-TEK process when the SA-TEK response message is verified to be valid.
  - 17. The authentication method of claim 16, wherein the SA-TEK response message includes a SA descriptor, and the SA descriptor includes a SA identifier (SAID), a SA type for informing a type of SA, and a SA service type for informing a SA traffic service type by being defined when the SA type is dynamic or stable SA.
  - 18. The authentication method of claim 16, wherein the SA-TEK challenge message includes the authorization key sequence number and the authorization key identifier, and further includes at least one of the base station random number that the base station randomly generates, the message authentication code parameter, and a PMK lifetime,wherein the subscriber station transmits the SA-TEK request message including the authorization key identifier included in the SA-TEK challenge message to the base station when the authorization key identifier included in the SA-TEK challenge message corresponds to the authorization key identifier that the subscriber station independently generates.
  - 19. The authentication method of claim 16, wherein the SA-TEK challenge message includes the base station random number that the base station randomly generates and the authorization key sequence number, and it further includes at least one of the random number lifetime and the PMK lifetime,the step for transmitting the SA-TEK request message to the base station including generating the authorization key based on the base station random number included in the SA-TEK challenge message, andgenerating the authorization key identifier based on the generated authorization key and transmitting the SA-TEK request message including the generated authorization key identifier to the base station.
  - 20. The authentication method of claim 18, whereinthe SA-TEK request message includes a subscriber station security algorithm capability, and it further includes at least one of the subscriber station random number that the subscriber station randomly generates, the base station random number that the base station randomly generates and includes in the SA-TEK challenge message, the authorization key sequence number, the authorization key identifier, and the message authentication code parameter, and the authorization key identifier is equal to the authorization key identifier included in the SA-TEK challenge message.
  - 21. The authentication method of claim 19, wherein the SA-TEK request message includes the subscriber station random number that the subscriber station randomly generates, the subscriber station security algorithm capability, and the authorization key identifier, and it further includes the base station random number that the base station randomly generates and includes in the SA-TEK challenge message, the authorization key sequence number, and the message authentication code parameter, and the authorization key identifier is equal to an authorization key identifier that the subscriber station newly generates.
  - 22. The authentication method of claim 18, wherein the SA-TEK response message includes SA update information, and one or more SA descriptor, and it further includes at least one of the SA-TEK update information, the subscriber station random number and the base station random number, the authorization key sequence number, the authorization key identifier, and the message authentication code parameter, and the authorization key identifier is equal to the authorization key identifier included in the SA-TEK challenge message.
  - 23. The authentication method of claim 19, wherein the SA-TEK response message includes one or more SA descriptor, and it further includes at least one of the SA-TEK update information, the subscriber station random number and the base station random number, a authorization key sequence number, an authorization key identifier, and a message authentication code parameter, and the authorization key identifier is equal to the authorization key identifier included in the SA-TEK request message.
  - 24. The authentication method of claim 4, further comprising sharing a traffic encryption key between the base station and the subscriber station, wherein the sharing step includes the base station authenticating the traffic encryption key request message received from the subscriber station;
    - generating the traffic encryption key corresponding to the SA if successfully authenticated; and
      
      transmitting a traffic encryption key response message including the traffic encryption key to the subscriber station.
  - 25. The authentication method of claim 24, wherein the messages include a random number for preventing a replay attack, and the receiving node receives the messages and uses or discards the messages according to the random number.
  - 26. The authentication method of claim 25, further comprising when the random number is generated in a first format in which a predetermined value is increased or decreased,if the first random number in the message exceeds previously stored second random number, the receiving node using the message;
    - deleting the stored second random number and storing the first random number; and
      
      if the first random number does not exceed the second random number, discarding the messages.
  - 27. The authentication method of claim 26, wherein the receiving node stores the second random number until the traffic encryption key corresponding to the second random number is expired and deletes the second random number when the traffic encryption key is expired.
  - 28. The authentication method of claim 25, further comprising when the random number is generated in a second format, if the first random number included in the message is the same as one of at least one previously stored second random numbers, the receiving node discarding the message, and if the first random number is not the same as all the second random numbers, using the message and managing the same by storing the first random number as one of the second random numbers.
  - 29. The authentication method of claim 28, wherein the receiving node stores all the second random numbers until the traffic encryption key corresponding to the second random numbers is expired and deletes all the second random numbers when the traffic encryption key is expired.
  - 30. The authentication method of claim 24, further comprising the base station transmitting a SA dynamic addition message to the subscriber station, the message including a SA descriptor including SA information to be added and further including at least one of the authorization key sequence number, the random number, and the message authentication code parameter, and dynamically adding the SA to the subscriber station.
  - 31. The authentication method of claim 24, further comprising the base station transmitting a traffic encryption key error information message informing of invalid traffic encryption key usage to the subscriber station, the message including a SA identifier using the traffic encryption key and further including at least one of a authorization key sequence number, an error code, a random number, and a message authentication code parameter, wherein the subscriber station requests a new traffic encryption key distribution from the base station according to the traffic encryption key error inform message.

2. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
- a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node;
  
  b) obtaining one or more basic keys for generating an authorization key shared between the first and second nodes according to the authentication process; and
  
  c) exchanging a security algorithm and SA (Security Association) information with the second node based on additional authentication process messages including the authorization key-related parameter and security-related parameter, the second node,wherein the step c) further comprises generating an authorization key based on the first node identifier, a first random number that the first node randomly generates, the basic key, the second node identifier, and a second random number that the second node randomly generates.

3. An authentication method for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authentication method comprising:
- a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node;
  
  b) obtaining an authorization key shared between the first and second nodes according to the authentication process; and
  
  c) exchanging a security algorithm and SA (Security Association) information with the second node based on additional authentication process messages including authorization key-related parameter and security-related parameter.

32. An authorization key generation method when a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authorization key generation method comprising:
- a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node and obtaining a first basic key for generating an authorization key;
  
  b) generating a second basic key from the first basic key; and
  
  c) generating the authorization key by performing a key generation algorithm using the second basic key as an input key and using the first node identifier, the second node identifier, and a predetermined string word as input data.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The authorization key generation method of claim 32, wherein the corresponding node identifier is given as a subscriber station MAC (media access control) address when the first node or the second node is given as a subscriber station.
  - 35. The authorization key generation method of claim 32, wherein when the authentication scheme performs only an RSA-based authentication process which the subscriber station and the base station respectively performs a mutual authentication, the first basic key is given as a pre-PAK, and the step b) includesobtaining first result data by performing a key generation algorithm using the pre-PAK as the input key and using a subscriber station identifier, a base station identifier, and a predetermined string as the input data;
    - extracting predetermined bits from the first result data; and
      
      setting first predetermined bits of the extracted predetermined-bit data as a second basic key, that is, a PAK.
  - 36. The authorization key generation method of claim 32, wherein when an authentication method performs only an EAP-based authentication process for performing the subscriber station equipment and the base station equipment authentication or user authentication using a higher EAP authorization protocol, the first basic key is given as an MSK,and the step b) includes setting the second basic key PMK by extracting predetermined bits of the first basic key, that is, the MSK.
  - 37. The authorization key generation method of claim 32, wherein when EAP-based authorization process or authenticated EAP-based authorization process is performed after RSA-based authorization process is performed, the step b) includes generating the PAK from the pre-PAK, that is, the first basic key obtained after the RSA-based authentication process;
    - generating a PMK from the first basic key, that is, MSK obtained after the EAP-based authentication process or authenticated EAP-based authentication process;
      
      obtaining a resulting value by a logic operation on the PAK and PMK; and
      
      setting the resulting value as the second basic key.
  - 38. The authorization key generation method of claim 37, wherein the step for obtaining result value obtains the resulting value by an exclusive operation on the PAK and PMK.

33. An authorization key generation method when a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the authorization key generation method comprising:
- a) performing an authentication process corresponding to an authentication scheme set by a negotiation between the first node and the second node and obtaining a first basic key for generating an authorization key;
  
  b) generating a second basic key from the first basic key; and
  
  c) generating the authorization key by performing a key generation algorithm using the second basic key as the input key and using a first node identifier, a first random number that the first node randomly generates, a second node identifier, a second random number that the second node randomly generates, and predetermined string word as the input data.

39. A message authentication key generation method for generating a message authentication key parameter for a first node being a base station or a subscriber station performing an authentication process while linking a second node being the subscriber station or the base station in a wireless portable Internet system, the message authentication key generation method comprising:
- a) when an authentication process performs an authenticated EAP-based authentication process after an RSA-based authentication process according to an negotiation between the first node and the second node, the first node obtaining a basic key shared with the second nodes through an RSA-based authentication process;
  
  b) obtaining result data by performing a key generation algorithm using the basic key as an input key and using a first node identifier, a second node identifier, and a predetermined string word as input data;
  
  c) extracting predetermined bits of the result data, and using first predetermined bits of the extracted bits as message authentication keys for generating message authentication code parameter of an uplink message; and
  
  d) extracting predetermined bits of the result data and generating second predetermined bits of the extracted bit as a message authentication keys for generating a message authentication code parameter of a downlink message.
- View Dependent Claims (40, 41)
- - 40. The authorization key generation method of claim 39, wherein the basic key is given as an EIK (EAP Integrity Key) using a pre-PAK obtained after the RSA-based authentication process.
  - 41. The authorization key generation method of claim 39, wherein the message authentication code parameter uses one scheme selected from message authentication schemes using the HMAC (Hash Message Authentication Code) or CMAC (Cipher-based Message Authentication Code).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute, Hanaro Telecom., Inc., KT Corporation, Samsung Electronics Co. Ltd., SK Telecom Co., Ltd.
Original Assignee
Electronics and Telecommunications Research Institute, Hanaro Telecom., Inc., KT Corporation, Samsung Electronics Co. Ltd., SK Telecom Co., Ltd.
Inventors
Cho, Seok-Heon, Yoon, Chul-Sik, Chang, Sung-Cheol

Application Number

US11/817,859
Publication Number

US 20090019284A1
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 63/162   at the data link layer

H04L 9/0844   with user authentication or...

H04L 9/3249   using RSA or related signat...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 12/73   Access point logical identity

AUTHENTICATION METHOD AND KEY GENERATING METHOD IN WIRELESS PORTABLE INTERNET SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION METHOD AND KEY GENERATING METHOD IN WIRELESS PORTABLE INTERNET SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links