EFFICIENT GENERATION METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION

US 20090164788A1
Filed: 04/19/2007
Published: 06/25/2009
Est. Priority Date: 04/19/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:

acquiring at least one root key for generating the authorization key through an authentication procedure according to a authentication mode negotiated by a subscriber station and a base station;

determining an authorization key generation number; and

generating the authorization key on the basis of the root key and the authorization key generation number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method of generating an authorization key for a wireless communication system. In the wireless communication system, when an authorization key is generated after authentication between a subscriber station and base station is successfully performed, the authorization key is generated using a value indicating the number of generation times of the authorization key. Subsequently, the subscriber station and the base station confirm through a predetermined procedure whether or not they share the same authorization key and the same number of generation times of the authorization key. According to such a method of generating an authorization key, an authentication function for messages to be transmitted and received between the subscriber station and the base station can be efficiently supported. Further, replay attacks by malignant users can be powerfully protected against.

Citations

18 Claims

1. A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
- acquiring at least one root key for generating the authorization key through an authentication procedure according to a authentication mode negotiated by a subscriber station and a base station;
  
  determining an authorization key generation number; and
  
  generating the authorization key on the basis of the root key and the authorization key generation number.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the generating of the authorization key includes:
    - generating the authorization key by further using a subscriber station identifier and a base station identifier.
  - 3. The method of claim 2, wherein the generating of the authorization key includes:
    - generating an input key through a predetermined operation with the root key;
      
      setting the subscriber station identifier, the base station identifier, the authorization key generation number, and a predetermined string of characters as input data; and
      
      generating the authorization key through a key generation algorithm based on the input key and the input data.
  - 4. The method of claim 3, wherein the root key is at least one of a Primary Authorization Key (PAK) obtained through a Rivest Shamir Adleman (RSA) based authentication procedure and a Pairwise Master Key (PMK) obtained through an Extensible Authentication Protocol (EAP) based authentication procedure.
  - 5. The method of claim 1, wherein the authorization key generation number is increased by a predetermined value each time the authorization key is generated.
  - 6. The method of claim 1, further comprising, after generating the authorization key, confirming whether or not the subscriber station and the base station share the same authorization key and the same authorization key generation number.

7. A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
- acquiring, at a base station, an authorization key based on an authorization key generation number;
  
  transmitting, at the base station, an SA-Traffic Encryption Key (SA-TEK) challenge message including the authorization key generation number and a message authentication code for performing message authentication function to the subscriber station;
  
  receiving, at the base station, an SA-TEK request message from the subscriber station that has received the SA-TEK challenge message, the SA-TEK request message including an authorization key generation number and a message authentication code generated by the subscriber station; and
  
  transmitting, at the base station, an SA-TEK response message to the subscriber station so as to confirm that the base station and the subscriber station share the same authorization key and the same authorization key generation number.
- View Dependent Claims (9, 10, 15, 16, 17, 18)
- - 9. The method of claim 7, wherein the method is performed in at least one of a case where an initial authentication procedure between the subscriber station and the base station is performed, a case where a re-authentication procedure is performed after completing the initial authentication procedure, or a case where a counter value of control messages transmitted and received between the subscriber station and the base station overflows a predetermined value.
  - 10. The method of claim 9, wherein the base station adds an authorization key update indication field into the SA-TEK challenge message and transmits the SA-TEK challenge message,wherein the authorization key update indication field informs that the authorization key has been newly generated since the values of uplink/downlink CMAC packet number counters for counting the control messages have exceeded predetermined values, respectively.
  - 15. The method of claim 7, further comprising, if the base station or the subscriber station receives a predetermined message:
    - determining whether or not a message authentication code included in the received message is identical to the message authentication code generated in the base station or the subscriber station;
      
      determining that the received message is an authorized message when the message authentication codes are same;
      
      determining whether or not the authorization key generation number included in the received message is identical to the authorization key generation number stored in the base station or the subscriber station; and
      
      determining that the base station and the subscriber station share the same authorization key generation number when the two authorization key generation numbers are same.
  - 16. The method of claim 7, wherein the message authentication code is a code that is generated with a message authorization key derived from authorization key generated by the base station or the subscriber station.
  - 17. The method of claim 16, wherein a message authentication code mode corresponding to the message authentication code is Cipher-based Message Authentication Code (CMAC).
  - 18. The method of claim 7, wherein the generating of the authorization key includes generating the authorization key on the basis of a root key obtained through an authentication procedure, the authorization key generation number, a subscriber station identifier, a base station identifier, and a string of characters.

8. A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
- receiving, at a subscriber station, an SA-TEK challenge message including an authorization key generation number and a message authentication code for performing message authentication function from a base station;
  
  transmitting, at the subscriber station, an SA-TEK request message including an authorization key generation number and a message authentication code to the base station; and
  
  receiving, at the subscriber station, an SA-TEK response message from the base station so as to confirm that the base station and the subscriber station share the same authorization key and the same authorization key generation number.

11. A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
- generating, at a subscriber station, the authorization key on the basis of an authorization key generation number;
  
  transmitting, at the subscriber station, a ranging (RNG) request message including the authorization key generation number and a message authentication code for performing message authentication function to a base station;
  
  receiving, at the subscriber station, a RNG response message from the base station that has received the RNG request message, the RNG response message including an authorization key generation number and a message authentication code generated by the base station; and
  
  confirming, at the subscriber station, that the subscriber station shares the same authorization key and the same authorization key generation number as the base station when the subscriber station receives the valid RNG response message.
- View Dependent Claims (13, 14)
- - 13. The method of claim 11, wherein the method is performed in at least one of a case where a handover procedure between the subscriber station and the base station is successfully performed, a case where the handover procedure between the subscriber station and the base station is canceled, a case where the location of the subscriber station is updated, or a case where a drop procedure for the subscriber station is performed.
  - 14. The method of claim 13, wherein, after it is confirmed that the subscriber station and the second base station share the same authorization key and the same authorization key generation number by performing the method as the subscriber station performs a handover from a first base station to a second base station, the authorization key generation number is maintained even if the authorization key context is deleted when the subscriber station cancels the handover.

12. A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
- receiving, at a base station, a ranging (RNG) request message from the subscriber station, the RNG request message including an authorization key generation number and a message authentication code for performing message authentication function;
  
  generating, at the base station, a RNG response message including a authorization key generation number and a message authentication generated by the base station; and
  
  transmitting, at the base station, the RNG response message to the subscriber station so as to confirm that the subscriber station and the base station share the same authorization key and the same authorization key generation number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Cho, Seok-Heon, Chang, Sung-Cheol, Yoon, Chul-Sik

Application Number

US12/297,170
Publication Number

US 20090164788A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/061   for key exchange, e.g. in p...

H04L 63/123   received data contents, e.g...

H04L 63/162   at the data link layer

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

H04W 12/041   Key generation or derivation

H04W 36/0038   of security context informa...

EFFICIENT GENERATION METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT GENERATION METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links