METHOD AND APPARATUS FOR AUTHENTICATING PER M2M DEVICE BETWEEN SERVICE PROVIDER AND MOBILE NETWORK OPERATOR

US 20120159167A1
Filed: 12/15/2011
Published: 06/21/2012
Est. Priority Date: 12/16/2010
Status: Active Grant

First Claim

Patent Images

1. An operating method of an authentication server for authenticating a service per Machine to Machine (M2M) device between an M2M service provider and a mobile communication operator, the method comprising:

generating an M2M device IDentifier (ID), a first authentication key, and an M2M service provider ID per M2M device;

based on the M2M device ID, the first authentication key, and the M2M service provider ID, generating a second authentication key, a first hash function value, and a first random variable; and

transmitting at least one of the second authentication key, the first hash function, and the first random variable to an M2M agent.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is capable of authenticating a service per Machine to Machine (M2M) device between an M2M service provider and a mobile communication operator. The system includes an authentication server for generating an M2M device IDentifier (ID), a first authentication key, and an M2M service provider ID per M2M device, The authentication server also generates a second authentication key, a first hash function value, and a first random variable based on the M2M device ID, the first authentication key, and the M2M service provider ID. and transmitting the second authentication key, the first hash function, and the first random variable to an M2M agent to an M2M agent.

Citations

24 Claims

1. An operating method of an authentication server for authenticating a service per Machine to Machine (M2M) device between an M2M service provider and a mobile communication operator, the method comprising:
- generating an M2M device IDentifier (ID), a first authentication key, and an M2M service provider ID per M2M device;
  
  based on the M2M device ID, the first authentication key, and the M2M service provider ID, generating a second authentication key, a first hash function value, and a first random variable; and
  
  transmitting at least one of the second authentication key, the first hash function, and the first random variable to an M2M agent.
- View Dependent Claims (2, 3, 4)
- - 2. The operating method of claim 1, wherein the first authentication key is a root key per M2M device for Security Association (SA) between an M2M server and an M2M client of the mobile communication operator,the second authentication key is an authentication key between the M2M server and the M2M client, andthe first hash function is a hash function value for the M2M server to verify the M2M agent.
  - 3. The operating method of claim 1, wherein the M2M agent is one of an Access Service Network (ASN)-GateWay (GW) and a proxy server.
  - 4. The operating method of claim 1, wherein the second authentication key KEY2 and the first hash function H1 are generated based on the following equation:
    - KEY2=H(KEY1,MDID H−
      
      OPIDIMSPIDV−
      
      OPID MAID R1) H1=H(KEY1. R1) where H( ) denotes a hash function, MDID denotes the M2M device ID, H−
      
      OPID denotes a home operator ID, V−
      
      OPID denotes a visited operator ID, MAID denotes an M2M agent ID, and R1 denotes a random value or a nonce value generated by an Authentication, Authorization, and Accounting (AAA) server of a H-Operator.

5. An operating method of a Machine to Machine (M2M) agent for authenticating a service per M2M device between an M2M service provider and a mobile communication operator, the method comprising:
- receiving at least one of a second authentication key, a first hash function value, and a first random variable from an authentication server;
  
  transmitting at least one of the first hash function, the first random variable, a Home Operator IDentifier (H−
  
  OPID), a Visited Operator ID (V−
  
  OPID), an M2M device ID, and an M2M agent ID to an M2M server;
  
  receiving at least one of a second random variable and a second hash function value from the M2M server; and
  
  verifying the second hash function value received from the M2M server by comparing the second hash function value received from the M2M server and a second hash function value generated by the M2M agent.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The operating method of claim 5, wherein the second authentication key is an authentication key between the M2M server and an M2M client of the mobile communication operator,the first hash function is a hash function value for the M2M server to verify the M2M agent, andthe second hash function is a hash function value for the M2M agent to verify the M2M server.
  - 7. The operating method of claim 5, wherein the M2M agent is one of an Access Service Network (ASN)-GateWay (GW) and a proxy server.
  - 8. The operating method of claim 5, further comprising:
    - storing at least one of the second random variable and the second hash function value received from the M2M server.
  - 9. The operating method of claim 5, further comprising:
    - generating a third authentication key for authenticating a message between the M2M agent and the M2M server using the second authentication key.
  - 10. The operating method of claim 9, wherein the third authentication key is given by the following equation:
    - KEY3=H(KEY2,R1|R2|MAID|V−
      
      OPID|MSPID)where H( ) denotes a hash function, KEY2 denotes an authentication key between the M2M server and the M2M client, R1 denotes the first random variable, R2 denotes the second random variable, MAID denotes an M2M agent ID, H−
      
      OPID denotes a home operator ID, V−
      
      OPID denotes a visited operator ID, and MSPID denotes an M2M service provider ID.

11. An operating method of a Machine to Machine (M2M) server for authenticating a service per M2M device between an M2M service provider and a mobile communication operator, the method comprising:
- receiving from an M2M agent, at least one of a first hash function, a first random variable, a Home Operator IDentifier (H−
  
  OPID), a Visited Operator ID (V−
  
  OPID), an M2M device ID, and an M2M agent ID;
  
  verifying the first hash function value received from the M2M agent by comparing the first hash function received from the M2M agent and a first hash function value generated by the M2M server;
  
  generating at least one of a second authentication key, a second random variable, and a second hash function value using at least one of the first hash function, the first random variable, the H−
  
  OPID, the V−
  
  OPID, the M2M device ID, and the M2M agent ID received from the M2M agent; and
  
  transmitting at least one of the second random variable and the second hash function value to the M2M agent.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The operating method of claim 11, wherein the second authentication key is an authentication key between the M2M server and an M2M client of the mobile communication operator,the first hash function is a hash function value for the M2M server to verify the M2M agent, andthe second hash function is a hash function value for the M2M agent to verify the M2M server.
  - 13. The operating method of claim 11, wherein the M2M agent is one of an Access Service Network (ASN)-GateWay (GW) and a proxy server.
  - 14. The operating method of claim 11, wherein the second authentication key and the second hash function value are generated based on the following equation:
    - KEY2=H(KEY1,MDID|H−
      
      OPID|MSPID|V−
      
      OPID|MAID|R1)
      H2=H(KEY2,R2|MSPID|V−
      
      OPID|MAID|MDID|R1)where H( ) denotes a hash function, KEY1, as a first authentication key, denotes a root key per M2M device for Security Association (SA) between the M2M server and the M2M client, MDID denotes an M2M device ID, H−
      
      OPID denotes a home operator ID, V−
      
      OPID denotes a visited operator ID, MAID denotes an M2M agent ID, MSPID denotes an M2M service provider ID, and R1 denotes a random variable value generated by an authentication server.
  - 15. The operating method of claim 11, further comprising:
    - generating, a third authentication key for authenticating a message between the M2M agent and the M2M server using the second authentication key.
  - 16. The operating method of claim 15, wherein the third authentication key is given by the following equation:
    - KEY3=H(KEY2,R1|R2|MAID|V−
      
      OPID|MSPID)where H( ) denotes a hash function, KEY2 denotes an authentication key between the M2M server and the M2M client, R1 denotes the first random variable, R2 denotes the second random variable, MAID denotes an M2M agent ID, H−
      
      OPID denotes a home operator ID, V−
      
      OPID denotes a visited operator ID, and MSPID denotes an M2M service provider ID.

17. A system for authenticating a service per Machine to Machine (M2M) device between an M2M service provider and a mobile communication operator, the system comprising:
- au authentication server configured to generate an M2M device IDentifier (ID), a first authentication key, and an M2M service provider ID per M2M device, generating a second authentication key, a first hash function value, and a first random variable based on the M2M device ID, the first authentication key, and the M2M service provider ID, and transmit the second authentication key, the first hash function, and the first random variable to an M2M agent;
  
  the M2M agent configured to;
  
  receive at least one of the second authentication key, the first hash function value, and the first random variable from the authentication server, transmit at least one of the first hash function, the first random variable, a Home Operator IDentifier (H−
  
  OPID), a Visited Operator ID (V−
  
  OPID), an M2M device ID, and an M2M agent ID to an M2M server,receive at least one of a second random variable and a second hash function value from the M2M server, andverify the second hash function value received from the M2M server by comparing the second hash function value received from the M2M server and a second hash function value generated by the M2M agent; and
  
  the M2M server configured to;
  
  receive, from the M2M agent, at least one of the first hash function, the first random variable, the H−
  
  OPID, the V−
  
  OPID, the M2M device ID, and the M2M agent ID,verify the first hash function value received from the M2M agent by comparing the first hash function received from the M2M agent and a first hash function value generated by the M2M server,generate at least one of the second authentication key, the second random variable, and the second hash function value using at least one of the first hash function, the first random variable, the H−
  
  OPID, the V−
  
  OPID, the M2M device ID, and the M2M agent ID received from the M2M agent, andtransmit at least one of the second random variable and the second hash function value to the M2M agent.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the first authentication key is a root key per M2M device for Security Association (SA) between the M2M server and an M2M client of the mobile communication operator,the second authentication key is an authentication key between the M2M server and the M2M client,the first hash function is a hash function value for the M2M server to verify the M2M agent, andthe second hash function is a hash function value for the M2M agent to verify the M2M server.
  - 19. The system of claim 17, wherein the M2M agent is one of an Access Service Network (ASN)-GateWay (GW) and a proxy server.
  - 20. The system of claim 17, wherein the second authentication key KEY2 and the first hash function H1 are generated by the authentication server based on the following equation:
    - KEY2=H(KEY1,MDID|H−
      
      OPID|MSPID|V−
      
      OPID|MAID|R1)
      H1=H(KEY1,R1)where H( ) denotes a hash function, MDID denotes the M2M device ID, H−
      
      OPID denotes a home operator ID, V−
      
      OPID denotes a visited operator ID, MAID denotes an M2M agent ID, and R1 denotes a random value or a nonce value generated by an Authentication, Authorization, and Accounting (AAA) server of a H-Operator.
  - 21. The system of claim 17, further comprising:
    - the M2M agent configured to store at least one of the second random variable and the second hash function value received from the M2M server.
  - 22. The system of claim 17, wherein the M2M server and the M2M agent are configured to generate a third authentication key for authenticating a message between the M2M agent and the M2M server using the second authentication key.
  - 23. The system of claim 17, wherein the third authentication key is given by the following equation:
    - KEY3=H(KEY2,R1|R2|MAID|V−
      
      OPID|MSPID)where H( ) denotes the hash function, KEY2 denotes the authentication key between the M2M server and the M2M client, R1 denotes the first random variable, R2 denotes the second random variable, MAID denotes the M2M agent ID, H−
      
      OPID denotes the home operator ID, V−
      
      OPID denotes the visited operator ID, and MSPID denotes the M2M service provider ID.
  - 24. The system of claim 17, wherein the second authentication key and the second hash function value are generated by the M2M server based on the following equation:
    - KEY2=H(KEY1,MDID|H−
      
      OPID|MSPID|V−
      
      OPID|MAID|R1)
      H2=H(KEY2,R2|MSPID|V−
      
      OPID|MAID|MDID|R1)where H( ) denotes the hash function, KEY1, as the first authentication key, denotes the root key per M2M device for the SA between the M2M server and the M2M client, MDID denotes the M2M device ID, H−
      
      OPID denotes the home operator ID, V−
      
      OPID denotes the visited operator ID, MAID denotes the M2M agent ID, MSPID denotes the M2M service provider ID, and R1 denotes the random variable value generated by an authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
LEE, Ji-Cheol, CHO, Song-Yean, YEGIN, Alper, BAEK, Young-Kyo

Granted Patent

US 8,949,602 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/062   for key distribution, e.g. ...

H04L 63/0892   by using authentication-aut...

H04L 9/321   involving a third party or ...

H04L 9/3242   involving keyed hash functi...

H04L 9/3271   using challenge-response

H04W 12/041   Key generation or derivation

H04W 12/043   using a trusted network nod...

H04W 12/069   using certificates or pre-s...

H04W 4/70   Services for machine-to-mac...

METHOD AND APPARATUS FOR AUTHENTICATING PER M2M DEVICE BETWEEN SERVICE PROVIDER AND MOBILE NETWORK OPERATOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR AUTHENTICATING PER M2M DEVICE BETWEEN SERVICE PROVIDER AND MOBILE NETWORK OPERATOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links