AUTHENTICATION OF A MOBILE DEVICE BY A NETWORK AND KEY GENERATION

US 20140003604A1
Filed: 06/27/2012
Published: 01/02/2014
Est. Priority Date: 06/27/2012
Status: Active Grant

First Claim

Patent Images

1. A method in a mobile device comprising:

participating in at least a portion of an asymmetric key agreement protocol with a network to compute a secret value;

obtaining a response value derived from the secret value;

sending the response value to a verification entity for use in authenticating the mobile device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There are disclosed systems and methods for authenticating a mobile device by a network and/or for generating one or more keys that can be used for securely transmitting data between the mobile device and the network. In one embodiment, the following operations are performed by a mobile device: (i) the mobile device participates in at least a portion of a key agreement protocol with a network to compute a secret value; (ii) the mobile device obtains a response value derived from the secret value; and (iii) the mobile device sends the response value to a verification entity for use in authenticating the mobile device. There are also disclosed systems and methods for authenticating a network by a mobile device.

Citations

20 Claims

1. A method in a mobile device comprising:
- participating in at least a portion of an asymmetric key agreement protocol with a network to compute a secret value;
  
  obtaining a response value derived from the secret value;
  
  sending the response value to a verification entity for use in authenticating the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the network is a home network of the mobile device, and the method further comprises:
    - initiating communication with a visited network, the visited network including the verification entity;
      
      receiving from the visited network at least one parameter originating from the home network, the at least one parameter used in the asymmetric key agreement protocol to compute the secret value.
  - 3. The method of claim 2 wherein the at least one parameter is an ephemeral public key of the home network.
  - 4. The method of claim 2 wherein said asymmetric key agreement protocol is a Menezes-Qu-Vanstone (MQV) key agreement protocol.
  - 5. The method of claim 4 wherein computing the secret value comprises computing Z=MQV(d_S,d_S,Q_S,Q_H,G_H), wherein Z is the secret value, d_Sis a private key of the mobile device, Q_Sis a public key of the mobile device corresponding to the private key of the mobile device, Q_His a public key of the home network, G_His said at least one parameter and corresponds to an ephemeral public key of the home network, and wherein MQV(•
    - ) is an MQV primitive that generates the secret value Z according to the MQV key agreement protocol.
  - 6. The method of claim 1 wherein said obtaining a response value derived from the secret value comprises:
    - computing a key derivation function that accepts the secret value as an input; and
      
      obtaining the response value from an output of the key derivation function.
  - 7. The method of claim 6 wherein said computing the key derivation function comprises computing KDF(Z,OtherInfo,outlen), wherein Z is the secret value, outlen is a parameter relating to the length of a string output by the key derivation function, and OtherInfo comprises data relating to at least one of a wireless carrier, an identity of the mobile device, and an identification of the method being used to generate the response value, and wherein KDF(•
    - ) is the key derivation function that generates the string.
  - 8. The method of claim 1 wherein the secret value is also computed by the network, and wherein the response value is for use by the verification entity in authenticating the mobile device by comparing the response value to an expected response value originating from the network, the expected response value having been derived from the secret value computed by the network.
  - 9. The method of claim 2 further comprising obtaining at least one key derived from the secret value, the at least one key used for securing communication between the mobile device and the visited network.

10. An apparatus for implementing a cryptographic system, the cryptographic system configured to:
- participate in at least a portion of an asymmetric key agreement protocol with a network to compute a secret value;
  
  obtain a response value derived from the secret value;
  
  send the response value to a verification entity for use in authenticating the apparatus.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The apparatus of claim 10 wherein the apparatus is a combination of a universal integrated circuit card (UICC) and a mobile device, and wherein either:
    - (i) the UICC is separate from the mobile device, and the mobile device is for receiving the UICC, or (ii) the UICC is embedded in the mobile device.
  - 12. The apparatus of claim 11 wherein the UICC comprises a processor for performing cryptographic operations implemented by the cryptographic system.
  - 13. The apparatus of claim 10 further comprising:
    - a shared secret value generator;
      
      a processing unit;
      
      and a communication subsystem;
      
      wherein the shared secret value generator is configured to participate in the asymmetric key agreement protocol, the processing unit is configured to perform operations to obtain the response value, and the communication subsystem is configured to send the response value to the verification entity.
  - 14. The apparatus of claim 10 wherein the network is a home network of the apparatus, the apparatus further comprising:
    - a communication subsystem configured to initiate communication with a visited network, the visited network including the verification entity;
      
      the communication subsystem configured to receive from the visited network at least one parameter originating from the home network, the at least one parameter used in the asymmetric key agreement protocol to compute the secret value.
  - 15. The apparatus of claim 14 wherein the at least one parameter is an ephemeral public key of the home network.
  - 16. The apparatus of claim 14 wherein the asymmetric key agreement protocol is a Menezes-Qu-Vanstone (MQV) key agreement protocol.
  - 17. The apparatus of claim 16 wherein the secret value is computed as Z=MQV(d_S,d_S,Q_S,Q_H,G_H), wherein Z is the secret value, d_Sis a private key of the mobile device, Q_Sis a public key of the mobile device corresponding to the private key of the mobile device, Q_His a public key of the home network, G_His said at least one parameter and corresponds to an ephemeral public key of the home network, and wherein MQV(•
    - ) is an MQV primitive that generates secret value Z according to the MQV key agreement protocol.
  - 18. The apparatus of claim 16 wherein the response value is obtained by computing a key derivation function that accepts the secret value as an input, and obtaining the response value from the output of the key derivation function.
  - 19. The apparatus of claim 18 wherein the key derivation function is computed as KDF(Z,OtherInfo,outlen), wherein Z is the secret value, outlen is a parameter relating to the length of a string output by the key derivation function, and OtherInfo comprises data relating to at least one of a wireless carrier, an identity of the mobile device, and an identification of the method being used to generate the response value, and wherein KDF(•
    - ) is the key derivation function that generates the string.

20. A processor readable medium having stored thereon processor readable instructions that, when executed, cause a mobile device to:
- participate in at least a portion of an asymmetric key agreement protocol with a network to compute a secret value;
  
  obtain a response value derived from the secret value;
  
  send the response value to a verification entity for use in authenticating the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
CAMPAGNA, Matthew John, Lambert, Robert John, Rosati, Anthony

Granted Patent

US 8,948,386 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/247
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/08   Key distribution or managem...

H04L 9/0844   with user authentication or...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/069   using certificates or pre-s...

AUTHENTICATION OF A MOBILE DEVICE BY A NETWORK AND KEY GENERATION

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION OF A MOBILE DEVICE BY A NETWORK AND KEY GENERATION

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links