Integrity protection during initial registration of a subscriber in a telecommunications network
First Claim
1. A network system comprising:
- a network control element and a communication device associated to a subscriber, wherein the communication device is configured to send a registration message including subscriber information to be protected and an integrity code, to the network control element,wherein the communication device is configured to calculate the integrity code by using a part or whole of the registration message including the subscriber information to be protected, and the network element is configured to verify the integrity code included in the registration message,wherein the network element is configured to perform an authentication of the subscriber by using the integrity code,wherein the network control element is configured to control a first network, and the network system comprises an additional network control element configured to control a second network, said additional network control element being further configured to perform an additional authentication,wherein the communication device is configured to calculate a result from a predetermined number supplied by the additional network control element,wherein the result is used by the additional network control element for performing the additional authentication,wherein the communication device is configured to send a message including algorithm capability information to the network control element, andwherein the network control element is configured to choose which algorithm is to be used for calculating the integrity code and to forward a message including information about the chosen algorithm to the communication device.
2 Assignments
0 Petitions
Accused Products
Abstract
A network system is proposed comprising a network control element and a communication device (UE) associated to a subscriber, wherein the communication device (UE) is adapted to send a registration message (A8) including subscriber information to be protected and an integrity code (MAC), to the network control element, wherein the communication device (UE) is adapted to calculate the integrity code (MAC) by using a part or whole of the registration message (A8) including the subscriber information to be protected, and the network element is adapted to verify the integrity code (MAC) included in the registration message. Also a case is proposed in which the integrity code is calculated in the network control element and verified in the communication device (UE). Furthermore, corresponding methods are proposed.
-
Citations
55 Claims
-
1. A network system comprising:
-
a network control element and a communication device associated to a subscriber, wherein the communication device is configured to send a registration message including subscriber information to be protected and an integrity code, to the network control element, wherein the communication device is configured to calculate the integrity code by using a part or whole of the registration message including the subscriber information to be protected, and the network element is configured to verify the integrity code included in the registration message, wherein the network element is configured to perform an authentication of the subscriber by using the integrity code, wherein the network control element is configured to control a first network, and the network system comprises an additional network control element configured to control a second network, said additional network control element being further configured to perform an additional authentication, wherein the communication device is configured to calculate a result from a predetermined number supplied by the additional network control element, wherein the result is used by the additional network control element for performing the additional authentication, wherein the communication device is configured to send a message including algorithm capability information to the network control element, and wherein the network control element is configured to choose which algorithm is to be used for calculating the integrity code and to forward a message including information about the chosen algorithm to the communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network system comprising:
-
a network control element and a communication device associated to a subscriber, wherein the network control element is configured to receive a registration message from the communication device, to calculate an integrity code by using a part or whole of a message including subscriber information to be protected and to send a message which includes the information to be protected and the integrity code, to the communication device, wherein the communication device is configured to verify the integrity code, wherein the network element is configured to perform an authentication of the subscriber by using the integrity code, wherein the network control element is configured to control a first network, and the network system comprises an additional network control element configured to control a second network, said additional network control element being further configured to perform an additional authentication, wherein the communication device is configured to calculate a result from a predetermined number supplied by the additional network control element, wherein the result is used by the additional network control element for performing the additional authentication, wherein the communication device is configured to send a message including algorithm capability information to the network control element, and wherein the network control element is configured to choose which algorithm is to be used for calculating the integrity code and to forward a message including information about the chosen algorithm to the communication device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for performing registration of a subscriber in a network system, comprising a network control element and a communication device associated to a subscriber, said method comprising:
-
sending a registration message including subscriber information to be protected and an integrity code to the network control element, wherein the subscriber information to be protected comprises contact information; calculating the integrity code in the communication device by using a part or whole of the registration message including the subscriber information to be protected; verifying the integrity code in the network control element; and performing an authentication of the subscriber by using the integrity code, wherein the network control element controls a first network, and the network system further comprises an additional network control element controlling a second network, the additional network control element being configured to perform an additional authentication; calculating a result in the communication device from a predetermined number supplied by the additional network control element; performing the additional authentication in the additional network control element by using the result; choosing which algorithm is to be used for calculating the integrity code; and forwarding a message including information about the chosen algorithm to the communication device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for performing registration of a subscriber in a network system, comprising a network control element and a communication device associated to a subscriber, said method comprising:
-
sending a registration message from the communication device to the network control element; calculating an integrity code in the network control element by using a part or whole of the registration message including subscriber information to be protected, wherein the subscriber information to be protected comprises contact information; sending a message, which includes the information to be protected and the integrity code to the communication device; verifying the integrity code in the communication device; and performing an authentication of the subscriber by using the integrity code, wherein the network control element controls a first network, and the network system further comprises an additional network control element controlling a second network, the additional network control element being configured to perform an additional authentication; calculating a result in the communication device from a predetermined number supplied by the additional network control element; performing the additional authentication in the additional network control element by using the result; choosing which algorithm is to be used for calculating the integrity code; and forwarding a message including information about the chosen algorithm to the communication device. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A network system comprising:
-
a network control element and a communication device associated to a subscriber, wherein the communication device is configured to send a registration message including algorithm capability information to the network control element, wherein the network control element is configured to choose which algorithm is to be used for calculating an integrity code and to send a corresponding message to the communication device, wherein the network control element or the communication device is configured to verify the algorithm capability information on a later transmittal of a message including the algorithm capability information. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A method, comprising:
-
sending a registration message including algorithm capability information from a communication device associated to a subscriber to a network control element; choosing which algorithm is to be used for calculating an integrity code; sending a corresponding message to the communication device; verifying the algorithm capability information on a later transmittal of a message including the algorithm capability information in the network control element and/or the communication device; and completing registration of the subscriber based on the verified algorithm capability information. - View Dependent Claims (49, 50, 51, 52, 53, 54)
-
-
55. A network system, comprising:
-
a network control element and a communication device associated to a subscriber; sending means for sending a registration message including subscriber information to be protected and an integrity code to the network control element, wherein the subscriber information to be protected comprises contact information; calculating means for calculating the integrity code in the communication device by using a part or whole of the registration message including the subscriber information to be protected; verifying means for verifying the integrity code in the network control element; and performing means for performing an authentication of the subscriber by using the integrity code, wherein the network control element controls a first network, and the network system further comprises an additional network control element controlling a second network, the additional network control element being configured to perform an additional authentication; calculating means for calculating a result in the communication device from a predetermined number supplied by the additional network control element; performing means for performing the additional authentication in the additional network control element by using the result; choosing which algorithm is to be used for calculating the integrity code; and forwarding a message including information about the chosen algorithm to the communication device.
-
Specification