Integrity protection during initial registration of a subscriber in a telecommunications network

US 7,366,303 B2
Filed: 05/21/2001
Issued: 04/29/2008
Est. Priority Date: 11/28/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A network system comprising:

a network control element and a communication device associated to a subscriber, wherein the communication device is configured to send a registration message including subscriber information to be protected and an integrity code, to the network control element,wherein the communication device is configured to calculate the integrity code by using a part or whole of the registration message including the subscriber information to be protected, and the network element is configured to verify the integrity code included in the registration message,wherein the network element is configured to perform an authentication of the subscriber by using the integrity code,wherein the network control element is configured to control a first network, and the network system comprises an additional network control element configured to control a second network, said additional network control element being further configured to perform an additional authentication,wherein the communication device is configured to calculate a result from a predetermined number supplied by the additional network control element,wherein the result is used by the additional network control element for performing the additional authentication,wherein the communication device is configured to send a message including algorithm capability information to the network control element, andwherein the network control element is configured to choose which algorithm is to be used for calculating the integrity code and to forward a message including information about the chosen algorithm to the communication device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system is proposed comprising a network control element and a communication device (UE) associated to a subscriber, wherein the communication device (UE) is adapted to send a registration message (A8) including subscriber information to be protected and an integrity code (MAC), to the network control element, wherein the communication device (UE) is adapted to calculate the integrity code (MAC) by using a part or whole of the registration message (A8) including the subscriber information to be protected, and the network element is adapted to verify the integrity code (MAC) included in the registration message. Also a case is proposed in which the integrity code is calculated in the network control element and verified in the communication device (UE). Furthermore, corresponding methods are proposed.

Citations

55 Claims

1. A network system comprising:
- a network control element and a communication device associated to a subscriber, wherein the communication device is configured to send a registration message including subscriber information to be protected and an integrity code, to the network control element,wherein the communication device is configured to calculate the integrity code by using a part or whole of the registration message including the subscriber information to be protected, and the network element is configured to verify the integrity code included in the registration message,wherein the network element is configured to perform an authentication of the subscriber by using the integrity code,wherein the network control element is configured to control a first network, and the network system comprises an additional network control element configured to control a second network, said additional network control element being further configured to perform an additional authentication,wherein the communication device is configured to calculate a result from a predetermined number supplied by the additional network control element,wherein the result is used by the additional network control element for performing the additional authentication,wherein the communication device is configured to send a message including algorithm capability information to the network control element, andwherein the network control element is configured to choose which algorithm is to be used for calculating the integrity code and to forward a message including information about the chosen algorithm to the communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The network system according to claim 1, wherein the subscriber information to be protected comprises information regarding the originator of the registration message.
  - 3. The network system according to claim 1, wherein the subscriber information to be protected comprises information regarding the subscriber to be registered.
  - 4. The network system according to claim 1, wherein the subscriber information to be protected comprises a contact field.
  - 5. The network system according to claim 1, whereinthe communication device is configured to forward the algorithm capability information with the registration message, andthe network control element is configured to verify the algorithm capability information.
  - 6. The network system according to claim 1, whereinthe network control element is configured to forward the algorithm capability information with the message including the information to be protected to the communication device, andthe communication device is configured to verify the algorithm capability information.
  - 7. The network system according to claim 1, wherein the additional authentication is performed by comparing the result received from the communication device with a scheduled result.
  - 8. The network system according to claim 7, wherein the predetermined number and the scheduled result are provided by a home subscriber database, an Authentication Centre or an Authentication Authorization and Accounting server.
  - 9. The network system according to claim 1, wherein the calculation is performed by using GSM or UMTS algorithms.

10. A network system comprising:
- a network control element and a communication device associated to a subscriber,wherein the network control element is configured to receive a registration message from the communication device, to calculate an integrity code by using a part or whole of a message including subscriber information to be protected and to send a message which includes the information to be protected and the integrity code, to the communication device,wherein the communication device is configured to verify the integrity code,wherein the network element is configured to perform an authentication of the subscriber by using the integrity code,wherein the network control element is configured to control a first network, and the network system comprises an additional network control element configured to control a second network, said additional network control element being further configured to perform an additional authentication,wherein the communication device is configured to calculate a result from a predetermined number supplied by the additional network control element, wherein the result is used by the additional network control element for performing the additional authentication,wherein the communication device is configured to send a message including algorithm capability information to the network control element, andwherein the network control element is configured to choose which algorithm is to be used for calculating the integrity code and to forward a message including information about the chosen algorithm to the communication device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The network system according to claim 10, wherein the subscriber information to be protected comprises information regarding the originator of the registration message.
  - 12. The network system according to claim 10, wherein the subscriber information to be protected comprises information regarding the subscriber to be registered.
  - 13. The network system according to claim 10, wherein the subscriber information to be protected comprises a contact field.
  - 14. The network system according to claim 10, whereinthe communication device is configured to forward the algorithm capability information with the registration message, andthe network control element is adapted to verify the algorithm capability information.
  - 15. The network system according to claim 10, whereinthe network control element is configured to forward the algorithm capability information with the message including the information to be protected to the communication device, andthe communication device is configured to verify the algorithm capability information.
  - 16. The network system according to claim 10, wherein the additional authentication is performed by comparing the result received from the communication device with a scheduled result.
  - 17. The network system according to claim 16, wherein the predetermined number and the scheduled result are provided by a home subscriber database, an Authentication Centre or an Authentication Authorization and Accounting server.
  - 18. The network system according to claim 10, wherein the calculation is performed by using GSM or UMTS algorithms.
  - 19. The network system according to claim 10, wherein the message including information to be protected is the registration message received from the communication device.
  - 20. The network system according to claim 10, wherein the message including information to be protected is a response message sent from the network in response to the registration message from the communication device.

21. A method for performing registration of a subscriber in a network system, comprising a network control element and a communication device associated to a subscriber, said method comprising:
- sending a registration message including subscriber information to be protected and an integrity code to the network control element, wherein the subscriber information to be protected comprises contact information;
  
  calculating the integrity code in the communication device by using a part or whole of the registration message including the subscriber information to be protected;
  
  verifying the integrity code in the network control element; and
  
  performing an authentication of the subscriber by using the integrity code, wherein the network control element controls a first network, and the network system further comprises an additional network control element controlling a second network, the additional network control element being configured to perform an additional authentication;
  
  calculating a result in the communication device from a predetermined number supplied by the additional network control element;
  
  performing the additional authentication in the additional network control element by using the result;
  
  choosing which algorithm is to be used for calculating the integrity code; and
  
  forwarding a message including information about the chosen algorithm to the communication device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The method according to claim 21, wherein the subscriber information to be protected comprises information regarding the originator of the registration message.
  - 23. The method according to claim 21, wherein the subscriber information to be protected comprises information regarding the subscriber to be registered.
  - 24. The method according to claim 21, further comprising sending a message including algorithm capability information from the communication device to the network control element.
  - 25. The method according to claim 24, further comprising:
    - forwarding the algorithm capability information with the registration message from the communication device to the network control element; and
      
      verifying the algorithm capability information in the network control element.
  - 26. The method according to claim 24, further comprising:
    - forwarding the algorithm capability information with the message including the information to be protected from the network control element to the communication device; and
      
      verifying the algorithm capability information in the communication device.
  - 27. The method according to claim 21, further comprising performing the additional authentication by comparing the result received from the communication device with a scheduled result.
  - 28. The method according to claim 27, wherein the predetermined number and the scheduled result are provided by a home subscriber database, an Authentication Centre or an Authentication Authorization and Accounting server.
  - 29. The method according to claim 21, wherein the calculation is performed by using GSM or UMTS algorithms.

30. A method for performing registration of a subscriber in a network system, comprising a network control element and a communication device associated to a subscriber, said method comprising:
- sending a registration message from the communication device to the network control element;
  
  calculating an integrity code in the network control element by using a part or whole of the registration message including subscriber information to be protected, wherein the subscriber information to be protected comprises contact information;
  
  sending a message, which includes the information to be protected and the integrity code to the communication device;
  
  verifying the integrity code in the communication device; and
  
  performing an authentication of the subscriber by using the integrity code, wherein the network control element controls a first network, and the network system further comprises an additional network control element controlling a second network, the additional network control element being configured to perform an additional authentication;
  
  calculating a result in the communication device from a predetermined number supplied by the additional network control element;
  
  performing the additional authentication in the additional network control element by using the result;
  
  choosing which algorithm is to be used for calculating the integrity code; and
  
  forwarding a message including information about the chosen algorithm to the communication device.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The method according to claim 30, wherein the subscriber information to be protected comprises information regarding the originator of the registration message.
  - 32. The method according to claim 30, wherein the subscriber information to be protected comprises information regarding the subscriber to be registered.
  - 33. The method according to claim 30, further comprising sending a message including algorithm capability information from the communication device to the network control element.
  - 34. The method according to claim 33, further comprising:
    - forwarding the algorithm capability information with the registration message from the communication device to the network control element; and
      
      verifying the algorithm capability information in the network control element.
  - 35. The method according to claim 33, further comprising:
    - forwarding the algorithm capability information with the message including the information to be protected from the network control element to the communication device; and
      
      verifying the algorithm capability information in the communication device.
  - 36. The method according to claim 30, further comprising performing the additional authentication by comparing the result received from the communication device with a scheduled result.
  - 37. The method according to claim 36, wherein the predetermined number and the scheduled result are provided by a home subscriber database, an Authentication Centre or an Authentication Authorization and Accounting server.
  - 38. The method according to claim 30, wherein the calculation is performed by using GSM or UMTS algorithms.
  - 39. The method according to claim 30, wherein the message including information to be protected is the registration message received from the communication device.
  - 40. The method according to claim 30, wherein the message including information to be protected is a response message sent from the network in response to the registration message from the communication device.

41. A network system comprising:
- a network control element and a communication device associated to a subscriber,wherein the communication device is configured to send a registration message including algorithm capability information to the network control element,wherein the network control element is configured to choose which algorithm is to be used for calculating an integrity code and to send a corresponding message to the communication device,wherein the network control element or the communication device is configured to verify the algorithm capability information on a later transmittal of a message including the algorithm capability information.
- View Dependent Claims (42, 43, 44, 45, 46, 47)
- - 42. The network system according to claim 41, wherein the communication device is configured to calculate an integrity code by using a part or whole of a registration message and to forward the registration message and the integrity code to the network control element.
  - 43. The network system according to claim 42, wherein the communication device is configured to forward also information regarding the used algorithm.
  - 44. The network system according to claim 43, wherein the network control element is configured to verify the integrity code on receiving the registration message from the communication device by using the information regarding the used algorithm.
  - 45. The network system according to claim 41, wherein the network control element is configured to calculate an integrity code by using a part or whole of a registration message received from the communication device and to forward a message and the integrity code to the communication device.
  - 46. The network system according to claim 45, wherein the network control element is configured to forward also information regarding the used algorithm.
  - 47. The network system according to claim 46, wherein the communication device is configured to verify the integrity code on receiving the message from the network control element by using the information regarding the used algorithm.

48. A method, comprising:
- sending a registration message including algorithm capability information from a communication device associated to a subscriber to a network control element;
  
  choosing which algorithm is to be used for calculating an integrity code;
  
  sending a corresponding message to the communication device;
  
  verifying the algorithm capability information on a later transmittal of a message including the algorithm capability information in the network control element and/or the communication device; and
  
  completing registration of the subscriber based on the verified algorithm capability information.
- View Dependent Claims (49, 50, 51, 52, 53, 54)
- - 49. The method according to claim 48, further comprising:
    - calculating an integrity code by using a part or whole of a registration message; and
      
      forwarding the registration message and the integrity code from the communication device to the network control element.
  - 50. The method according to claim 49, further comprising forwarding also information regarding the used algorithm to the network control element.
  - 51. The method according to claim 50, further comprising the step of verifying the integrity code on receiving the registration message from the communication device by using the information regarding the used algorithm.
  - 52. The method according to claim 48, further comprising:
    - calculating an integrity code by using a part or whole of a registration message received from the communication device; and
      
      forwarding a message and the integrity code to the communication device.
  - 53. The method according to claim 52, further comprising forwarding also information regarding the used algorithm to the communication device.
  - 54. The method according to claim 53, further comprising verifying the integrity code on receiving the message from the network control element by using the information regarding the used algorithm.

55. A network system, comprising:
- a network control element and a communication device associated to a subscriber;
  
  sending means for sending a registration message including subscriber information to be protected and an integrity code to the network control element, wherein the subscriber information to be protected comprises contact information;
  
  calculating means for calculating the integrity code in the communication device by using a part or whole of the registration message including the subscriber information to be protected;
  
  verifying means for verifying the integrity code in the network control element; and
  
  performing means for performing an authentication of the subscriber by using the integrity code, wherein the network control element controls a first network, and the network system further comprises an additional network control element controlling a second network, the additional network control element being configured to perform an additional authentication;
  
  calculating means for calculating a result in the communication device from a predetermined number supplied by the additional network control element;
  
  performing means for performing the additional authentication in the additional network control element by using the result;
  
  choosing which algorithm is to be used for calculating the integrity code; and
  
  forwarding a message including information about the chosen algorithm to the communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Niemi, Valtterie, Niemi, Aki, Rajaniemi, Jaakko, Flykt, Patrik
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US10/432,220
Publication Number

US 20040029576A1
Time in Patent Office

2,535 Days
Field of Search

380/247, 380/270, 713/168
US Class Current

380/247
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/12   Applying verification of th...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1073   Registration or de-registra...

H04W 12/06   Authentication

H04W 12/106   Packet or message integrity

Integrity protection during initial registration of a subscriber in a telecommunications network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Integrity protection during initial registration of a subscriber in a telecommunications network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links