Generating asymmetric keys in a telecommunications system

US 7,424,115 B2
Filed: 05/02/2003
Issued: 09/09/2008
Est. Priority Date: 01/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

generating a first seed value in a user terminal and a second seed value in at least one network node, such that the first and the second seed values are identical, wherein the at least one network node services the user terminal, and wherein a key pair comprises a public key and a private key; and

generating, based on said first seed value, a first key pair in the user terminal, and, based on the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for creating a key pair in a telecommunications system comprises a user terminal and at least one network node serving the user terminal. In the method, upon a successful user authentication, a first seed value is composed in the user terminal and a second seed value is composed in the network node, such that the seed values are identical. Based on the seed values, respective public/private key pairs are generated, such that the generated public/private key pair in the user terminal and the generated public/private key pair in the network node are identical.

Citations

28 Claims

1. A method, comprising:
- generating a first seed value in a user terminal and a second seed value in at least one network node, such that the first and the second seed values are identical, wherein the at least one network node services the user terminal, and wherein a key pair comprises a public key and a private key; and
  
  generating, based on said first seed value, a first key pair in the user terminal, and, based on the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said first and second key pairs are generated using the same key generator application.
  - 3. The method of claim 1, wherein generating said first and second key pair and seed values is initiated upon a successful authentication of the user terminal.
  - 4. The method of claim 1, wherein the public key is temporary.
  - 5. The method of claim 1, wherein the private key is temporary.
  - 6. The method of claim 1, comprising storing a backup copy of the private key in a security module of the at least one network node.

7. A method, comprising:
- generating a first seed value in a user terminal and a second seed value in at least one network node, such that the first and the second seed values are identical, wherein the at least one network node services the user terminal, and wherein a key pair comprises a public key and a private key; and
  
  generating, based on said first seed value, a first key pair in the user terminal, and, based on the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,wherein said first and second seed values are generated using a cipher key of a second generation network.

8. A method, comprising:
- generating a first seed value in a user terminal and a second seed value in at least one network node, such that the first and the second seed values are identical, wherein the at least one network node services the user terminal, and wherein a key pair comprises a public key and a private key;
  
  generating, based on said first seed value, a first key pair in the user terminal, and, based on the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,incrementing an authentication counter stored in the user terminal, indicating a successful authentication of the user terminal, thus triggering a generation of the first and second key pairs through seed values in the user terminal; and
  
  incrementing an authentication counter stored in the at least one network node, indicating a successful authentication of the user terminal, thus triggering the generation of the first and second key pairs through seed values in the at least one network node.
- View Dependent Claims (9)
- - 9. The method of claim 8, wherein said authentication counters are user-specific.

10. A system, comprising:
- a user terminal; and
  
  at least one network node serving the user terminal;
  
  wherein the system is configured togenerate a first seed value in a user terminal and a second seed value in the at least one network node, such that the first and the second seed values are identical; and
  
  generate, on the basis of the first seed value, a first key pair in the user terminal, and, on the basis of the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- View Dependent Claims (11, 12, 13)
- - 11. The system according to claim 10, wherein the system is configured to initiate a generation of said first and second key pairs upon a successful authentication of the user terminal.
  - 12. The system according to claim 10, wherein the system is configured to use asymmetric ciphering.
  - 13. The system according to claim 10, wherein the system is configured to issue in at least one network node a certification for a public key of the second key pair and to store in the at least one network node the certification for the public key of the second key pair.

14. A system, comprising:
- a user terminal; and
  
  at least one network node serving the user terminal;
  
  wherein the system is configured togenerate a first seed value in a user terminal and a second seed value in the at least one network node, such that the first and the second seed values are identical; and
  
  generate, on the basis of the first seed value, a first key pair in the user terminal, and, on the basis of the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,wherein the system is configured to generate said first and second seed values using a cipher key of a second generation network.

15. An apparatus, comprising:
- a first routine configured to compose a second seed value, wherein the second seed value is identical to a first seed value composed in a user terminal that is serviced by the apparatus, wherein a key pair comprises a public key and a private key; and
  
  a second routine configured to generate, based on the second seed value, a second key pair wherein the second key pair is identical to a first key pair generated by the user terminal using the first seed value,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus according to claim 15, further comprising a third routine to initiate a generation of said public and related private keys upon a successful authentication of a user.
  - 17. The apparatus according to claim 15, further comprising:
    - an additional routine configured to issue certification of the public key and to store certification of the public key.
  - 18. The apparatus according to claim 15, further comprising:
    - an authentication center of a telecommunications system.
  - 19. The apparatus according to claim 15, further comprising:
    - a serving support node of a telecommunications system.
  - 20. The apparatus according to claim 15, further comprising:
    - a subscriber register of a telecommunications system.

21. An apparatus, comprising:
- a first routine configured to generate a first seed value, wherein the first seed value is identical to a second seed value composed in a network node configured to service the apparatus, wherein a key pair comprises a public key and a private key; and
  
  a second routine configured to generate, based on the first seed value, a first key pair, wherein the first key pair is identical to a second key pair generated by the network node using the second seed value,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- View Dependent Claims (22)
- - 22. The apparatus according to claim 21, further comprising a third routine to initiate a generation of said public and related private keys upon a successful authentication of a user.

23. An apparatus, comprising:
- means for generating a second seed value, wherein the second seed value is identical to a first second seed value generated in the user terminal that is serviced by the apparatus, wherein a key pair comprises a public key and a private key; and
  
  means for generating, based on the second seed value, a second key pair, wherein the second key pair is identical to a first key pair generated by the user terminal using the first seed value,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- View Dependent Claims (24, 25)
- - 24. The apparatus according to claim 23, further comprising means for initiating a generation of said public and related private keys upon a successful authentication of a user.
  - 25. The apparatus according to claim 23, further comprising:
    - means for issuing certification of the public key and storing certification of the public key.

26. An apparatus, comprising:
- means for generating a first seed value, wherein the first seed value is identical to a second seed value composed in a network node configured to service the apparatus, wherein a key pair comprises a public key and a private key; and
  
  means for generating, based on the first seed value, a first key pair, wherein the first key pair is identical to a second key pair generated by the network node using the second seed value,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- View Dependent Claims (27)
- - 27. The apparatus according to claim 26, further comprising:
    - means for initiating a generation of said public and related private keys upon a successful authentication of a user.

28. A computer program embodied on a computer-readable medium, the computer program configured to control a processor to perform operations comprising:
- generating a first seed value in a user terminal and a second seed value in at least one network node, such that the first and the second seed values are identical, wherein the at least one network node services the user terminal, and wherein a key pair comprises a public key and a private key; and
  
  generating, based on said first seed value, a first key pair in the user terminal, and, based on the second seed value, a second key pair in said at least one network node, such that the first and the second key pairs are identical,wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Miettinen, Kari, Hyyppä, Timo
Primary Examiner(s)
Revak; Christopher A

Application Number

US10/428,010
Publication Number

US 20040151317A1
Time in Patent Office

1,957 Days
Field of Search

None
US Class Current

380/44
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04W 12/041   Key generation or derivation

H04W 12/069   using certificates or pre-s...

Generating asymmetric keys in a telecommunications system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Generating asymmetric keys in a telecommunications system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links