Method for securing data traffic in a mobile network environment

US 7,480,801 B2
Filed: 07/26/2004
Issued: 01/20/2009
Est. Priority Date: 01/24/2002
Status: Active Grant

First Claim

Patent Images

1. A method in a mobile network environment for securing data traffic between an external network and a terminal of a mobile user coupled to the external network, wherein the mobile user can be authenticated in a home location network by way of a private home location key pair, the method which comprises:

a) producing a private external key pair by exchanging partial keys between the terminal and a data securing device of the external network;

b) transmitting from the data securing device to the home location network an item of key information based on at least one of the partial keys and a message certified by the terminal by way of a first home location key of the private home location key pair;

c) verifying the certification of the message in the home location network with a second home location key of the private home location key pair, and producing a certificate for the key information;

d) transmitting the certificate to the data securing device; and

e) accepting the private external key pair for securing the data traffic subject to verification of the certificate transmitted from the home location network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to secure data traffic between an external network and a mobile user terminal coupled to the external network, the terminal and a data securing device of the external network produce a pair of private external keys by exchanging partial keys. One item of key information based on at least one of the partial keys, and one message certified by the terminal with a first home location key of the pair of home location keys, are transmitted by the data securing device to the home location network. The certification of the message is verified with a second home location key of the pair of home location keys and a certificate is issued for the key information. The certificate thus provided is transmitted to the data securing device and the pair of private external keys is accepted, subject to the verification of the transmitted certificate, in order to secure data traffic.

19 Citations

View as Search Results

18 Claims

1. A method in a mobile network environment for securing data traffic between an external network and a terminal of a mobile user coupled to the external network, wherein the mobile user can be authenticated in a home location network by way of a private home location key pair, the method which comprises:
- a) producing a private external key pair by exchanging partial keys between the terminal and a data securing device of the external network;
  
  b) transmitting from the data securing device to the home location network an item of key information based on at least one of the partial keys and a message certified by the terminal by way of a first home location key of the private home location key pair;
  
  c) verifying the certification of the message in the home location network with a second home location key of the private home location key pair, and producing a certificate for the key information;
  
  d) transmitting the certificate to the data securing device; and
  
  e) accepting the private external key pair for securing the data traffic subject to verification of the certificate transmitted from the home location network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method according to claim 1, which comprises transmitting the certificate from the data securing device to the terminal and verifying the certificate with the terminal.
  - 3. The method according to claim 1, which comprises verifying the certificate with the data securing device.
  - 4. The method according to claim 1, which comprises, if the step of verifying the certification of the message produces a negative result, transmitting a negative authentication message from the home location network to the data securing device.
  - 5. The method according to claim 1, which comprises producing the private external key pair with a Diffie-Hellman method.
  - 6. The method according to claim 1, which comprises transmitting the message and the key information to the home location network in the context of an authentication request.
  - 7. The method according to claim 1, which comprises transmitting the key information to the home location network within the message.
  - 8. The method according to claim 1, which comprises producing a common certificate for the message and the key information and transmitting the common certificate to the data securing device.
  - 9. The method according to claim 1, which comprises transmitting a code identifying at least one of the terminal and the data securing device to the home location network for certification.
  - 10. The method according to claim 9, which comprises producing a common certificate for the code and for at least one of the message and the key information and transmitting the common certificate to the data securing device.
  - 11. The method according to claim 1, which comprises producing the key information by arithmetically and/or logically linking a plurality of partial keys.
  - 12. The method according to claim 1, which comprises producing the key information by arithmetically and/or logically linking at least one partial key and security information produced by the terminal.
  - 13. The method according to claim 1, which comprises effecting the exchange of partial keys between the terminal and the data securing device in the context of data transmissions between the terminal and the data securing device as required for an exchange of data with the home location network.
  - 14. The method according to claim 1, which comprises exchanging data between the data securing device and the home location network with signaling messages according to ITU-T recommendation H.235.
  - 15. The method according to claim 1, which comprises transmitting at least one part of the key information transmitted by the data securing device to the home location network from the home location network to the data securing device and accepting the private external key pair for securing the data traffic subject to verification of the transmitted part of the key information.
  - 16. The method according to claim 15, which comprises verifying the transmitted part of the key information in the data securing device.
  - 17. The method according to claim 15, which comprises transmitting all of the key information transmitted by the data securing device to the home location network from the home location network to the data securing device, and verifying all of the key information.
  - 18. The method according to claim 15, which comprises, for the purpose of verifying the part of the key information transmitted from the home location network, determining whether or not the part of the key information transmitted from the home location network is part of the key information transmitted by the data securing device to the home location network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Lotz, Volkmar, Tej, Haykal, Mödersheim, Sebastian, Euchner, Martin
Primary Examiner(s)
Yao; Kwang B.
Assistant Examiner(s)
NGUYEN, ANH NGOC M

Application Number

US10/899,804
Publication Number

US 20050021955A1
Time in Patent Office

1,639 Days
Field of Search

380/258, 380/270, 380/277, 380/247, 380/248, 713/151, 713/168, 713/171, 713/175, 713/156, 713/155, 370/328, 370/277, 379/90.01, 455/3.01, 455/411, 455/432.1
US Class Current

713/171
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04W 12/069 using certificates or pre-s...

Method for securing data traffic in a mobile network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securing data traffic in a mobile network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links