Security level establishment under generic bootstrapping architecture

US 8,037,522 B2
Filed: 03/23/2007
Issued: 10/11/2011
Est. Priority Date: 03/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;

returning a response from the credential establishment entity to the application entity, wherein the response comprises the returned credential and credential quality information;

determining, at the application entity, a security level of the returned credential based on the credential quality information;

comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and

establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security level establishment for an application in a terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms, the terminal equipment comprising a credential establishment entity and an application entity, comprising a request for a credential for the application from the application entity to the credential establishment entity and a response from the credential establishment entity to the application entity, wherein the response comprises the requested credential and credential quality information.

39 Citations

View as Search Results

28 Claims

1. A method comprising:
- sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  returning a response from the credential establishment entity to the application entity, wherein the response comprises the returned credential and credential quality information;
  
  determining, at the application entity, a security level of the returned credential based on the credential quality information;
  
  comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, further comprising:
    - notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 3. The method according to claim 1, wherein the credential quality information comprises a type of bootstrapping mechanism on the basis of which the requested credential is generated.
  - 4. The method according to claim 3, wherein the type of bootstrapping mechanism is one of the following:
    - subscriber identity module based type;
      
      universal subscriber identity module based type;
      
      Internet protocol multimedia services subscriber identity module based type;
      
      cellular authentication and voice encryption based type;
      
      point-to-point challenge handshake authentication protocol based type;
      
      removable user identity module based type;
      
      or digital certificate based type.
  - 5. The method according to claim 1, wherein the credential quality information comprises credential deletion information defining at least one condition under which the requested credential is to be deleted at the application entity.
  - 6. The method according to claim 5, wherein the credential deletion information defines as a condition at least one of the following:
    - removing a smartcard from the terminal equipment;
      
      powering-down the terminal device;
      
      or revocation of credentials.
  - 7. The method according to claim 5, further comprising:
    - pushing a credential deletion notice from the credential establishment entity to the application entity that the condition is fulfilled; and
      
      deleting the returned credential from the application entity upon receipt of the credential deletion notice.
  - 8. The method according to claim 1, further comprising:
    - pushing, from the credential establishment entity to the application entity, a credential deletion command for deleting a credential at the application entity; and
      
      deleting the credential from the application entity upon receipt of the credential deletion command, wherein the credential deletion command is pushed when a predetermined condition is fulfilled at the credential establishment entity.
  - 9. The method according to claim 1, wherein the credential establishment entity is a generic authentication architecture server and the application entity is a generic authentication architecture client.
  - 10. The method according to claim 1, wherein the terminal equipment is based on an open platform environment.
  - 11. The method according to claim 10, wherein the credential establishment entity comprises a generic bootstrapping architecture application programming interface.

12. A method comprising:
- sending, by an application entity in a terminal equipment, a request for a credential for an application in the terminal equipment from the application entity to a credential establishment entity of the terminal equipment, wherein the terminal equipment comprises the application entity and the credential establishment entity;
  
  receiving, from the credential establishment entity a response which comprises the requested credential and credential quality information;
  
  determining a security level of the received credential based on the credential quality information;
  
  comparing the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (13, 14, 15)
- - 13. The method according to claim 12, further comprising:
    - notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 14. The method according to claim 12, further comprising:
    - deleting the returned credential from the application entity, when a predetermined condition is fulfilled.
  - 15. The method according to claim 12, wherein the application entity is a generic authentication architecture client.

16. A computer program embodied on a non-transitory computer-readable medium comprising program code configured to perform operations comprising:
- sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  returning a response from the credential establishment entity to the application entity, wherein the response comprises the returned credential and credential quality information;
  
  determining, at the application entity, a security level of the returned credential based on the credential quality information;
  
  comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

17. A computer program embodied in a non-transitory computer-readable medium comprising program code configured to perform operations comprising:
- sending, by an application entity in a terminal equipment, a request for a credential for an application in the terminal equipment from the application entity to a credential establishment entity of the terminal equipment, wherein the terminal equipment comprises the application entity and the credential establishment entity;
  
  receiving, from the credential establishment entity a response which comprises the requested credential and credential quality information;
  
  determining a security level of the received credential based on the credential quality information;
  
  comparing the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity refrains from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and
  
  establishing a security level for the application under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.

18. An apparatus comprising:
- at least one processor; and
  
  at least one memory including code which when executed by the processor provides operations comprising;
  
  sending a request for a credential for an application in a terminal equipment from an application entity of the terminal equipment to a credential establishment entity of the terminal equipment;
  
  returning a response from the credential establishment entity to the application entity, wherein the response comprises the requested returned credential and credential quality information;
  
  determining, at the application entity, a security level of the returned credential based on the credential quality information;
  
  comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity is configured to refrain from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The apparatus according to claim 18, further comprising:
    - notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 20. The apparatus according to claim 18, further comprising:
    - deleting the returned credential from the application entity, when a predetermined condition is fulfilled.
  - 21. The apparatus according to claim 18, wherein the credential establishment entity is a generic authentication architecture server and the application entity is a generic authentication architecture client.
  - 22. The apparatus according to claim 18, wherein the terminal equipment is based on an open platform environment.
  - 23. The apparatus according to claim 18, wherein the terminal equipment is based on a closed platform environment.
  - 24. The apparatus according to claim 22, wherein the credential establishment entity comprises a generic bootstrapping architecture application programming interface.

25. An apparatus, comprising:
- at least one processor; and
  
  at least one memory including code which when executed by the processor provides operations comprising;
  
  sending, by an application entity in a terminal equipment, a request for a credential for an application in the terminal equipment from the application entity to a credential establishment entity of the terminal equipment, wherein the terminal equipment comprises the application entity and the credential establishment entity;
  
  receiving, from the credential establishment entity a response which comprises the requested credential and credential quality information;
  
  determining, at the application entity, a security level of the returned credential based on the credential quality information;
  
  comparing, at the application entity, the determined security level of the credential with a desired security level of the application using the returned credential, wherein the application entity is configured to refrain from executing the application, for which the returned credential is requested, if the comparing yields that the determined security level of the credential is lower than the desired security level of the application; and
  
  establishing a security level for the application in the terminal equipment under a generic bootstrapping architecture offering a plurality of different bootstrapping mechanisms.
- View Dependent Claims (26, 27, 28)
- - 26. The apparatus according to claim 25, further comprising:
    - notifying a network application function entity of the generic bootstrapping architecture about the returned credential quality information.
  - 27. The apparatus according to claim 25, further comprising:
    - deleting the returned credential from the application entity, when a predetermined condition is fulfilled.
  - 28. The apparatus according to claim 25, wherein the apparatus comprises a terminal equipment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Laitinen, Pekka, Holtmanns, Silke
Primary Examiner(s)
Shiferaw; Eleni
Assistant Examiner(s)
SHOLEMAN, ABU S

Application Number

US11/727,186
Publication Number

US 20070240205A1
Time in Patent Office

1,663 Days
Field of Search

726/19, 726/5, 726/14, 726/15, 726/17, 726/29, 713/168, 713/169, 713/152, 713/156, 713/167, 455/411, 455/433
US Class Current

726/19
CPC Class Codes

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

H04W 12/033   of the user plane, e.g. use...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Security level establishment under generic bootstrapping architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Security level establishment under generic bootstrapping architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links