Key generation in a communication system
First Claim
Patent Images
1. A method operational at an authentication entity for key generation in a communication system, comprising:
- authenticating an access to a Wireless Local Area Network (WLAN) by;
receiving a user identification, wherein the user identification is a Network Access Identifier (NAI),determining a challenge value, anddetermining one of a shared secret or a random value,generating, at a processing circuit of the authentication entity, a Master Session Key (MSK) for the access by hashing the user identification, the challenge value and one of the shared secret or the random value; and
sending an access accept message including the MSK.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication system generates a Master Session Key (MSK) for accesses to a system entity that does not provide encryption to traffic. Both the home server and the user generate the same MSK. The MSK is used to generate encryption keys for traffic. In one embodiment the MSK is generated using a hashing function and information specific to the requestor. The home server determines the need to generate the MSK based on information contained in an access request message. Once generated, the MSK is provided to the system entity to enable the entity to encrypt communications.
-
Citations
15 Claims
-
1. A method operational at an authentication entity for key generation in a communication system, comprising:
-
authenticating an access to a Wireless Local Area Network (WLAN) by; receiving a user identification, wherein the user identification is a Network Access Identifier (NAI), determining a challenge value, and determining one of a shared secret or a random value, generating, at a processing circuit of the authentication entity, a Master Session Key (MSK) for the access by hashing the user identification, the challenge value and one of the shared secret or the random value; and sending an access accept message including the MSK.
-
-
2. A method operational at a network entity for key generation in a communication system, comprising:
-
requesting authentication of an access to a Wireless Local Area Network (WLAN); receiving an access accept message including a Master Session Key (MSK) for the access; and generating, at a processing circuit of the network entity, at least one encryption key as a function of the MSK, wherein the at least one encryption key is used to encrypt traffic for the access, wherein the MSK is generated using an apparatus identifier, a shared secret, and one of a challenge or a random number, and the apparatus identifier is a Network Access Identifier (NAI).
-
-
3. An apparatus for key generation in a communication system, comprising:
-
means for authenticating an access to a Wireless Local Area Network (WLAN) including; means for receiving a user identification, wherein the user identification is a Network Access Identifier (NAI), means for determining a challenge value, and means for determining one of a shared secret or a random value, means for generating a Master Session Key (MSK) for the access by hashing the user identification, the challenge value and one of the shared secret or the random value; and means for determining an encryption key from the MSK.
-
-
4. An apparatus for key generation in a communication system, comprising:
-
means for requesting authentication of an access to a Wireless Local Area Network (WLAN); means for receiving an access accept message including a Master Session Key (MSK) for the access; and means for generating at least one encryption key as a function of the MSK, wherein the at least one encryption key is used to encrypt traffic for the access, wherein the MSK is generated using an apparatus identifier, a shared secret, and one of a challenge or a random number, and the apparatus identifier is a Network Access Identifier (NAI).
-
-
5. An apparatus, comprising:
-
a processing unit; an authentication procedure unit coupled to the processing unit, adapted to request authentication of an access to a system, and adapted to compute a response to a challenge for the authentication; and a Master Session Key (MSK) generation unit coupled to the processing unit, adapted to generate an MSK, wherein the MSK is for generating at least one encryption key to encrypt traffic for the access, wherein the MSK is generated using an apparatus identifier, a shared secret, and one of the challenge or a random number, and the apparatus identifier is a Network Access Identifier (NAI).
-
-
6. A method operational in an authentication entity within a communication system, comprising:
-
receiving an access request message for an access to the communication system, the access request message having a first field; authenticating the access by; receiving a user identification; determining a challenge value; and determining a random value; determining the state of the first field; and if the state is a first value, generating a Master Session Key (MSK) at a processing circuit of the authentication entity for the access by hashing the user identification, the challenge value and the random value. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A communication apparatus, comprising:
-
means for receiving an access request message for an access to a communication system, the access request message having a first field, wherein a format of the access request message comprises; a type field identifying a type of attribute information for an access to the communication system, and a value field for the attribute information, the value field comprising; a second type field identifying a type of sub-attribute information for the access; and a second value field for the sub-attribute information; means for determining the state of the first field; and means for generating a Master Session Key (MSK) for the access if the state is a first value.
-
-
14. A method operational in an authentication entity within a communication system, comprising:
-
receiving an access request message for an access to the communication system, the access request message having a first field, wherein a format of the access request message comprises; a type field identifying a type of attribute information for an access to the communication system; and a value field for the attribute information, the value field comprising; a second type field identifying a type of sub-attribute information for the access; and a second value field for the sub-attribute information; determining the state of the first field; and if the state is a first value, generating a Master Session Key (MSK) at a processing circuit of the authentication entity for the access. - View Dependent Claims (15)
-
Specification