Secure multi-user identity module key exchange

US 8,296,836 B2
Filed: 01/06/2010
Issued: 10/23/2012
Est. Priority Date: 01/06/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key,wherein the communication device component generates a derivation key by applying a first pseudo random function to the RAND and the shared secret key, and whereinthe communication device component generates a first set of session keys based on a second random nonce (RANDC) received from a user identity module operatively connected with the communication device, and the derivation key where the first set of session keys are used in encrypting communications.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications.

15 Citations

View as Search Results

19 Claims

1. An apparatus, comprising:
- a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key,wherein the communication device component generates a derivation key by applying a first pseudo random function to the RAND and the shared secret key, and whereinthe communication device component generates a first set of session keys based on a second random nonce (RANDC) received from a user identity module operatively connected with the communication device, and the derivation key where the first set of session keys are used in encrypting communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the first set of session keys are used in conjunction with a second set of session keys to perform secure communications, where the first set of session keys and the second set of session keys are equal.
  - 3. The apparatus of claim 2, wherein the user identity module comprises the derivation key, the shared secret key and the first set of session keys, and the user identity module exports the first set of session keys to the communication device;
    - andthe shared secret key and the derivation key are not exported to the communication device.
  - 4. The apparatus of claim 1, wherein the authentication token comprises a sequence number, a first message authentication code and an authentication management field;
    - the user identity module computes a second message authentication code by applying a second pseudo random function to the shared secret key, the sequence number, the authentication management field and the RAND;
      
      the user identity module compares the second message authentication code to the first message authentication code and if the first message authentication code equals the second message authentication code the user identity module derives the RANDC, the session keys and a response; and
      
      the user identity module exports the first set of session keys, the RANDC and the response to the communication device.
  - 5. The apparatus of claim 4, wherein deriving the RANDC, the first set of session keys and the response further comprises:
    - generating the RANDC;
      
      computing the first set of session keys by applying a third pseudo random function wherein the first set of session keys comprises an integrity key and a cipher key; and
      
      computing the response by applying a fourth pseudo random function to the RANDC and the derivation key.
  - 6. The apparatus of claim 5, wherein:
    - the user identity module computes the integrity key by applying a fifth pseudo random function to the RANDC and the derivation key; and
      
      the user identity module computes the cipher key by applying a sixth pseudo random function to the RANDC and the derivation key.
  - 7. The apparatus of claim 4, wherein the communication device communicates the RANDC and the response to a serving network wherein the serving network generates the second set of session keys, wherein the first set of session keys and the second set of session keys are used to encrypt communications between the serving network and the communication device.

8. An apparatus, that:
- receives from a client through a network node that is communicatively coupled with the client a response and a first random nonce (RANDC);
  
  retrieves a derivation key based on a client identifier;
  
  computes an expected response from the derivation key and the RANDC;
  
  compares the response with the expected response and if the response equals the expected response, derives a first set of session keys, where the first set of session keys are used in conjunction with a second set of session keys to perform encrypted communications.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8, wherein:
    - the first set of session keys and the second set of session keys are equal;
      
      the client comprises the second set of session keys.
  - 10. The apparatus of claim 9, wherein the first set of session keys comprises an integrity key and a cipher key where the integrity key is computed by applying a seventh pseudo random function to the RANDC and the derivation key;
    - andthe cipher key is computed by applying an eighth pseudo random function to the RANDC and the derivation key.
  - 11. The apparatus of claim 9, wherein:
    - the network node computes the expected response by applying a ninth pseudo random function to the RANDC and the derivation key; and
      
      if the expected response equals the response, the network node derives the first set of session keys.
  - 12. The apparatus of claim 9, wherein:
    - the network node is communicatively coupled with a key server;
      
      the network node receives an authentication vector from the key server, wherein the authentication vector comprises a second random nonce (RAND), an authentication token and the derivation key;
      
      the network node stores the derivation key;
      
      upon request from the client, the network node communicates the RAND and the authentication token to the client; and
      
      the client uses the RAND and the authentication token to compute the second set of session keys.

13. A method comprising the steps of:
- receiving an authentication vector comprising a first random nonce (RAND), a first derivation key and an authentication token;
  
  communicating an authentication request message where the authentication request message comprises the RAND and the authentication token;
  
  receiving from a client a second random nonce (RANDC) and a response; and
  
  deriving a first set of session keys based on the RANDC, and the first derivation key, where the first set of session keys is used to encrypt communications.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13 further comprising:
    - determining if the response equals an expected response, where the expected response is computed by applying a tenth pseudo random function to the first derivation key and the RANDC; and
      
      deriving the first set of session keys if the expected response equals the response, where the first set of session keys comprise a cipher key and an integrity key, where the cipher key is computed by applying an eleventh pseudo random function to the first derivation key and the RANDC, and the integrity key is computed by applying a twelfth pseudo random function to the RANDC and the first derivation key.
  - 15. The method of claim 13 further comprising:
    - the first derivation key is derived by applying a thirteenth pseudo random function to a first shared secret key and the RAND;
      
      a first message authentication code is computed by applying a fourteenth pseudo random function to the first shared secret key, a sequence number, the RAND and an authentication management field;
      
      the authentication token further comprises the sequence number, the authentication management field and the first message authentication code.
  - 16. The method of claim 15, where the client computes a second derivation key by applying a fifteenth pseudo random function to a second shared secret key and the RAND;
    - andthe client verifies that the first message authentication code equals a second message authentication code and if the first message authentication code equals the second message authentication code, generates the RANDC, computes the response by applying a sixteenth pseudo random function to the RANDC and the second derivation key, and computes a second set of session keys.
  - 17. The method according to claim 16 wherein the client keeps the second derivation key in a user identity module and does not export the second derivation key from the user identity module.
  - 18. The method according to claim 16 wherein computing the second set of session keys further comprises computing an integrity key and a cipher key, where the integrity key is computed by applying a seventeenth pseudo random function to the second derivation key and the RANDC and the cipher key is computed by applying an eighteenth pseudo random function to the second derivation key and the RANDC.
  - 19. The method of claim 16 wherein the first derivation key equals the second derivation key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Kolesnikov, Vladimir Y.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US12/655,706
Publication Number

US 20110167272A1
Time in Patent Office

1,021 Days
Field of Search

None
US Class Current

726/9
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/162   at the data link layer

H04L 9/3242   involving keyed hash functi...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/45   using multiple identity mod...

Secure multi-user identity module key exchange

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Secure multi-user identity module key exchange

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others