Secure multi-user identity module key exchange
First Claim
Patent Images
1. An apparatus, comprising:
- a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key,wherein the communication device component generates a derivation key by applying a first pseudo random function to the RAND and the shared secret key, and whereinthe communication device component generates a first set of session keys based on a second random nonce (RANDC) received from a user identity module operatively connected with the communication device, and the derivation key where the first set of session keys are used in encrypting communications.
5 Assignments
0 Petitions
Accused Products
Abstract
An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications.
15 Citations
19 Claims
-
1. An apparatus, comprising:
-
a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key, wherein the communication device component generates a derivation key by applying a first pseudo random function to the RAND and the shared secret key, and wherein the communication device component generates a first set of session keys based on a second random nonce (RANDC) received from a user identity module operatively connected with the communication device, and the derivation key where the first set of session keys are used in encrypting communications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, that:
-
receives from a client through a network node that is communicatively coupled with the client a response and a first random nonce (RANDC); retrieves a derivation key based on a client identifier; computes an expected response from the derivation key and the RANDC; compares the response with the expected response and if the response equals the expected response, derives a first set of session keys, where the first set of session keys are used in conjunction with a second set of session keys to perform encrypted communications. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method comprising the steps of:
-
receiving an authentication vector comprising a first random nonce (RAND), a first derivation key and an authentication token; communicating an authentication request message where the authentication request message comprises the RAND and the authentication token; receiving from a client a second random nonce (RANDC) and a response; and deriving a first set of session keys based on the RANDC, and the first derivation key, where the first set of session keys is used to encrypt communications. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification