Method for producing key material for use in communication with network
First Claim
Patent Images
1. A method, comprising:
- producing, by a mobile station, authentication information by performing an authentication procedure with a communication system, the authentication procedure performed through a path external to a second system;
exchanging, by the mobile station and through a route external to the communication system, key generation information comprising a shared secret with the second system and wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; and
generating, by the mobile station, a communication key to communicate with the second system using at least in part the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system,wherein the communication system comprises at least one base station and the second system comprises at least one server node.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention relates to security procedures in a communication system, specifically to production of key material. The invention provides a method for producing key material in a highly secure way for use in communication with a local network of a company. The method uses authentication information obtained from the communication system and information exchanged locally between a mobile station and the authentication systems of the company to produce a communication key for use in authentication procedures or e.g. for signing and/or encrypting data.
-
Citations
35 Claims
-
1. A method, comprising:
-
producing, by a mobile station, authentication information by performing an authentication procedure with a communication system, the authentication procedure performed through a path external to a second system; exchanging, by the mobile station and through a route external to the communication system, key generation information comprising a shared secret with the second system and wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; andgenerating, by the mobile station, a communication key to communicate with the second system using at least in part the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system, wherein the communication system comprises at least one base station and the second system comprises at least one server node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
requesting and receiving, by a second system, authentication information related to a mobile station from an authentication node of a communication system; exchanging by the second system, through a route external to the communication system, key generation information comprising a shared secret with the mobile station, wherein the shared secret is not known to the communication system and comprises at least one of;
a personal identification number, a password, or a random seed value for a sequence, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; andgenerating a communication key by the second system to communicate with the mobile station using at least in part the authentication information and the key generation information, wherein the communication system comprises at least one base station and-the second system comprises at least one server node. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising:
-
producing authentication information by performing an authentication procedure between a mobile station and a communication system, the authentication procedure performed through a path external to a second system; exchanging between the mobile station and the second system, through a route external to the communication system, key generation information comprising a shared secret with the second system, wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; andgenerating a communication key by the mobile station to communicate with the second system based at least in part on the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system, wherein the communication system comprises at least one base station and the second system comprises at least one server node.
-
-
19. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising:
-
requesting and receiving by a second system, authentication information related to a mobile station from an authentication node of a communication system; exchanging between the mobile station and the second system, through a route external to the communication system, key generation information comprising a shared secret with the mobile station, wherein the shared secret is not known to the communication system and comprises a personal identification number, a password, or a random seed value for a sequence, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; andgenerating a communication key for communication of the second system with the mobile station using at least in part the authentication information and the key generation information, wherein the communication system comprises at least one base station and the second system comprises at least one server node.
-
-
20. A mobile station, comprising:
-
a processor; and a memory including computer program code, the memory and the computer program code configured to, with the processor, cause the mobile station at least to produce authentication information by performing an authentication procedure with a communication system, the authentication procedure performed through a path external to a second system, perform exchanging, through a route external to the communication system, key generation information comprising a shared secret with the second system, wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value, andgenerate a communication key to communicate with the second system based at least in part on the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system, wherein the communication system comprises at least one base station and the second system comprises at least one server node. - View Dependent Claims (21, 22, 23, 24)
-
-
25. An apparatus, comprising:
-
a processor; and a memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus at least to request authentication information related to a mobile station, the authentication information being received from an authentication node of a wireless communication system, perform exchanging between the mobile station and a second system comprising said apparatus, through a route external to the wireless communication system, key generation information comprising a shared secret with the mobile station, wherein the shared secret is not known to the wireless communication system and comprises at least one of;
a personal identification number, a password, or a random seed value for a sequence, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; andgenerate a communication key for communication of the second system with the mobile station based at least in part on the authentication information and the key generation information, wherein the wireless communication system comprises at least one base station and the second system comprises at least one server node. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A system, comprising:
-
a mobile station; a controller in the mobile station configured to produce authentication information by performing an authentication procedure with a first authentication node associated with a first communication system through a path external to a second communication system; a controller in the mobile station configured to perform exchanging key generation information with a controller in a second authentication node associated with the second communication system through a route external to the first communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of;
issuing an error message and interrupting said exchanging by the second communication system, if a delay of said transmission received by the second communication system exceeds a threshold value;a requester in the second authentication node configured to request authentication information related to the mobile station from the first authentication node; wherein the key generation information comprises a shared secret with the mobile station, wherein the shared secret is not known by the first communication system and comprises at least one of; a personal identification number, a password, or a random seed value for a sequence; and a key generator in the second authentication node configured to generate a communication key based at least in part on the authentication information and the key generation information to establish a communication of the second communication system with the mobile station using said communication key generated in the second authentication node and a communication key generated by the mobile station using at least in part the key generation information and said authentication information, wherein the first communication system comprises at least one base station and the second communication system comprises at least one server node. - View Dependent Claims (33, 34, 35)
-
Specification