Method and apparatus for providing bootstrapping procedures in a communication network

US 9,300,641 B2
Filed: 02/10/2006
Issued: 03/29/2016
Est. Priority Date: 02/11/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a key with a terminal in a communication network according to a key agreement protocol, wherein the terminal is configured to operate using spread spectrum;

tying the agreed key to an authentication procedure to provide a security association that supports reuse of the key;

and generating a master key based on the agreed key;

wherein the key agreement protocol is performed over a transport security (TLS) tunnel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.

20 Citations

View as Search Results

14 Claims

1. A method comprising:
- establishing a key with a terminal in a communication network according to a key agreement protocol, wherein the terminal is configured to operate using spread spectrum;
  
  tying the agreed key to an authentication procedure to provide a security association that supports reuse of the key;
  
  and generating a master key based on the agreed key;
  
  wherein the key agreement protocol is performed over a transport security (TLS) tunnel.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising:
    - generating a challenge message from the agreed key according to the authentication procedure.
  - 3. The method according to claim 1, further comprising:
    - generating a challenge message from a key agreement message exchanged with the terminal according to the key agreement protocol.
  - 4. The method according to claim 1, wherein the key agreement protocol includes a Diffie-Hellman key exchange scheme.
  - 5. The method according to claim 4, wherein the terminal is configured to communicate using spread spectrum and to perform bootstrapping according to a generic authentication architecture.
  - 6. The method according to claim 1, wherein the authentication procedure includes a challenge handshake authentication protocol (CHAP).

7. A method for authenticating comprising:
- establishing a shared key with a network element in a communication network according to a key agreement protocol, wherein the network element is configured to tie the agreed key to an authentication procedure to provide a security association that supports reuse of the key;
  
  and generating a master key based on the agreed key;
  
  wherein the key agreement protocol is performed over a transport layer security (TLS) tunnel.
- View Dependent Claims (8, 9, 10)
- - 8. The method according to claim 7, wherein the key agreement protocol includes a Diffie-Hellman key exchange scheme.
  - 9. The method according to claim 7, further comprising:
    - communicating with the network element using Code Division Multiple Access (CDMA);
10. The method according to claim 7, wherein the authentication procedure includes a challenge handshake authentication protocol (CHAP).

11. An apparatus comprising:
- an authentication module configured to establish a shared key with a network element in a communication network according to a key agreement protocol, wherein the agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key, the authentication module being further configured to generate a master key based on the agreed key;
  
  wherein the key agreement protocol is performed over a transport layer security (TLS) tunnel.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus according to claim 11, wherein the key agreement protocol includes a Diffie-Hellman key exchange scheme.
  - 13. The apparatus according to claim 11, further comprising:
    - a transceiver configured to communicate with the network element using spread spectrum, wherein the authentication module being further configured to perform bootstrapping according to a generic authentication architecture.
  - 14. The apparatus according to claim 11, wherein the authentication procedure includes a challenge handshake authentication protocol (CHAP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Laitinen, Pekka, Ginzboorg, Philip, Asokan, Nadarajah, Bajko, Gabor
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US11/352,058
Publication Number

US 20060182280A1
Time in Patent Office

3,700 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 9/4416   Network booting; Remote ini...

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/0892   by using authentication-aut...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/166   at the transport layer

H04L 9/0844   with user authentication or...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Method and apparatus for providing bootstrapping procedures in a communication network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing bootstrapping procedures in a communication network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links