Method and apparatus for providing bootstrapping procedures in a communication network
First Claim
1. A method comprising:
- establishing a key with a terminal in a communication network according to a key agreement protocol, wherein the terminal is configured to operate using spread spectrum;
tying the agreed key to an authentication procedure to provide a security association that supports reuse of the key;
and generating a master key based on the agreed key;
wherein the key agreement protocol is performed over a transport security (TLS) tunnel.
2 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
20 Citations
14 Claims
-
1. A method comprising:
-
establishing a key with a terminal in a communication network according to a key agreement protocol, wherein the terminal is configured to operate using spread spectrum; tying the agreed key to an authentication procedure to provide a security association that supports reuse of the key; and generating a master key based on the agreed key; wherein the key agreement protocol is performed over a transport security (TLS) tunnel. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for authenticating comprising:
-
establishing a shared key with a network element in a communication network according to a key agreement protocol, wherein the network element is configured to tie the agreed key to an authentication procedure to provide a security association that supports reuse of the key; and generating a master key based on the agreed key; wherein the key agreement protocol is performed over a transport layer security (TLS) tunnel. - View Dependent Claims (8, 9, 10)
and bootstrapping according to a generic authentication scheme.
-
-
10. The method according to claim 7, wherein the authentication procedure includes a challenge handshake authentication protocol (CHAP).
-
11. An apparatus comprising:
-
an authentication module configured to establish a shared key with a network element in a communication network according to a key agreement protocol, wherein the agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key, the authentication module being further configured to generate a master key based on the agreed key; wherein the key agreement protocol is performed over a transport layer security (TLS) tunnel. - View Dependent Claims (12, 13, 14)
-
Specification