Method and apparatus for binding subscriber authentication and device authentication in communication systems
First Claim
1. A method operational in a device, comprising:
- performing subscriber authentication with a network entity based on a subscriber authentication key;
performing device authentication of the device with the network entity to obtain device authentication data, wherein the device authentication data is obtained based on a challenge received by the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce;
generating a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and
using the security key to secure communications between the device and a serving network.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network.
70 Citations
49 Claims
-
1. A method operational in a device, comprising:
-
performing subscriber authentication with a network entity based on a subscriber authentication key; performing device authentication of the device with the network entity to obtain device authentication data, wherein the device authentication data is obtained based on a challenge received by the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; generating a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and using the security key to secure communications between the device and a serving network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A device, comprising:
-
a communication interface; and a processing circuit coupled to the communication interface, the processing circuit adapted to; perform subscriber authentication with a network entity based on a subscriber authentication key; perform device authentication of the device with the network entity to obtain device authentication data, wherein the device authentication data is obtained based on a challenge received by the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; generate a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and use the security key to secure communications between the device and a serving network. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A device, comprising:
-
means for performing subscriber authentication with a network entity based on a subscriber authentication key; means for performing device authentication of the device with the network entity to obtain device authentication data, wherein the device authentication data is obtained based on a challenge received by the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; means for generating a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and means for using the security key to secure communications between the device and a serving network. - View Dependent Claims (27)
-
-
28. A non-transitory processor-readable medium comprising instructions operational on a device, which when executed by a processor causes the processor to:
-
perform subscriber authentication with a network entity based on a subscriber authentication key; perform device authentication of the device with the network entity to obtain device authentication data, wherein the device authentication data is obtained based on a challenge received by the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; generate a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and use the security key to secure communications between the device and a serving network.
-
-
29. A method operational in a network entity, comprising:
-
performing subscriber authentication with a device based on a subscriber authentication key; performing device authentication of the device to obtain device authentication data, wherein the device authentication data is obtained based on a challenge sent to the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; generating a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and using the security key to secure communications between the network entity and the device. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A network entity, comprising:
-
a communication interface; and a processing circuit coupled to the communication interface, the processing circuit adapted to; perform subscriber authentication with a device based on a subscriber authentication key; perform device authentication of the device to obtain device authentication data, wherein the device authentication data is obtained based on a challenge sent to the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; generate a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and use the security key to secure communications between the network entity and the device. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A network entity, comprising
means for performing subscriber authentication with a device based on a subscriber authentication key; -
means for performing device authentication of the device to obtain device authentication data, wherein the device authentication data is obtained based on a challenge sent to the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; means for a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and means for using the security key to secure communications between the network entity and the device.
-
-
49. A non-transitory processor-readable medium comprising instructions operational on a network entity, which when executed by a processor causes the processor to:
-
perform subscriber authentication with a device based on a subscriber authentication key; perform device authentication of the device to obtain device authentication data, wherein the device authentication data is obtained based on a challenge sent to the device and on a device identity or credential, the device authentication data incorporating at least a portion of the challenge and wherein the device authentication data includes an encrypted parameter derived from a device temporary key, a network nonce and a device nonce; generate a security key based on the subscriber authentication key and at least a portion of the device authentication data to bind the subscriber authentication and the device authentication; and use the security key to secure communications between the network entity and the device.
-
Specification