Method and apparatus for providing peer authentication for an internet key exchange
First Claim
1. A method by which an initiator (11), having a secret key (K), authenticates a responder (12), and vice versa, the method including a public key exchange, the method characterized by:
- a step (41) in which the initiator (11) sends the responder (12) a message (MM-3/AKA) claiming an identity (IMPI) of the client (11); and
a step (42-46) in which authentication of both the initiator (11) and the responder (12) is performed based on information derived from, but not revealing, the secret key (K).
1 Assignment
0 Petitions
Accused Products
Abstract
A protocol for use as a phase 1 authentication (and key agreement) IKE protocol, similar to IKE phase 1 authentication with public key encryption, but using the IMS AKA trust infrastructure instead of the PKI trust infrastructure. The invention thus allows an initiator (11) having a secret long-term key stored on a smart cart (11a), to authenticate a responder (12), the responder (12) having in some cases a trusted interface with a Home Subscriber Server (14) that has a copy (14a) of the initiator'"'"'s long-term key (and in other cases having itself access to the initiator'"'"'s long-term key). The protocol includes a Diffie-Hellman exchange, and by authenticating the initiator (11) and responder (12), the protocol authenticates the exchange.
58 Citations
13 Claims
-
1. A method by which an initiator (11), having a secret key (K), authenticates a responder (12), and vice versa, the method including a public key exchange, the method characterized by:
-
a step (41) in which the initiator (11) sends the responder (12) a message (MM-3/AKA) claiming an identity (IMPI) of the client (11); and
a step (42-46) in which authentication of both the initiator (11) and the responder (12) is performed based on information derived from, but not revealing, the secret key (K). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification