Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
First Claim
1. A method, comprising:
- receiving a first value and a first message authentication code;
generating a second message authentication code as a function of the first value by a hashing function on the received first value using a second value stored in a memory;
comparing the second message authentication code with the received first message authentication code; and
computing a key using the first value and the second value provided that the second message authentication code is equal to the first message authentication code.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.
135 Citations
34 Claims
-
1. A method, comprising:
-
receiving a first value and a first message authentication code;
generating a second message authentication code as a function of the first value by a hashing function on the received first value using a second value stored in a memory;
comparing the second message authentication code with the received first message authentication code; and
computing a key using the first value and the second value provided that the second message authentication code is equal to the first message authentication code. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of obtaining a short-term key in a communication system, the method comprising:
-
receiving a first value and a first digital signature formed from a first key;
verifying the first digital signature using a signature scheme on the first key and a second value wherein the second value is stored in a first memory and the signature scheme is stored in the first memory;
determining the source of the first digital signature; and
computing the short-term key using the first value and the second value providing that the first digital signature is determined to have been generated by a trusted source.
-
-
7. A method of obtaining an encryption key in a communication system using a first protocol, the method comprising:
-
receiving a packet index value and a first message authentication code;
generating a second message authentication code using the packet index value by running a hashing function on the packet index value using a second value stored in a memory;
comparing the second message authentication code with the first message authentication code; and
computing an encryption key using the packet index value and the second value providing that the second message authentication code is equal to the first message authentication code. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of obtaining an encryption key in a communication system using a first protocol, the method comprising:
-
receiving a packet index value and a first digital signature formed from a first key;
verifying the first digital signature using a signature scheme on the first key and a second value wherein the second value is stored in a first memory and the signature scheme is stored in the first memory;
determining the source of the digital signature; and
computing an encryption key using the packet index value and the second value provided that the first digital signature is determined to have been generated by a trusted source.
-
-
14. A mobile station apparatus for obtaining a short-term key comprising:
-
means for receiving a first value and a first message authentication code;
means for generating a second message authentication code using the first value by running a hashing function on the first value using a second value stored memory;
means for comparing the second message authentication code with the first message authentication code; and
means for computing an encryption key using the first value and the second value providing that the second message authentication code is equal to the first message authentication code. - View Dependent Claims (15, 16, 17)
-
-
18. A mobile station apparatus for of obtaining an encryption key using a first protocol, comprising:
-
means for receiving a packet index value and a first message authentication code;
means for generating a second message authentication code of the packet index value by running a hashing function on the packet index value using a second value wherein the second value is stored in memory;
means for comparing the second message authentication code with the first message authentication code; and
means for computing an encryption key using the packet index value and the second value providing that the generated message authentication code is equal to the received message authentication code. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A computer readable medium embodying a method comprising:
-
receiving a first value and a first message authentication code;
generating a second message authentication code as a function of the first value by a hashing function on the received first value using a second value stored in a memory;
comparing the second message authentication code with the received first message authentication code; and
computing a key using the first value and the second value provided that the second message authentication code is equal to the first message authentication code. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A computer readable medium embodying a method of obtaining an encryption key in a communication system using a first protocol, the method comprising:
-
receiving a packet index value and a first message authentication code;
generating a second message authentication code using the packet index value by running a hashing function on the packet index value using a second value stored in a memory;
comparing the second message authentication code with the first message authentication code; and
computing an encryption key using the packet index value and the second value providing that the second message authentication code is equal to the first message authentication code. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification