Authenticating an application

US 20070234041A1
Filed: 10/18/2006
Published: 10/04/2007
Est. Priority Date: 03/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an application, the method comprising:

performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function server;

deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier;

providing the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures;

receiving a response from the application; and

authenticating the application by validating the response with the shared key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect of the invention discloses a method of authenticating an application. The method comprising performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function; deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier; providing an application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures; receiving a response from the application; and authenticating the application by validating the response with the shared key.

87 Citations

View as Search Results

52 Claims

1. A method of authenticating an application, the method comprising:
- performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function server;
  
  deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier;
  
  providing the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures;
  
  receiving a response from the application; and
  
  authenticating the application by validating the response with the shared key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the authenticating of the application comprises:
    - authenticating the application by comparing the shared key with the response.
  - 3. The method according to claim 1, further comprising:
    - generating a challenge; and
      
      providing the application with the challenge,wherein the authenticating of the application comprises authenticating the application by validating the response with the challenge and the shared key.
  - 4. The method according to claim 3, further comprising:
    - receiving signed data with the response,wherein the authenticating of the application further comprises verifying the signed data with the shared key.
  - 5. The method according to claim 1, further comprising:
    - receiving a register request from the application, the request comprising at least one of the network application function identifier and an application instance identifier before providing the application with the bootstrapping transaction identifier.
  - 6. The method according to claim 1, further comprising:
    - receiving a register request from the application, before providing the application with the bootstrapping transaction identifier.
  - 7. The method according to claim 6, wherein the register request comprises an application instance identifier.
  - 8. The method according to claim 5, wherein the deriving of the shared key comprises:
    - deriving the shared key based on the key received from the bootstrapping server function server during the bootstrapping procedures, the network application function identifier and the application instance identifier.
  - 9. The method according to claim 1, further comprising:
    - marking the application as trusted if the authentication is successful.
  - 10. The method according to claim 9, further comprising:
    - providing the application with the shared key.
  - 11. The method according to claim 9, further comprising:
    - receiving from the application a request for a network application function key; and
      
      sending to the application the network application function key in response to the request.

12. A method of authenticating an application with a server application, the method comprising:
- receiving, with the application, from the server application at least a bootstrapping transaction identifier;
  
  opening a communication link with a network application function server;
  
  providing the network application function server with at least the bootstrapping transaction identifier via the communication link;
  
  receiving, in response to providing the bootstrapping transaction identifier, at least a response from the network application function server; and
  
  authenticating the application by providing the server application with at least the response received from the network application function server.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method according to claim 12, whereinthe receiving from the server application comprises receiving the bootstrapping transaction identifier and a challenge, andthe providing to the network application function server comprises providing the network application function server with the bootstrapping transaction identifier and the challenge via the communication link.
  - 14. The method according to claim 13, whereinthe receiving from the network application function comprises receiving the response and signed data from the network application function;
    - andthe authenticating of the application comprises providing the server application with the response and the signed data received from the network application function server.
  - 15. The method according to claim 12, further comprising:
    - receiving a shared key from the server application after successful authentication.
  - 16. The method according to claim 12, further comprising:
    - after authentication, sending to the server application a request for a network application function key; and
      
      receiving the network application function key from the server application in response to the request.

17. A method of deriving an authentication key, the method comprising:
- opening a communication link with an application;
  
  receiving, from the application, at least a bootstrapping transaction identifier via the communication link;
  
  sending a request to a bootstrapping server function server to receive a shared key, the request comprising at least the bootstrapping transaction identifier;
  
  receiving, from the bootstrapping transaction identifier, the shared key in response to the request;
  
  deriving a response by using at least the shared key; and
  
  sending at least the response to the application.
- View Dependent Claims (18, 19)
- - 18. The method according to claim 17, wherein:
    - the receiving, from the application comprises receiving the bootstrapping transaction identifier and a challenge via the communication link; and
      
      the deriving of the response comprises deriving the response by using at least the shared key and the challenge.
  - 19. The method according to claim 17, wherein:
    - the sending of at least the response comprises sending the response and signed data signed with the shared key to the application.

20. A computer program embodied on a data-processing device to authenticate an application, the computer program comprising code configured to comprise:
- performing bootstrapping procedures with a bootstrapping server function server;
  
  deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier;
  
  providing the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures;
  
  receiving a response from the application; and
  
  authenticating the application by validating the response with the shared key.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 21. The computer program according to claim 20, wherein the authenticating of the application comprises:
    - authenticating the application by comparing the shared key with the response.
  - 22. The computer program according to claim 20, further comprising:
    - generating a challenge; and
      
      providing the application with the challenge,wherein the authenticating of the application comprises authenticating the application by validating the response with the challenge and the shared key.
  - 23. The computer program according to claim 22, further comprising:
    - receiving signed data with the response,wherein the authenticating of the application further comprises verifying the signed data with the shared key.
  - 24. The computer program according to claim 20, further comprising:
    - receiving a register request from the application, the request comprising at least one of the network application function identifier and an application instance identifier before providing the application with the bootstrapping transaction identifier.
  - 25. The computer program according to claim 20, further comprising:
    - receiving a register request from the application, before providing the application with the bootstrapping transaction identifier.
  - 26. The computer program according to claim 25, wherein the register request comprises an application instance identifier.
  - 27. The computer program according to claim 24, wherein the deriving of the shared key comprises:
    - deriving the shared key based on the key received from the bootstrapping server function server during the bootstrapping procedures, the network application function identifier and the application instance identifier.
  - 28. The computer program according to claim 20, further comprising:
    - marking the application as trusted when the authentication is successful.
  - 29. The computer program according to claim 28, further comprising:
    - providing the application with the shared key.
  - 30. The computer program according to claim 28, further comprising:
    - receiving from the application a request for a network application function key; and
      
      sending to the application the network application function key in response to the request.
  - 31. The computer program according to claim 20, wherein the computer program is embodied on a computer-readable medium.

32. A computer program embodied on a data-processing device to authenticate an application with a server application, the computer program comprising code configured to comprise:
- receiving from a server application at least a bootstrapping transaction identifier;
  
  opening a communication link with a network application function server;
  
  providing the network application function server with at least the bootstrapping transaction identifier via the communication link;
  
  receiving, in response to providing the bootstrapping transaction identifier, at least a response from the network application function server; and
  
  authenticating the application by providing the server application with at least the response received from the network application function server.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The computer program according to claim 32, whereinthe receiving from the server application comprises receiving the bootstrapping transaction identifier and a challenge, andthe providing to the network application function server comprises providing the network application function server with the bootstrapping transaction identifier and the challenge via the communication link.
  - 34. The computer program according to claim 33, whereinthe receiving from network application function comprises receiving the response and signed data from network application function, andthe authenticating of the application comprises providing the server application with the response and the signed data received from the network application function server.
  - 35. The computer program according to claim 32, further comprising:
    - receiving s shared key from the server application after successful authentication.
  - 36. The computer program according to claim 32, further comprising:
    - after authentication, sending to the server application a request for a network application function key; and
      
      receiving the network application function key from the server application in response to the request.
  - 37. The computer program according to claim 32, wherein the computer program is embodied on a computer-readable medium.

38. A computer program embodied on a data-processing device to derive an authentication key, the computer program comprising code configured to comprise:
- opening a communication link with an application;
  
  receiving, from the application, at least a bootstrapping transaction identifier via the communication link;
  
  sending a request to a bootstrapping server function server to receive a shared key, the request comprising at least the bootstrapping transaction identifier;
  
  receiving, from the bootstrapping transaction identifier, the shared key in response to the request;
  
  deriving a response by using at least the shared key; and
  
  sending at least the response to the application.
- View Dependent Claims (39, 40, 41)
- - 39. The computer program according to claim 38, whereinthe receiving comprises receiving the bootstrapping transaction identifier and a challenge via the communication link;
    - andthe deriving comprises deriving the response by using at least the shared key and the challenge.
  - 40. The computer program according to claim 38, wherein:
    - the sending of at least the response comprises sending the response and signed data signed with the shared key to the application.
  - 41. The computer program according to claim 38, wherein the computer program is embodied on a computer-readable medium.

42. A mobile terminal for authenticating an application, comprising:
- a server application configured to perform bootstrapping procedures between the server application and a bootstrapping server function server, to derive a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier, to provide the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures, to receive a response from the application, and to authenticate the application by validating the response with the shared key.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 43. The mobile terminal according to claim 42, wherein the server application is configured to authenticate the application by comparing the shared key with the response.
  - 44. The mobile terminal according to claim 42, wherein the server application is configured to generate a challenge, to provide the application with the challenge, and to validate the response with the challenge and the shared key.
  - 45. The mobile terminal according to claim 44, wherein the server application is configured to receive signed data with the response, and to verify the signed data with the shared key.
  - 46. The mobile terminal according to claim 42, wherein the server application is configured to receive a register request from the application, the request comprising at least one of the network application function identifier and an application instance identifier before providing the application with the bootstrapping transaction identifier.
  - 47. The mobile terminal according to claim 42, wherein the server application is configured to receive a register request from the application, before providing the application with the bootstrapping transaction identifier.
  - 48. The mobile terminal according to claim 47, wherein the register request comprises an application instance identifier.
  - 49. The mobile terminal according to claim 46, wherein the server application is configured to derive the shared key based on the key received from the bootstrapping server function server during the bootstrapping procedures, the network application function identifier and the application instance identifier.
  - 50. The mobile terminal according to claim 42, wherein the server application is configured to mark the application as trusted when the authentication is successful.
  - 51. The mobile terminal according to claim 50, wherein the server application is configured to provide the application with the shared key.
  - 52. The mobile terminal according to claim 50, wherein the server application is configured to receive from the application a request for a network application function key, and to send to the application the network application function key in response to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Laitinen, Pekka, Ginzboorg, Philip, Holtmanns, Silke, Lakshmeshwar, Shreekanth

Granted Patent

US 8,522,025 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 63/062   for key distribution, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/0833   involving conference or gro...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

Y04S 40/20   Information technology spec...

Authenticating an application

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating an application

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links