[go: up one dir, main page]

HK1113722A - Method, apparatus and system for mutual authentication with modified message authentication code - Google Patents

Method, apparatus and system for mutual authentication with modified message authentication code Download PDF

Info

Publication number
HK1113722A
HK1113722A HK08102981.9A HK08102981A HK1113722A HK 1113722 A HK1113722 A HK 1113722A HK 08102981 A HK08102981 A HK 08102981A HK 1113722 A HK1113722 A HK 1113722A
Authority
HK
Hong Kong
Prior art keywords
authentication
mac
subscriber identity
identity module
received
Prior art date
Application number
HK08102981.9A
Other languages
Chinese (zh)
Inventor
J.森普尔
G.G.罗斯
M.帕登
P.M.霍克斯
Original Assignee
高通股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 高通股份有限公司 filed Critical 高通股份有限公司
Publication of HK1113722A publication Critical patent/HK1113722A/en

Links

Description

Method, apparatus and system for mutual authentication with modified message authentication codes
Priority in accordance with 35 U.S.C. § 119 requirements
This patent application claims priority from provisional application No. 60/608,424 entitled "MODIFYING THEMAC TO INDICATE A STANDARDIZED assessment automatic relating and management FIELD IN AKA", filed on 8.9.2004, assigned TO the assignee hereof and hereby expressly incorporated herein by reference.
Technical Field
The present invention relates generally to authentication in a mobile communication network and more particularly to using authentication data to indicate instructions.
Background
Mobile communication applications typically require mutual authentication between a communication server and a user (user equipment or mobile station) before communication can begin. One authentication mechanism is based on a secret shared between the communicating entities, and there are many authentication protocols that rely on this pre-shared secret. Exemplary protocols that rely on pre-shared secrets include HTTP (hypertext transfer protocol) digest, IKE (internet key exchange), and username and password based mechanisms.
The mobile communication system authentication features described herein may be implemented in various communication networks that require authentication between communicating entities. Fig. 1 is a block diagram of exemplary communication network entities involved in an authentication process. An exemplary mobile telecommunications system for explaining embodiments of the present invention is the Universal Mobile Telecommunications System (UMTS), which is a third generation (3G) mobile system configured to implement broadband multimedia mobile telecommunications technology.
In order to enable a user equipment (UE, or mobile station) of a user to establish a communication session with a network element, the user equipment UE performs authentication and key agreement with the network element. An exemplary security mechanism is UMTS Authentication and Key Agreement (AKA), which implements authentication and key agreement features for UMTS networks. AKA enables mutual authentication between a user and a network by using knowledge of a secret key K, which is shared between and only available to the user's Subscriber Identity Module (SIM) at a mobile station (user equipment) and an authentication center in the user's home network. The SIM employed in the UMTS network may be referred to as a USIM, where the USIM is configured to perform authentication and key agreement processes in the UMTS network. The UMTS authentication and key agreement process will be described in more detail with reference to fig. 1-3.
The core network of UMTS includes a mobile services switching center (MSC) which acts as an interface between the mobile network and an external fixed circuit switched telephone network, such as the PSTN. The MSC is configured to route calls from the external network to individual mobile stations and to perform switching and signaling functions for mobile stations that are in the geographic area identified for the MSC.
The core network also includes a Home Location Register (HLR), a Visitor Location Register (VLR), and an authentication center (AuC). The HLR is configured to store data associated with each subscriber provided by the mobile network. A Visitor Location Register (VLR) is implemented in conjunction with the MSC, wherein the VLR stores information relating to each mobile station roaming into the geographical area served by the MSC. When a subscriber registers with a different network, the information in the subscriber's HLR is copied to the VLR in each visited network and discarded when the subscriber leaves the network. Thus, the information stored by the VLR is substantially the same as the information stored by the HLR.
Referring to fig. 1, a simplified version of the UMTS network communication is shown. The local switching center 180 of the serving network performs mutual authentication with the mobile station or User Equipment (UE) 160. The local switching center 180 may be an MSC that can access a VLR, and the authentication center 182 may access an HLR for the user equipment 160. Each UE 160 includes a Mobile Equipment (ME) (e.g., a cellular telephone handset) and a UMTS Subscriber Identity Module (USIM). The USIM is stored in a removable secure Integrated Circuit (IC) card (USIM integrated circuit chip, or UICC)162, and the secure integrated circuit card 162 communicates with the ME including a processor 164 to enable a user to access network services. UICCs are sometimes referred to as SIM cards or smart cards. The USIM stores subscriber identity and subscription-related information, including a secret key K, performs a mutual authentication function with the communication network, provides a security function, and stores elements such as international subscriber identity (IMSI), preferred language, IC card identification, and cryptographic keys.
The local switching center 180 communicates with an authentication center (AuC)182 to obtain UE 160-specific authentication data to be used for mutual authentication between the local switching center 180 and the UE 160. The communicating entities 180, 160 authenticate the identity of each other by verifying knowledge of the secret key K.
The AKA for UMTS described herein includes a challenge/response protocol that is substantially similar to the GSM user authentication and key establishment protocol in combination with the sequence number-based one-pass protocol for network authentication derived from ISO/IEC 9798-4. Fig. 1 and 2A-C illustrate authentication data transmitted between the AuC182, the local switching center 180, and the user equipment 160 for mutual authentication between the local switching center 180 and the user equipment 160.
According to the UMTS authentication and key agreement protocol, the local switching center 180 of the network serving the user equipment 160 of the mobile user requests authentication data from the Auc182 in the user's home network. The AuC182 stores or accesses the secret key K190a designated for the user device 160. The secure IC162 at the user device 160 also stores the secret key K190 b. In response to the authentication request, the AuC182 generates one or more authentication vectors using the secret key K190 a. Fig. 2A is a block diagram of an exemplary authentication vector 300 generated by the AuC 182. Each authentication vector includes the following authentication data fields: a challenge value RAND302, typically random or pseudo-random, a cipher key CK 304, an integrity key IK 306, an authentication token AUTN 308, and an expected response XRES 310. Each authentication token AUTN 308 includes a sequence number SQN 312, an authentication management field AMF 314, and a message authentication code MAC 316. The AuC182 uses the secret key K190a and one or more of the authentication management field AMF 314, sequence number SQN 312 and random challenge RAND302 to compute the message authentication code MAC316, expected response XRES 310, cipher key CK 304 and integrity key IK 306. The AuC182 sends one or more generated authentication vectors 300 to the local switching center 180, and the local switching center 180 stores the authentication vectors so that the local switching center 180 can authenticate itself to the user equipment 160 and confirm that the user equipment 160 is authorized to communicate in the network.
When the local switching center 180 initiates authentication and key agreement with a user device requesting network access, it selects one of the authentication vectors AV 300 received from the authentication center 182 and sends an authentication challenge including a portion of the authentication vector to the secure IC162 on the user device 160. Fig. 2B shows an exemplary authentication challenge 320 directed to the secure IC162 on the user equipment UE 160, which includes the value RAND302 and the authentication token AUTN 308.
The user equipment 160 uses the authentication challenge 320 to determine whether the local switching center 180 is a valid communication server, and the user equipment 160 generates and sends an authentication response to the local switching center 180 to confirm its identity. An exemplary authentication and key agreement process 400 performed on the secure IC162 is shown in fig. 3, where the process begins at step 402 and proceeds to step 404, where the secure IC 404 receives the authentication token AUTN 308 and the value RAND302 at step 404. In step 406, the secure IC162 generates or calculates a message authentication code XMAC based on the random challenge RAND302, the sequence number SQN 312 and the authentication management field AMF 314. In step 408, the secure IC162 compares the generated XMAC with the received MAC316 to authenticate the identity of the local switching center 180. If the parameters do not match, the secure IC162 terminates the authentication in step 410 and ends the authentication process in step 412.
If the secure IC162 determines in step 408 that the generated XMAC matches the received MAC316, then in step 414, the secure IC162 generates a response RES326, a cipher key CK, and an integrity key IK using the random challenge RAND302 and the secret key K190 b. In step 416, the user equipment 160 sends an authentication response 324 comprising the generated response RES326 to the local switching center 180, wherein an exemplary authentication response 324 is shown in fig. 2C. The authentication and key agreement process 400 ends in step 412. The generated keys CK and IK are typically sent to the mobile equipment ME of the user for performing data encryption during communication.
Referring again to fig. 1, the local switching center 180 compares the response RES326 generated by the secure IC162 with the expected response XRES 310 in the selected authentication vector 300. If the two parameters match, the local switching center 180 considers the authentication and key agreement exchange to be successfully completed. Thus, the local switching center 180 and the user equipment 160 mutually authenticate their identities using knowledge of the shared secret keys K190a, b and agree on keys CK and IK for secure communication, where the local switching center 180 stores keys CK 304 and IK 306 for secure communication with the user equipment 160.
A more detailed description of the standardized authentication procedure used in UMTS networks is set forth in the third generation partnership project, service and system aspects of the technical specification set, 3G security, security architecture (sixth release), 3GPP TS 33.102, V6.3.0(dec.2004), the entire contents of which are incorporated herein by reference. In some networks, Generic Bootstrapping Architecture (GBA) provides a mechanism to bootstrap application security to authenticate a user (user equipment) and establish keys for communication between the user and network functions, such as e-commerce providers, according to AKA mechanisms.
Some of the authentication data parameters used in UMTS authentication and key agreement are proprietary and not standardized, that is, some authentication data parameters are not used in a standard manner in each network but may be used by different network operators to communicate with user equipment in different ways. For example, the use of Authentication Management Fields (AMFs) may be defined differently by each network operator.
Since the number of authentication data parameters used in the network authentication and key agreement process is limited, it is advantageous to operate one or more authentication data parameters, in particular proprietary authentication data parameters, to communicate additional information to the user equipment in a standard manner. For example, in the case where each operator defines the use of the AMF differently, the mobile device cannot be configured to respond to any specific value of the AMF. However, if the AMF can be used in a standardized way, the mobile device may be designed to interpret the AMF accordingly and respond to the interpreted value of the AMF.
There is therefore a need in the art for a method of using proprietary authentication data in a standard manner in substantially all networks.
Disclosure of Invention
In one aspect, the invention includes a method of instructing a subscriber identity module in a cellular communication network to process authentication information in a predefined manner. The method includes receiving authentication data at a subscriber identity module, the authentication data including a first Message Authentication Code (MAC) and an Authentication Management Field (AMF). The method continues with calculating a first expected MAC using at least a portion of the authentication data and comparing the first expected MAC to the first received MAC. A second expected MAC is calculated, thereby calculating a second expected MAC, and the second expected MAC is compared to the first received MAC. When the second expected MAC and the first received MAC are the same, processing at least a portion of the AMF in a predefined manner.
In another aspect, a method of instructing a subscriber identity module in a mobile communications network to process authentication information in a predefined manner is provided, which includes receiving at the subscriber identity module one or more authentication data fields comprising a first Message Authentication Code (MAC) and an Authentication Management Field (AMF). The method additionally includes generating, in the subscriber identity module, a second MAC using the one or more received authentication data fields and comparing the second MAC to the first MAC. The method also includes generating a third MAC in the subscriber identity module when the second MAC is different from the first MAC, wherein the third MAC is generated based on the one or more received authentication data fields. The method continues by determining whether the first MAC is the same as the third MAC and processing at least a portion of the AMF in a predefined manner when the first MAC is the same as the third MAC.
In another aspect of the present invention, a subscriber identity module for a mobile station of a communication network is provided, which is configured to process a plurality of authentication data parameters according to an authentication algorithm and to generate first and second authentication parameters. The subscriber identity module is further configured to determine whether the first generated authentication parameter matches the first received authentication parameter and whether the first received authentication parameter matches the second generated authentication parameter. The module is further configured to process the second received authentication parameter according to a predefined process when the first received authentication parameter matches the second generated authentication parameter.
In another aspect, a cellular communication network includes a mobile station including a subscriber identity module configured to perform a predefined authentication algorithm using at least one authentication data parameter. The network also includes a network element configured to generate a plurality of authentication data parameters for mutual authentication with the mobile station according to a predefined algorithm. The plurality of authentication data parameters includes at least a first authentication data parameter and a second authentication data parameter, and the subscriber identity module is configured to process the second authentication data parameter in a predefined manner in response to determining that the first authentication data parameter is different from the first authentication data parameter generated by the mobile station and is the same as the second authentication data parameter generated by the mobile station.
In another aspect, a method of processing a received MAC value in a mutual authentication system in which first and second communication entities that respectively authenticate each other are provided. Authentication includes generating a Message Authentication Code (MAC) at the first entity whose value depends on a secret key shared by the first and second entities. The MAC is received by the second entity along with a plurality of additional data fields. The method of processing the received MAC value at the second entity includes generating a plurality of MAC values, comparing each of the plurality of MAC values to the received MAC value, and processing at least a portion of one or more additional received data fields according to a result of the comparison.
In a further aspect of the present invention, there is provided a method of a communicating entity authenticating itself to a receiving entity in a communication network in which first and second communicating entities are provided, each authenticating the other. The method includes transmitting a message authentication code with at least a first additional data field. The message authentication code authenticates the communicating entity and defines the receiving entity's interpretation of the additional data fields.
Another aspect of the invention is used in a communication network in which first and second communication entities respectively authenticate each other, and in which authentication includes generating, at the first entity, a Message Authentication Code (MAC) whose value depends on a secret key shared by the first and second entities. In such a network, a method of authenticating a first communication entity at a second communication entity includes receiving a message authentication code and at least one additional data field, confirming that the first entity possesses a secret key based on the content of the message authentication code, and interpreting the additional data field based on the content of the message authentication code.
In another aspect, a mutual authentication system is provided for instructing a subscriber identity module in a communication network to process authentication information in a predefined manner. The system includes means for transmitting authentication data to the mobile station, and means for receiving the authentication data at the mobile station, wherein the authentication data includes a first Message Authentication Code (MAC) and an Authentication Management Field (AMF). The system also includes means for calculating a first expected MAC using at least a portion of the authentication data, means for comparing the first expected MAC to a first received MAC, means for calculating a second expected MAC, means for comparing the second expected MAC to the first received MAC, and means for processing at least a portion of the AMF in a predefined manner when the second expected MAC is the same as the first received MAC.
Drawings
FIG. 1 is a block diagram of one embodiment of a communicating UMTS network entity performing mutual authentication;
FIG. 2A is a block diagram of one embodiment of the Authentication Vector (AV) of FIG. 1;
FIG. 2B is a block diagram of one embodiment of the authentication challenge of FIG. 1;
FIG. 2C is a block diagram of one embodiment of the authentication response of FIG. 1;
FIG. 3 is a process flow diagram illustrating one embodiment of a UMTS authentication and Key Agreement process performed at a user's device;
FIG. 4 is a block diagram of one embodiment of communication network entities performing bootstrapping mutual authentication;
FIG. 5 is a process flow diagram illustrating one embodiment of a method of instructing a subscriber identity module in a cellular communication network to process authentication information in a predefined manner;
FIG. 6 is a signal flow diagram illustrating one embodiment of a method of using a specified authentication management field AMF;
fig. 7 is a process flow diagram illustrating one embodiment of a method of processing a specified authentication management field AMF on a secure IC of a mobile station.
Detailed Description
In one embodiment, the authentication and key agreement described above is directed to applying security to authenticate a user. As such, the AKA protocol based Generic Bootstrapping Architecture (GBA) is defined and is described in detail in 3GPP TS 33.220 V7.0.0, Generic Authentication Architecture (GAA), generic bootstrapping architecture (month 6 2005), the entire contents of which are incorporated herein by reference. GBA provides additional security for communications involving the exchange of sensitive information, such as banking information or credit material, where established authentication procedures are used to generate additional or application-specific keys for these secure communications.
Fig. 4 is a block diagram of one embodiment of a communication network entity performing bootstrapping mutual authentication similar to the communication network entity of fig. 1. According to GBA, the user equipment UE 160 of the user mutually authenticates with a generic Bootstrapping Server Function (BSF)404 at a server in the user's home network using an authentication and key agreement AKA protocol, where the BSF communicates with the authentication center AuC182 to obtain an authentication vector. The UE 160 and BSF 404 agree on a session key Ks for deriving key material Ks _ NAF for communication between the user equipment UE 160 and a Network Application Function (NAF) 406. The session key Ks is calculated using the results of AKA (e.g., CK and IK) and is stored at each of the UE 160 and BSF according to the bootstrapping transaction identifier (B-TID). The NAF 406 is used at a server for a particular application (e.g., an application that requires higher security than that provided by standard authentication for wireless networks, such as a banking service provider).
The UE 160 requests service from the NAF 406 by sending its bootstrapping transaction identifier B-TID and the NAF 406 sends an authentication request to the BSF 404 by using the B-TID and its own identity. In response to receiving an authentication request from the NAF 406, the BSF 404 calculates key material Ks _ NAF based on the stored key Ks referenced by the B-TID and sends the key material Ks _ NAF to the NAF 406. The NAF 406 then responds to the application request of the UE 160 with an application response, and the UE 160 and NAF 406 can then communicate using the key material Ks _ NAF.
An embodiment of a network architecture that performs GBA-specific functions in the mobile equipment ME, such as generating the key material Ks at the mobile equipment ME, may be referred to as GBA _ ME, in which case the UICC is not aware of GBA. Another embodiment of GBA includes UICC-based enhancements and may be referred to as GBA _ U, in which case GBA-specific functionality is divided between the mobile equipment ME and the UICC. In GBA _ U, for example, the cipher key CK and integrity key IK generated from AKA may be kept secret on the UICC and not passed to the mobile equipment ME, and the UICC generates the bootstrapping key Ks.
As discussed above, authentication and key agreement AKA employs a number of authentication fields or parameters, including a message authentication code MAC316 and an authentication management field AMF 314 (fig. 3B). For example, each of these authentication parameters includes multiple bits of data. As further explained below, the present invention provides a way for a network operator to use the AMF fields in a standardized manner to communicate with a mobile unit and to cause the mobile unit to perform specifically defined functions.
Fig. 5 is a process flow diagram illustrating one embodiment of a method 700 of instructing a secure IC162 of a user in a mobile communications network to process authentication information in a predefined manner. The method 700 includes some of the steps already described with reference to fig. 3, and therefore these steps or processes are not described in detail here. The method 700 starts at step 702 and proceeds to step 704 where, in step 704, the secure IC162 receives an authentication token AUTN and a random challenge RAND, where the authentication token AUTN includes an authentication management field AMF and a message authentication code MAC. The method 700 proceeds to step 706 where the secure IC162 computes or generates a message authentication code XMAC. In step 708, the secure IC162 determines whether XMAC is equal to the MAC received in the authentication token AUTN, similar to step 508 in fig. 5. If the secure IC162 determines in step 706 that XMAC ═ MAC, the method 700 proceeds to step 710 where the secure IC162 proceeds with the authentication process described with reference to fig. 3 in step 710.
If the secure IC162 determines in step 708 that XMAC ≠ MAC, the method 700 proceeds to step 712 where the secure IC162 generates at least a second message authentication code XMAC 2. The second message authentication code XMAC2 may be, for example, a hash function of XMAC, the cipher key CK, and the integrity key IK (XMAC2(XMAC, CK, IK)), e.g., where step 706 may include generating the cipher and integrity keys CK, IK, as discussed with reference to step 506 of fig. 5. It will be appreciated by those skilled in the art that the second message authentication code XMAC2 may be determined based on one or a combination of authentication data received as part of the authentication token AUTN, the random challenge RAND and the secret key K. In some embodiments, the secure IC162 generates the second message authentication code XMAC2 regardless of whether the received authentication code MAC is equal to the first generated message authentication code XMAC.
After generating the second message authentication code XMAC2 in step 712, the secure IC162 determines in step 714 whether the received MAC is XMAC 2. If the secure IC162 determines in step 714 that the received MAC ≠ XMAC2, then the authentication process is terminated in step 715. If the secure IC162 determines in step 714 that the received MAC is XMAC2, the secure IC162 processes the N-bit authentication management field AMF according to a predefined protocol and may indicate to the mobile terminal that the AMF is standardized and may be interpreted.
In this way, the AMF may be used by a service provider to provide standardized instructions to the mobile unit. The mobile unit is effectively informed that the network operator is using the AMF for standardized instructions by the fact that the operator is using a particular MAC value. The contents of the AMF may, for example, cause the mobile unit to retain the result of the AKA exchange on the UICC. The different AMF content may indicate that the generated keys are only used in a specific algorithm, e.g. the UMTS encryption algorithm UEA 1. AMF content may also represent that the encryption key is derived from a hash of CK and other values to provide some key separation.
Thus, in a communication session where the security of the encryption key is important, the method described with reference to fig. 5 may be used to keep the encryption key at the secure IC162 without exposing the key to the unsecure mobile equipment ME. An example of a communication session where such security would be beneficial is a broadcast communication to a group of users. In the case where a group of mobile users has subscribed to an information broadcast service, such as a news or sports information provider, it is important to strengthen the security of the encryption key to prevent non-subscribed users from accessing the broadcast service without paying a fee.
Thus, referring to fig. 1, when the user equipment UE 160 of a group member requests to receive a broadcast communication, the AuC182 selects the MAC2 and the authentication management field AMF2 to be included in the authentication vector sent to the local switching center 180 for use in the authentication challenge sent to the user equipment UE 160. The AuC has knowledge of the capabilities of the secure IC162, specifically whether the secure IC162 is configured to handle modified MACs. Thus, with this knowledge, the AuC selects MAC2 and AMF2 instead of the normal MAC and AMF. An authentication management field AMF2, when processed at secure IC162 in response to receiving MAC2, instructs secure IC162 to secretly retain encryption keys at secure IC 162. In this way, the secure IC162 of the group member can receive the group encryption key Kg encrypted by the user's cipher key CK. The secure IC162 decrypts and stores the group key Kg. The group key Kg is used to generate a broadcast encryption key Kb for encryption/decryption of communications with the broadcast service provider. The broadcast encryption key Kb is derived from the group encryption key Kg and some other data. To help maintain the security of the group encryption key Kg, in response to receiving the MAC2 and AMF2, and the group encryption key Kg, the cryptographic key CK is kept secret on the secure IC162, and only the broadcast encryption key Kb is provided to the mobile equipment ME.
In another embodiment of the authentication management scheme, the authentication center AuC182 controls whether the bootstrapping function or another network entity has the privilege to change the AMF and use the AMF to exert control over the mobile station. For example, when the mobile station roams into a network outside the user's home network, the authentication center AuC182 determines whether the AMF used for authentication is recognized by the authentication center or the serving network. In case the serving network is trusted by the authentication center AuC, then the AuC may allow the serving network to modify the AMF by selecting a predefined or specified authentication management field AMF. However, if the serving network is not trusted by the authentication center AuC, the AuC generates and sends the authentication vectors discussed with reference to fig. 1 and 2. Fig. 6 is a signal flow diagram illustrating one embodiment of a method of using a special authentication management field AMF. The authentication center AuC182 uses a special authentication management field AMF in step 7020Generating a message authentication code MAC0. For example,special authentication management field AMF0May have all zero values. If the authentication center AuC182 does not want the bootstrapping function BSF 404 to replace the AMF but still wants to use the AMF0Then the AuC182 uses a different authentication management field AMF*To replace AMF0And is generated as a MAC0、AMF*Predefined message authentication code MAC of functions of CK, IK*
In the case of GBA usage as shown in fig. 4, the authentication center AuC182 sends in step 704 a message including the MAC to the bootstrapping function BSF 4040And AMF0The authentication vector of (1). In step 706, the BSF 404 uses the AMF*Replacement AMF0And is generated as a MAC0、AMF*Predefined message authentication code MAC of functions of CK, IK*. In step 708, the BSF 404 sends a packet including the MAC to the secure IC162 at the mobile station*And AMF*The authentication challenge of (1). Then, in step 710, the secure IC162 at the mobile station uses the MAC*An authentication process is performed. However, if the authentication center AuC182 wants to prevent the bootstrapping function BSF 404 from changing the authentication management field AMF due to the trust level, and still wants to use the AMF0Then the authentication vector received at the BSF 404 from the AuC182 includes the AMF*And the BSF 404 will include the MAC*And AMF*The authentication challenge is passed to the mobile station without any change.
FIG. 7 is a flowchart illustrating processing of a designated authentication management MAC on secure IC162*Is a process flow diagram of one embodiment of a method 800. The method 800 starts at step 802 and proceeds to step 804, where the secure IC162 receives an authentication token AUTN and a random challenge RAND, where the authentication token AUTN includes an authentication management field AMF and a message authentication code MAC. The method 800 proceeds to step 806 where the secure IC162 calculates or generates a message authentication code XMAC in this step 806. In step 808, the secure IC162 determines whether XMAC is equal to the MAC received in the authentication token AUTN, similar to step 708 in fig. 5. If the secure IC162 determines XMAC ═ MAC in step 806, the method 800 proceeds to stepAt step 810, the secure IC162 continues the authentication process in this step 810, as described with reference to fig. 3.
If, in step 808, the secure IC162 determines that MAC ≠ XMAC, the method 800 proceeds to step 812 in which the secure IC162 assumes that the authentication management field AMF is a special authentication management field AMF0And generates a second message authentication code MAC0. Then, in step 814, the secure IC162 generates a third message authentication code XMAC2 as XMAC2 (MAC)0AMF, CK, IK), wherein the received AMF is AMF*. In step 816, the secure IC162 determines whether the received MAC is XMAC 2. If the secure IC162 determines in step 816 that MAC ≠ XMAC2, then the authentication terminates in step 828. If, in step 816, the secure IC162 determines that the received MAC is equal to XMAC2, the method proceeds to step 820, where the secure IC162 performs the predefined function, and proceeds to step 822 to end the process. The predefined functions performed in step 820 may include one or more of the predefined functions discussed above with reference to step 718 of fig. 5.
Those skilled in the art will appreciate that the above-described systems and methods are merely some specific embodiments and that the present invention may be implemented in a very wide variety of ways. Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (25)

1. A method of instructing a subscriber identity module in a cellular communications network to process authentication information, comprising:
receiving authentication data at the subscriber identity module, the authentication data comprising a first Message Authentication Code (MAC) and an Authentication Management Field (AMF);
calculating a first expected MAC using at least a portion of the authentication data;
comparing the first expected MAC to the first received MAC;
calculating a second expected MAC;
comparing the second expected MAC to the first received MAC; and
processing at least a portion of the AMF in a predefined manner when the second expected MAC and the first received MAC are the same.
2. The method of claim 1, wherein the step of processing the AMF generates an instruction instructing the subscriber identity module to retain an authentication result.
3. The method of claim 2, wherein the authentication result comprises at least one of a cryptographic key and an integrity key.
4. The method of claim 1, wherein the step of processing the AMF comprises generating instructions instructing the subscriber identity module to perform key separation among encryption algorithms.
5. A method of instructing a subscriber identity module in a mobile communications network to process authentication information in a predefined manner, comprising:
receiving one or more authentication data fields at the subscriber identity module, the authentication data fields comprising a first Message Authentication Code (MAC) and an Authentication Management Field (AMF);
generating, in the subscriber identity module, a second MAC using one or more received authentication data fields, an
Comparing the second MAC to the first MAC;
generating a third MAC in the subscriber identity module when the second MAC is different from the first MAC, wherein the third MAC is generated based on one or more received authentication data fields; and
determining whether the first MAC is the same as the third MAC; and
processing at least a portion of the AMF in a predefined manner when the first MAC is the same as the third MAC.
6. The method of claim 5, wherein the third MAC is generated using a special authentication data field.
7. A method according to claim 6, wherein the step of processing at least part of the AMF generates instructions instructing the subscriber identity module to secretly retain an authentication result at the subscriber identity module.
8. A subscriber identity module for a mobile station of a communication network, wherein the subscriber identity module is configured to process a plurality of authentication data parameters according to an authentication algorithm and to generate first and second authentication parameters, and wherein the subscriber identity module is further configured to determine whether the first generated authentication parameter matches a first received authentication parameter and whether the first received authentication parameter matches the second generated authentication parameter, and to process a second received authentication parameter according to a predefined process when the first received authentication parameter matches the second generated authentication parameter.
9. The subscriber identity module of claim 8, wherein the second generated authentication parameter is a function of the first generated authentication parameter.
10. The subscriber identity module of claim 8, wherein the subscriber identity module is further configured to perform the function of said processing responsive to said second received authentication parameter.
11. The subscriber identity module of claim 10, wherein the function comprises retaining at least one result of the authentication algorithm at the subscriber identity module.
12. A mobile station of a cellular communication network comprising a subscriber identity module according to claim 8.
13. The mobile station of claim 12, wherein the subscriber identity module is further configured to perform a predefined function of the processing responsive to the second received authentication parameter.
14. The mobile station of claim 13, wherein the predefined function comprises retaining an authentication key generated according to the predefined authentication algorithm at the subscriber identity module.
15. A cellular communications network, comprising:
a mobile station comprising a subscriber identity module configured to perform a predefined authentication algorithm using at least one authentication data parameter;
a network element configured to generate a plurality of authentication data parameters for mutual authentication with the mobile station according to the predefined authentication algorithm, wherein the plurality of authentication data parameters comprises at least a first authentication data parameter and a second authentication data parameter;
wherein the subscriber identity module is configured to process a second authentication data parameter generated by the mobile station in a predefined manner in response to determining that the first authentication data parameter is different from the first authentication data parameter generated by the mobile station.
16. The cellular communication network of claim 15 wherein the subscriber identity module is further configured to perform a function defined by the content of the second authentication data parameter.
17. A cellular communications network as claimed in claim 16, wherein the function comprises retaining at the subscriber identity module one or more authentication results generated in accordance with the predefined authentication algorithm.
18. The cellular communication network of claim 15 wherein the first authentication data parameter is a Message Authentication Code (MAC) and the second authentication data parameter is an Authentication Management Field (AMF).
19. In a mutual authentication system in which first and second communication entities respectively authenticate each other, wherein the authentication includes generating at the first entity a Message Authentication Code (MAC) whose value depends on a secret key shared by the first and second entities, wherein the MAC is received by the second entity along with a plurality of additional data fields, a method of processing the received MAC value at the second entity, comprising:
generating a plurality of MAC values;
comparing each of the plurality of MAC values to the received MAC value;
processing at least a portion of one or more of the additional received data fields according to a result of the comparison.
20. In a communication network in which first and second communication entities each authenticate a respective party, a method of a communication entity authenticating itself to a receiving entity, comprising:
transmitting a message authentication code with at least a first additional data field, wherein the message authentication code authenticates the communicating entity and defines an interpretation of the additional data field by a receiving entity.
21. In a communication network in which first and second communication entities respectively authenticate each other, wherein the authentication includes generating a Message Authentication Code (MAC) at the first entity whose value depends on a secret key shared by the first and second entities, a method of authenticating a first communication entity at a second communication entity, comprising:
receiving a message authentication code and at least one additional data field;
confirming that the first entity possesses the secret key based on the content of the message authentication code; and
interpreting the additional data field based on the content of the message authentication code.
22. A mutual authentication system for instructing a subscriber identity module in a communication network to process authentication information, comprising:
means for sending authentication data to a mobile station, the authentication data comprising a first Message Authentication Code (MAC) and an Authentication Management Field (AMF);
means for receiving the authentication data at the mobile station;
means for calculating a first expected MAC using at least a portion of the authentication data;
means for comparing the first expected MAC to the first received MAC;
means for calculating a second expected MAC;
means for comparing the second expected MAC to the first received MAC; and
means for processing at least a portion of the AMF in a predefined manner when the second expected MAC is the same as the first received MAC.
23. The system of claim 22, wherein the means for processing the AMF is configured to generate an instruction instructing the subscriber identity module to retain an authentication result.
24. The system of claim 23, wherein the authentication result comprises at least one of a cryptographic key and an integrity key.
25. The system of claim 22, wherein the means for processing the AMF comprises means for generating instructions that instruct the subscriber identity module to perform key separation among encryption algorithms.
HK08102981.9A 2004-09-08 2005-09-08 Method, apparatus and system for mutual authentication with modified message authentication code HK1113722A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US60/608,424 2004-09-08
US11/218,832 2005-09-02

Publications (1)

Publication Number Publication Date
HK1113722A true HK1113722A (en) 2008-10-10

Family

ID=

Similar Documents

Publication Publication Date Title
CN101053273B (en) Method, apparatus and system for mutual authentication employing modified message authentication codes
CN101946536B (en) Application specific master key selection in evolved networks
US8959598B2 (en) Wireless device authentication between different networks
CN1857024B (en) Enhanced security design for cryptography in mobile communication systems
US7190793B2 (en) Key generation in a communication system
EP1811744B1 (en) Method, system and centre for authenticating in End-to-End communications based on a mobile network
US9668139B2 (en) Secure negotiation of authentication capabilities
US8094821B2 (en) Key generation in a communication system
JP4624785B2 (en) Interworking function in communication system
US20090265554A1 (en) Means and method for single sign-on access to a service network through an access network
US20060019635A1 (en) Enhanced use of a network access identifier in wlan
US20050090232A1 (en) Authentication in a communication system
CN1969580A (en) Security in a mobile communications system
CN101990201B (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
WO2007102702A2 (en) Fast re-authentication method in umts
HK1113722A (en) Method, apparatus and system for mutual authentication with modified message authentication code
Mustafa et al. Dynamic Authentication Protocol for Mobile Networks Using Public-Key Cryptography
HK1084270A (en) Key generation in a communication system
HK1112124A1 (en) Secure bootstrapping for wireless communications
HK1085064A (en) Inter-working function for a communication system
HK1112124B (en) Secure bootstrapping for wireless communications
HK1191467B (en) Method and apparatus for key generation in a communication system