US20170093588A1 - Manipulation and restoration of authentication challenge parameters in network authentication procedures - Google Patents

Manipulation and restoration of authentication challenge parameters in network authentication procedures Download PDF

Info

Publication number
US20170093588A1
US20170093588A1 US15/375,684 US201615375684A US2017093588A1 US 20170093588 A1 US20170093588 A1 US 20170093588A1 US 201615375684 A US201615375684 A US 201615375684A US 2017093588 A1 US2017093588 A1 US 2017093588A1
Authority
US
United States
Prior art keywords
mobile device
authentication
challenge parameter
authentication challenge
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/375,684
Inventor
Semyon Mizikovsky
Ioannis Broustis
Violeta Cakulev
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia of America Corp
RPX Corp
Nokia USA Inc
Original Assignee
Alcatel Lucent SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent SAS filed Critical Alcatel Lucent SAS
Priority to US15/375,684 priority Critical patent/US20170093588A1/en
Assigned to ALCATEL-LUCENT USA INC. reassignment ALCATEL-LUCENT USA INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROUSTIS, IOANNIS, MIZIKOVSKY, SEMYON, CAKULEV, VIOLETA
Publication of US20170093588A1 publication Critical patent/US20170093588A1/en
Assigned to CORTLAND CAPITAL MARKET SERVICES, LLC reassignment CORTLAND CAPITAL MARKET SERVICES, LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PROVENANCE ASSET GROUP HOLDINGS, LLC, PROVENANCE ASSET GROUP, LLC
Assigned to NOKIA USA INC. reassignment NOKIA USA INC. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PROVENANCE ASSET GROUP HOLDINGS, LLC, PROVENANCE ASSET GROUP LLC
Assigned to PROVENANCE ASSET GROUP LLC reassignment PROVENANCE ASSET GROUP LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ALCATEL LUCENT SAS, NOKIA SOLUTIONS AND NETWORKS BV, NOKIA TECHNOLOGIES OY
Assigned to NOKIA US HOLDINGS INC. reassignment NOKIA US HOLDINGS INC. ASSIGNMENT AND ASSUMPTION AGREEMENT Assignors: NOKIA USA INC.
Assigned to PROVENANCE ASSET GROUP HOLDINGS LLC, PROVENANCE ASSET GROUP LLC reassignment PROVENANCE ASSET GROUP HOLDINGS LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: CORTLAND CAPITAL MARKETS SERVICES LLC
Assigned to PROVENANCE ASSET GROUP HOLDINGS LLC, PROVENANCE ASSET GROUP LLC reassignment PROVENANCE ASSET GROUP HOLDINGS LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: NOKIA US HOLDINGS INC.
Assigned to RPX CORPORATION reassignment RPX CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PROVENANCE ASSET GROUP LLC
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/48Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the invention relates generally to communication networks and, more specifically but not exclusively, to network authentication procedures for communication networks.
  • an apparatus includes a processor and a memory that is communicatively connected to the processor, where the processor is configured to receive an authentication challenge parameter and determine whether the authentication challenge parameter is encrypted.
  • a method for use by a mobile device comprising a processor and a memory includes receiving, by the processor, an authentication challenge parameter and determining whether the authentication challenge parameter is encrypted.
  • an apparatus includes a processor and a memory that is communicatively connected to the processor, where the processor is configured to encrypt an original authentication challenge parameter of an authentication vector (AV), based on a binding key, to form an encrypted authentication challenge parameter and replace the original authentication challenge parameter of the AV with the encrypted authentication challenge parameter.
  • AV authentication vector
  • a method includes encrypting, using a processor, an original authentication challenge parameter of an authentication vector (AV), based on a binding key, to form an encrypted authentication challenge parameter, and replacing the original authentication challenge parameter of the AV with the encrypted authentication challenge parameter.
  • AV authentication vector
  • FIG. 1 depicts a high-level block diagram of an exemplary wireless communication system
  • FIG. 2 depicts one embodiment of a method for use by a subscriber server to encrypt an authentication challenge parameter used for authentication of a subscription with a network;
  • FIG. 3 depicts one embodiment of a method for use by a mobile device to decrypt an authentication challenge parameter used for authentication of a subscription with a network
  • FIG. 4 depicts a high-level block diagram of a computer suitable for use in performing functions described herein.
  • a response validation capability is provided for ensuring validation of a response to an authentication challenge during a network authentication procedure.
  • the response validation capability ensures possession by a mobile device of a subscription secret through validation of a response to an authentication challenge parameter used for authentication of a network authentication module of the mobile device when the mobile device attaches to a wireless network.
  • the authentication challenge parameter is associated with the authentication event in such a way that modification of the authentication challenge parameter will cause an authentication failure such that the mobile device is prevented from accessing the wireless network (namely, modification of the authentication challenge parameter will cause computation of an incorrect authentication response by the network authentication module of the mobile device such that when the authentication response is provided to the wireless network the validation of the authentication response fails the mobile device is prevented from accessing the wireless network).
  • the response validation capability uses a binding key (referred to herein as a B-KEY), which is provisioned on a mobile device and on a subscriber server, to encrypt and decrypt an authentication challenge parameter that is used for authentication of a network authentication module of the mobile device with a wireless access network.
  • B-KEY binding key
  • the subscriber server is configured to perform cryptographic manipulation of an authentication challenge parameter before the authentication challenge parameter is provided from the subscriber server to the mobile device for subscription authentication.
  • the authentication challenge parameter is associated with a specific authentication event in which an attempt is made to authenticate a subscription associated with the network authentication module of a mobile device.
  • the cryptographic manipulation of the authentication challenge parameter may include encryption of the authentication challenge parameter (e.g., using the B-KEY as the encryption secret) or any other suitable type of manipulation.
  • an authorized mobile device is configured to perform reverse cryptographic manipulation of an authentication challenge parameter before the received authentication challenge parameter is presented to the network authentication module of the mobile device for generating a response to the authentication challenge.
  • the reverse cryptographic manipulation of the authentication challenge parameter may include decryption of the authentication challenge parameter (e.g., using the B-KEY as the decryption secret) or any other suitable type of manipulation.
  • the response validation capability supports restricting the use of a network authentication module (e.g., a smart card, a software-based network authentication module, or the like) to a mobile device authorized to use the network authentication module.
  • a network authentication module e.g., a smart card, a software-based network authentication module, or the like
  • a smartcard or any other type of physically removable network authentication module
  • this ensures that the software-based network authentication module of a mobile device cannot be used to access the network if the response generated by the software-based network authentication module based on the authentication challenge parameter is invalid.
  • response validation capability may be provided in any other suitable types of wireless networks.
  • response validation capability may be used within any security framework that is based on a challenge-response protocol.
  • AKA Authentication and Key Agreement
  • FIG. 1 depicts a high-level block diagram of an exemplary wireless communication system.
  • the exemplary wireless communication system 100 supports network authentication procedures.
  • the network authentication procedures may be challenge-response authentication procedures, which may be AKA-based authentication procedures which use Authentication Vectors (AVs) during network authentication
  • the exemplary wireless communication system 100 may be a Second Generation (2G) cellular network (e.g., a 2G Global System for Mobile (GSM) cellular network, a 2G Code Division Multiple Access (CDMA) cellular network, or the like), a Third Generation (3G) cellular network (e.g., a 3G CDMA2000 network, a 3G Partnership Project (3GPP) Universal Mobile Telecommunication System (UMTS) network, or the like), a Fourth Generation (4G) cellular network (e.g., a Long Term Evolution (LTE) network), or the like.
  • 2G Second Generation
  • GSM Global System for Mobile
  • CDMA Code Division Multiple Access
  • 3G Third Generation
  • 3G Universal Mobile Telecommunication System
  • 4G Fourth Generation
  • LTE Long Term Evolution
  • the exemplary wireless communication system 100 includes a mobile device (MD) 110 , a Radio Access Network (RAN) 120 , a Core Network (CN) 130 , and a Subscriber Server (SS) 140 .
  • MD mobile device
  • RAN Radio Access Network
  • CN Core Network
  • SS Subscriber Server
  • the MD 110 is a mobile device configured to support challenge-response authentication procedures, which may be AKA-based authentication procedures.
  • the MD 110 includes a processor 112 and a memory 113 that is communicatively connected to the processor 112 .
  • the memory 113 stores various programs and data, including a challenge restoration process 114 and a B-KEY value 115 .
  • the processor 112 is configured to retrieve challenge restoration process 114 from memory 113 and execute the challenge restoration process 114 to provide functions of the response validation capability.
  • the challenge restoration process 114 is configured to decrypt an encrypted authentication challenge parameter of an AV received at the MD 110 during a network authentication procedure, where the encrypted authentication challenge parameter is decrypted using the B-KEY 115 that is maintained on the MD 110 (and also provisioned on SS 140 and used by SS 140 to encrypt the authentication challenge parameter before the AV is sent to the MD 110 ).
  • the operation of challenge restoration process 114 is described in additional detail below.
  • the MD 110 includes a network authentication module (NAM) 116 .
  • NAM network authentication module
  • the NAM 116 is configured to support challenge-response authentication procedures, which may be AKA-based authentication procedures.
  • the NAM 116 is associated with a network subscription of a subscriber.
  • the NAM 116 ensures integrity and security of personal data of the subscriber using MD 110 .
  • the NAM 116 includes subscription credentials (e.g., a subscriber identity, such as an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscription Identity (TMSI), a Globally Unique Temporary Identity (GUTI), or the like), one or more subscription secrets, one or more algorithms for subscription authentication and generation of security keys for protecting session information, and the like.
  • subscription credentials e.g., a subscriber identity, such as an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscription Identity (TMSI), a Globally Unique Temporary Identity (GUTI), or the like
  • IMSI International Mobile Subscriber Identity
  • TMSI Temporary Mobile Subscription Identity
  • GUI Globally Unique Temporary Identity
  • NAM 116 may be implemented in any suitable manner, which may depend on the underlying Radio Access Technology (RAT) of the RAN 120 .
  • RAT Radio Access Technology
  • the NAM 116 is a physically removable device that is inserted into MD 110 .
  • the NAM 116 may be a smartcard.
  • the NAM 116 may be a Subscriber Identity Module (SIM) card.
  • SIM Subscriber Identity Module
  • the NAM 116 may be a Universal Integrated Circuit Card (UICC).
  • UICC Universal Integrated Circuit Card
  • the NAM 116 may be any other suitable type of card or device.
  • NAM 116 may include a Central Processing Unit (CPU), Read-Only Memory (ROM), Random Access Memory (RAM), input-output (I/O) circuits, or the like (which elements are omitted for purposes of clarity).
  • CPU Central Processing Unit
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • I/O input-output circuits, or the like (which elements are omitted for purposes of clarity).
  • the NAM 116 is a software-based module stored within MD 110 (e.g., in the memory 113 or in any other suitable storage location within MD 110 ).
  • the NAM 116 supports one or more applications, at least some of which may depend on the underlying RAT (e.g., a CDMA Subscriber Identity Module (CSIM) application for a CDMA2000 network, a UMTS Subscriber Identity Module (USIM) application for a UMTS network or an LTE network, or the like).
  • a CDMA Subscriber Identity Module (CSIM) application for a CDMA2000 network
  • a UMTS Subscriber Identity Module (USIM) application for a UMTS network or an LTE network, or the like.
  • NAM such as NAM 116
  • NAM 116 The typical configuration and operation of a NAM, such as NAM 116 , will be understood by one skilled in the art.
  • the MD 110 has an equipment identity associated therewith.
  • the equipment identity of MD 110 may depend on the RAT of RAN 120 .
  • MD 110 may have an International Mobile Equipment Identifier (IMEI) or Mobile Equipment Identifier (MEID) associated therewith.
  • IMEI International Mobile Equipment Identifier
  • MEID Mobile Equipment Identifier
  • the manner in which MD 110 provides its equipment identity to the RAN 120 may depend on the RAT of RAN 120 .
  • the MD 110 may provide its equipment identity (e.g., IMEI, MEID, or the like) in the initial Attach Request sent by the MD 110 to RAN 120 , or the equipment identity of the MD 110 may be requested from MD 110 by RAN 120 in a separate transaction.
  • equipment identity e.g., IMEI, MEID, or the like
  • the NAM 116 has a subscriber identity associated therewith.
  • the subscriber identity of NAM 116 may depend on the RAT of RAN 120 .
  • NAM 116 may have one or more subscriber identities (e.g., an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscription Identity (TMSI), a Globally Unique Temporary Identity (GUTI), or the like) associated therewith.
  • IMSI International Mobile Subscriber Identity
  • TMSI Temporary Mobile Subscription Identity
  • GUI Globally Unique Temporary Identity
  • the MD 110 may provide the IMSI of NAM 116 in the initial Attach Request sent by the MD 110 to the RAN 120 , or the MD 110 may provide the TMSI or the GUTI in the initial Attach Request (with the IMSI subsequently being resolved by the RAN 120 ).
  • MD 110 may include various other modules and functions typically supported by mobile devices (e.g., a mobile operating system, one or more network interfaces to one or more types of wireless access networks, one or more client modules (e.g., a camera client module, a video client module, or the like), a battery, and the like).
  • mobile devices e.g., a mobile operating system, one or more network interfaces to one or more types of wireless access networks, one or more client modules (e.g., a camera client module, a video client module, or the like), a battery, and the like).
  • the RAN 120 and CN 130 may support any suitable type of wireless communications.
  • RAN 120 and CN 130 may support one or more of 2G cellular communications, 3G cellular communications, 4G cellular communications, or the like, as well as various combinations thereof.
  • the RAN 120 provides a wireless access interface for MD 110 , supporting communications between MD 110 and CN 130 .
  • the RAN 120 supports network authentication procedures. The typical operation of RAN 120 and CN 130 will be understood by one skilled in the art.
  • the SS 140 is configured to provide security and authentication functions for authenticating mobile devices accessing RAN 120 (illustratively, MD 110 ).
  • SS 140 may be implemented as a Home Location Register (HLR) (e.g., in a GSM network), as a Home Subscriber Server (HSS) (e.g., in a UMTS network), or the like, as well as various combinations thereof.
  • HLR Home Location Register
  • HSS Home Subscriber Server
  • the SS 140 includes a processor 142 and a memory 143 .
  • the memory 143 stores various programs and associated data. More specifically, the memory 143 stores a challenge manipulation process 144 and a subscriber identity to B-KEY mapping table 145 .
  • the processor 142 is configured to retrieve challenge manipulation process 144 from memory 143 and execute the challenge manipulation process 144 to provide functions of the response validation capability.
  • the challenge manipulation process 144 is configured to encrypt an authentication challenge parameter that is generated by SS 140 in response to an AV request received from RAN 120 for MD 110 when MD 110 is requesting to attach to RAN 120 , where the authentication challenge parameter is encrypted using a B-KEY that is retrieved from the subscriber identity to B-KEY mapping table 145 based on a subscriber identity of the NAM 116 of MD 110 (and also provisioned on MD 110 and used by MD 110 to decrypt the authentication challenge parameter received by the MD 110 as part of the AV).
  • the operation of challenge manipulation process 144 is described in additional detail below.
  • the challenge manipulation process 144 may be implemented as an adjunct process or an adjust module associated with or otherwise capable of communicating with SS 140 (e.g., as a process on another device, as a standalone device, or the like, as well as various combinations thereof).
  • the subscriber identity to B-KEY mapping table 145 includes subscriber identity to B-KEY mapping information, including an entry 146 associated with NAM 116 that includes a mapping of the subscriber identity of NAM 116 to a B-KEY 147 . It is noted that, although primarily depicted and described with respect to embodiments in which the subscriber identity to B-KEY mapping information is maintained separate from other information maintained by SS 140 , the subscriber identity to B-KEY mapping information may be maintained in any other suitable manner (e.g., via inclusion in one or more existing tables of SS 140 (which are omitted for purposes of clarity), as part of challenge manipulation process 144 , or the like, as well as various combinations thereof).
  • the subscriber identity to B-KEY mapping table 145 may be maintained using one or more databases associated with SS 140 .
  • the subscriber identity to B-KEY mapping information may be maintained and made accessible to SS 140 in any other suitable manner.
  • the exemplary wireless communication system 100 is configured to support AKA-based authentication procedures which use embodiments of the response validation capability.
  • the MD 110 initiates a service attach procedure in which the MD 110 attempts to attach to RAN 120 .
  • the MD 110 determines a subscriber identity associated with the NAM 116 of MD 110 .
  • the MD 110 sends an initial attach request to the RAN 120 .
  • the type of subscriber identity that is provided to RAN 120 by MD 110 (and, the manner in which the subscriber identity is provided to RAN 120 by MD 110 ) may depend on the access protocol being used by MD 110 , which may in turn depend on the RAT of RAN 120 .
  • the RAN 120 in response to receiving the initial attach request from MD 110 , proceeds with the AKA-based authentication procedure as specified in the standard(s) applicable to the RAN 120 .
  • the RAN 120 as part of the authentication procedure, sends an AV request to SS 140 .
  • the AV request includes the subscriber identity of the NAM 116 of MD 110 .
  • the SS 140 receives the AV request from the RAN 120 .
  • the SS 140 obtains the AV in response to the AV request from the RAN 120 .
  • a standard AV includes an authentication challenge parameter, an expected response, and one or more other parameters (e.g., one or more Session Keys, an Authentication Token, or the like, as well as various combinations thereof).
  • the numbers and types of parameters included within the AV may depend on the underlying RAT of RAN 120 .
  • the generated AV may include a RAND parameter (i.e., the authentication challenge parameter), a signed response (SRES) (i.e., the expected response), and a Session Key.
  • RAND parameter i.e., the authentication challenge parameter
  • SRES signed response
  • Session Key i.e., the expected response
  • the generated AV may include a RAND parameter (i.e., the authentication challenge parameter), an XRES (i.e., the expected response), Session Keys (including a Ciphering Key (CK) and an Integrity Key (IK)), and an Authentication Token (AUTN).
  • RAND parameter i.e., the authentication challenge parameter
  • XRES i.e., the expected response
  • Session Keys including a Ciphering Key (CK) and an Integrity Key (IK)
  • AUTN Authentication Token
  • the parameters typically included within AVs of various RATs will be understood by one skilled in the art.
  • the generated AV may include a RAND parameter (i.e., the authentication challenge parameter), an XRES (i.e., the expected response), a Session Key (K ASME ), and an Authentication Token (AUTN).
  • the AV includes the authentication challenge parameter.
  • the SS 140 before providing an AV response (including the generated AV having the original authentication challenge parameter) to the RAN 120 , executes the challenge manipulation process 144 .
  • the challenge manipulation process 144 supports cryptographic manipulation of the original authentication challenge parameter.
  • the challenge manipulation process 144 determines the subscriber identity of the NAM 116 of MD 110 , retrieves the B-KEY 147 that is associated with the subscriber identity of the NAM 116 of MD 110 , encrypts the original authentication challenge parameter based on the B-KEY 147 in order to form an encrypted authentication challenge parameter, and replaces the original authentication challenge parameter in the AV with the encrypted authentication challenge parameter in the AV.
  • the challenge manipulation process 144 retrieves the B-KEY 147 that is associated with the subscriber identity of the NAM 116 from the subscriber identity to B-KEY mapping table 145 , using the subscriber identity of NAM 116 as a key into the subscriber identity to B-KEY mapping table 145 .
  • the challenge manipulation process 144 encrypts the original authentication challenge parameter using a cipher that takes B-KEY 147 as a secret.
  • the challenge manipulation process 144 may use any suitable cipher in order to encrypt the authentication challenge parameter.
  • the challenge manipulation process 144 may use the Advanced Encryption Standard (AES), SNOW3G, KASUMI, or the like.
  • AES Advanced Encryption Standard
  • SNOW3G SNOW3G
  • KASUMI KASUMI
  • the cipher that is used by challenge manipulation process 144 of SS 140 corresponds to the cipher used by the challenge restoration process 114 of MD 110 to decrypt the encrypted authentication challenge parameter.
  • the SS 140 does not require the equipment identity of the MD 110 ; rather, SS 140 simply assumes (based on presence of the B-KEY 147 in the entry 146 that is associated with the NAM 116 of the MD 110 ) that the MD 110 that is currently being used with the NAM 116 is provisioned with the correct B-KEY.
  • the SS 140 sends the updated AV including the encrypted authentication challenge parameter to RAN 120 and the RAN 120 delivers the updated AV including the encrypted authentication challenge parameter to MD 110 .
  • the MD 110 receives the updated AV including the encrypted authentication challenge parameter.
  • the MD 110 detects that the encrypted authentication challenge parameter needs to be decrypted in order to recover the original authentication challenge parameter such that the original authentication challenge parameter may be provided to NAM 116 .
  • the MD 110 executes the challenge restoration process 114 in order to decrypt the encrypted authentication challenge parameter and, thus, recover the original authentication challenge parameter.
  • the challenge restoration process 114 retrieves the B-KEY 115 from memory 113 and decrypts the encrypted authentication challenge parameter based on B-KEY 115 .
  • the challenge restoration process 114 decrypts the encrypted authentication challenge parameter based on B-KEY 115 using a cipher that takes B-KEY 115 as a secret.
  • the cipher that is used by challenge restoration process 114 of MD 110 corresponds to the cipher used by the challenge manipulation process 144 of SS 140 to encrypt the original authentication challenge parameter).
  • the processor 112 provides the original authentication challenge parameter to NAM 116 .
  • the processor 112 may provide the original authentication challenge parameter to NAM 116 in any suitable manner.
  • the processor 112 may replace the encrypted authentication challenge parameter with the original authentication challenge parameter in the AV and provide the AV including the original authentication challenge parameter to NAM 116 , such that NAM 116 may perform the normal AKA authentication computations.
  • the processor 112 may provide the original authentication challenge parameter (and, optionally, any other required parameters from the AV and/or computed from the AV) to NAM 116 , such that NAM 116 may perform the normal AKA authentication computations.
  • the processor 112 may provide the original authentication challenge parameter to NAM 116 in any other suitable manner.
  • the NAM 116 receives the original authentication challenge parameter and any other required parameters from processor 112 .
  • the NAM 116 performs normal AKA-based authentication computations using the original authentication challenge parameter and any other required parameters.
  • the NAM 116 determines parameters to be returned to the processor 112 of MD 110 , including a response (RES) to the AV received at MD 110 .
  • the parameters determined by NM 116 may depend on the underlying RAT of RAN 120 .
  • the returned parameters may include the RES and a Session Key.
  • the returned parameters may include the RES and the Session Keys (including a CK and an IK).
  • the returned parameters may include the RES and a Session Key (K ASME ).
  • K ASME Session Key
  • the processor 112 receives the returned parameters, including the RES, from the NAM 116 .
  • the processor 112 propagates the RES to the RAN 120 .
  • the RAN 120 validates the RES in the usual manner (e.g., via a comparison of one or more parameters of the RES received from the MD 110 to one or more parameters of the AV received from SS 140 ).
  • the successful validation of the RES by RAN 120 results in successful authentication of MD 110 and the MD 110 is permitted to attach to RAN 120 .
  • the unsuccessful validation of the RES by RAN 120 results in an authentication failure for MD 110 and MD 110 is prevented from attaching to RAN 120 .
  • a secret B-KEY is provisioned into SS 140 and MD 110 for use as a key for encryption and decryption. It will be appreciated that the B-KEY values provisioned into SS 140 and MD 110 correspond to each other (e.g., B-KEY 147 of SS 140 is the same as B-KEY 115 of MD 110 ).
  • NAM 116 In the case of a physically removable NAM 116 , this ensures that, if the NAM 116 is removed from MD 110 and placed into a different MD having a B-KEY that is different than the B-KEY 147 of SS 140 , the different MD will not properly decrypt the encrypted authentication challenge parameter and, thus, the different MD will not be authenticated by RAN 120 . In the case of a software-based NAM 116 , this ensures that if the NAM 116 is hacked, the MD 110 will not be authenticated by the RAN 120 . The provisioning of the same B-KEY value on MD 110 and SS 140 may be used to prevent or mitigate various other types of security threats.
  • the B-KEY value may be determined in any suitable manner (e.g., using any suitable value) and, similarly, may be provisioned into SS 140 (namely, as B-KEY 147 ) and MD 110 (namely, as B-KEY 115 ) in any suitable manner.
  • the B-KEY value may be a pre-provisioned random number or string.
  • the pre-provisioning of the B-KEY value into MD 110 may be performed during device manufacturing, by the operator (or an affiliated entity) prior to deployment, using one or more device management mechanisms (e.g., Open Mobile Alliance-Device Management (OMA-DM)), or the like.
  • OMA-DM Open Mobile Alliance-Device Management
  • the B-KEY value may be a string (e.g., a key, password, or the like) that is provisioned into MD 110 during a bootstrapping procedure, while the same B-KEY is provisioned into SS 140 via a potentially proprietary mechanism (e.g., using an offline provisioning method).
  • a string e.g., a key, password, or the like
  • the B-KEY value may be the output of a hash function.
  • the hash function may utilize any suitable input(s), such as one or more of (1) a random value, (2) a device-specific identity and/or parameter (e.g., an IMEI, a Media Access Control (MAC) address, a serial number, a model number, or the like, as well as various combinations thereof), or the like, as well as various combinations thereof.
  • a device-specific identity and/or parameter e.g., an IMEI, a Media Access Control (MAC) address, a serial number, a model number, or the like, as well as various combinations thereof
  • the B-KEY value may be a number or string chosen using proprietary criteria.
  • the B-KEY value may be determined and provisioned into MD 110 and SS 140 in any other suitable manner.
  • NAM 116 is a physically removable device that has been inserted into MD 110
  • the NAM 116 were to be removed from MD 110 and placed in an unauthorized MD which does not include the correct B-KEY value, an attempt to attach to RAN 120 using the unauthorized MD would result in an incorrect decrypting of the encrypted authentication challenge parameter, which would result in an incorrect RES and, therefore, an authentication failure.
  • the NAM 116 is restricted from being used in any MD other than MD 110 for which it is authorized.
  • NAM 116 is a software-based module stored within MD 110 , if the NAM 116 were to be hacked, an attempt to attach to RAN 120 using the MD 110 would result in an incorrect decrypting of the encrypted authentication challenge parameter, which would result in an incorrect RES and, therefore, an authentication failure. In this manner, the NAM 116 is protected from being hacked.
  • various functions associated with manipulation and restoration of the authentication challenge parameter may be performed by SS 140 and MD 110 .
  • the functions performed by the SS 140 and the MD 110 for manipulating and restoring the authentication challenge parameter may be better understood by way of reference to FIG. 2 and FIG. 3 , respectively.
  • FIG. 2 depicts one embodiment of a method for use by a subscriber server to encrypt an authentication challenge parameter used for authentication of a subscription with a network.
  • the MD is associated with a RAN, which is capable of communicating with an SS.
  • the subscription is associated with a NAM of an MD.
  • the method 200 begins.
  • an AV request is received from the RAN.
  • the AV request includes a subscriber identity of the NAM of the MD.
  • an AV is generated.
  • the AV includes an original authentication challenge parameter.
  • a B-KEY associated with the NAM is determined based on the subscriber identity of the NAM.
  • the original authentication challenge parameter is encrypted, using a cipher based on the B-KEY, to form an encrypted authentication challenge parameter.
  • the B-KEY that is used to encrypt the original authentication challenge parameter on the SS corresponds to a B-KEY to be used to decrypt the authentication challenge parameter on the MD (e.g., the B-KEYs are identical).
  • the original authentication challenge parameter is replaced with the encrypted authentication challenge parameter in the AV to form an updated AV.
  • the updated AV is propagated toward the RAN.
  • method 200 ends. It is noted that the operation of method 200 of FIG. 2 may be better understood when considered in conjunction with FIG. 1 .
  • FIG. 3 depicts one embodiment of a method for use by a mobile device to decrypt an authentication challenge parameter used for authentication of a subscription with a network.
  • the MD includes a NAM.
  • the MD is associated with a RAN, which is capable of communicating with an SS. As depicted in FIG. 3 , a portion of the steps are performed by the MD and a portion of the steps are performed by the NAM of the MD.
  • the method 300 begins.
  • the MD receives an AV from the RAN.
  • the AV is received in response to an Attach Request sent from the MD to the RAN.
  • the AV includes an encrypted authentication challenge parameter.
  • the MD decrypts the encrypted authentication challenge parameter using a cipher based on a B-KEY that is stored on the MD.
  • the B-KEY that is used by the MD to decrypt the encrypted authentication challenge parameter corresponds to the B-KEY that is used by the SS to encrypt the authentication challenge parameter (e.g., the B-KEYs are identical).
  • the MD propagates the decrypted authentication challenge parameter toward the NAM.
  • the NAM receives the decrypted authentication challenge parameter from the MD.
  • the NAM performs authentication computations, based on the decrypted authentication challenge parameter, to determine a RES associated with the AV.
  • the NAM propagates the RES toward the MD.
  • the MD receives the RES from the NAM.
  • the MD propagates the RES toward the RAN.
  • method 300 ends. It is noted that the operation of method 300 of FIG. 3 may be better understood when considered in conjunction with FIG. 1 .
  • the response validation capability also may be used during re-authentication performed in response to a synchronization failure.
  • the value of the authentication challenge parameter that is used by the NAM 116 for the authentication computations to generate the RES i.e., the decrypted authentication challenge parameter
  • the RAN 120 a rare case of a synchronization failure, the value of the authentication challenge parameter that is used by the NAM 116 for the authentication computations to generate the RES (i.e., the decrypted authentication challenge parameter) is not reported back to the RAN 120 . Rather, only an authentication token (e.g., an AUTS token as defined in RFC 3310) is sent to the RAN 120 by the NAM 116 via the MD 110 , where the authentication token includes the expected value of the authentication synchronization parameter.
  • an authentication token e.g., an AUTS token as defined in RFC 3310
  • the RAN 120 associates the received authentication token with the last used value of the authentication challenge parameter that was used during the previous authentication (i.e., the encrypted authentication challenge parameter) and provides the authentication token with the associated authentication challenge value to the SS 140 .
  • the SS 140 e.g., challenge manipulation process 144 or any other suitable process
  • the encrypted authentication challenge parameter received by the SS 140 from the RAN 120 in the synchronization failure transaction needs to be recovered (e.g., decrypted) before association with the original authentication parameter is restored and re-synchronization may be achieved.
  • the decryption of the encrypted authentication challenge parameter to recover the original authentication challenge parameter uses the same cipher that was used to encrypt the original authentication challenge parameter during the previous authentication of the NAM 116 .
  • the decryption of the encrypted authentication challenge parameter to recover the original authentication challenge parameter uses the same B-KEY that was used to encrypt the original authentication challenge parameter during the previous authentication of the NAM 116 (i.e., the B-KEY associated with the subscriber identity of the NAM 116 ).
  • the SS 140 performs processing similar to that performed by the MD 110 during authentication.
  • MTC Machine Type Communications
  • M2M Machine-to-Machine
  • M2M communications include communications by wireless devices without human interaction.
  • MTC devices or M2M devices wireless devices involved in M2M communications, typically referred to as MTC devices or M2M devices, will be based on typical wireless mobile platforms while maximizing the use of existing wireless radio access and core network technologies.
  • M2M/MTC-specific modifications to the commercial wireless architecture and infrastructure are expected to be reduced to a minimum.
  • Various embodiments of the response validation capability are adapted to restrict a NAM associated with an MTC/M2M subscription to a mobile device that is equipped to perform MTC/M2M functions and/or that is authorized to perform MTC/M2M functions.
  • Various embodiments of the response validation capability are adapted to restrict the access of a NAM that is dedicated to be used only with MTC/M2M modules associated with a specific billing plan.
  • Various embodiments of the response validation capability support the requirement, defined in 3GPP TS 22.368 (3 rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Service requirements for Machine-Type Communications (MTC); Stage 1 (Release 11)), which restricts the use of a USIM to specific MTC/M2M devices (as well as similar requirements which may be specified in other standards, e.g., 3GPP2 S.P0146-0 Version 0.50 (Machine-to-Machine Communication System Requirements, Stage 1 Requirements, February 2012) or the like).
  • 3GPP2 S.P0146-0 Version 0.50 (Machine-to-Machine Communication System Requirements, Stage 1 Requirements, February 2012) or the like).
  • a specially equipped or authorized MTC/M2M device is provisioned with a secret B-KEY value (associated with one or both of an equipment identity of the specially equipped or authorized MTC/M2M device or a subscriber identity of a NAM of the specially equipped or authorized MTC/M2M device), which is also stored in a database in the network of the home operator for use in post-processing an AV that is generated in the network of the home operator when the specially equipped or authorized MTC/M2M device is authenticated for access to an access network.
  • a secret B-KEY value associated with one or both of an equipment identity of the specially equipped or authorized MTC/M2M device or a subscriber identity of a NAM of the specially equipped or authorized MTC/M2M device
  • the SS may pre-compute and store the AV for the MD prior to receipt of the AV request from the RAN.
  • the AV associated with the MD may be retrieved by the SS when the AV request is received from the RAN.
  • the SS may be configured to obtain the AV for the MD when the AV request is received from the RAN, where obtaining the AV for the MD may be considered to include computing the AV when the AV request is received or retrieving the AV when the AV request is received.
  • the pre-computed AV may be stored in any suitable type of storage module (e.g., buffer, cache, or the like). It is noted that the pre-computed AV may include the encrypted authentication challenge parameter or the original authentication challenge parameter.
  • the pre-computed and stored AV includes the encrypted authentication challenge parameter.
  • the SS is able to encrypt the original authentication challenge parameter in advance of receipt of the AV, because the SS already maintains the associated information for the NAM (i.e., the subscriber identity, the subscription secret (i.e., B-KEY), and the original authentication challenge parameter).
  • the SS can generate the AV including the encrypted authentication challenge parameter (including performing encryption of the original authentication challenge parameter) and store the AV including the encrypted authentication challenge parameter for later use in responding to a request by an MD to access the RAN.
  • the SS may be configured to compute multiple AVs for multiple subscriptions in advance and to store the pre-computed AVs such that the pre-computed AVs are available for retrieval when the associated MDs access the RAN.
  • the SS may be configured such that, as the AV are retrieved from the SS in response to AV requests, new AVs including encrypted authentication challenge parameters and computed and stored for use during subsequent accesses by the MDs to the RAN. In this manner, the load on the SS may be averaged over time.
  • the pre-computed and stored AV includes the original authentication challenge parameter.
  • the original authentication challenge parameter is encrypted based on the B-KEY when the AV request is received from the RAN.
  • This embodiment may be useful when post-processing is done in association with a specific MD rather than in association with the NAM (e.g., where the SS does not know in advance the MD into which the NAM is inserted and, thus, must wait until the AV request (including the equipment identity of the MD in addition to the subscriber identity of the NAM) is received).
  • the AV is provided from the RAN to the MD
  • only a portion of the AV is provided from the RAN to the MD.
  • the RAN is a GSM-based network
  • the authentication challenge parameter (i.e., RAND) of the AV is provided from the RAN to the MD.
  • the RAN is a UMTS-based network
  • only the authentication challenge parameter (i.e., RAND) and the authentication token (i.e., AUTN) of the AV are provided from the RAN to the MD.
  • the RAN is an LTE-based network
  • the authentication challenge parameter i.e., RAND
  • the authentication token i.e., AUTN
  • the MD may be capable receiving both encrypted authentication challenge parameters and authentication challenge parameters that are not encrypted (e.g., an MD may be capable of supporting multiple subscriptions in which at least one subscription is configured to use an encrypted authentication challenge parameter and at least one subscription is configured to use an unencrypted authentication challenge parameter.
  • the MD may be configured to determine whether a received authentication challenge parameter is encrypted (i.e., to determine whether the received authentication challenge parameter needs to be decrypted before being provided to the NAM).
  • the MD is configured to determine whether the received authentication challenge parameter is encrypted based on a subscriber identity. In one embodiment, the MD is configured such that, when a determination is made that the authentication challenge parameter is encrypted, the encrypted authentication challenge parameter is decrypted based on the B-KEY and the decrypted authentication challenge parameter is propagated toward the NAM. In one embodiment, the MD is configured such that, when a determination is made that the authentication challenge parameter is not encrypted, the authentication challenge parameter is propagated toward the NAM.
  • This may be used, for example, within an MD that includes a non-MTC/M2M subscription (e.g., a typical telephone service subscription) and an MTC/M2M subscription (e.g., for a heart rate monitor or any other MTC/M2M application), where (1) each access to the RAN by the non-MTC/M2M subscription results in return of an authentication challenge parameter that is not encrypted and, thus, does not need to be decrypted before being provided to the NAM and (2) each access to the RAN by the MTC/M2M subscription results in return of an authentication challenge parameter that is encrypted and, thus, needs to be decrypted based on the B-KEY before being provided to the NAM.
  • a non-MTC/M2M subscription e.g., a typical telephone service subscription
  • MTC/M2M subscription e.g., for a heart rate monitor or any other MTC/M2M application
  • an MD may be configured to determine whether a received authentication challenge parameter is encrypted. It also will be appreciated that, as primarily depicted and described herein, an MD may be configured such that it is not necessary to determine whether a received authentication challenge parameter is encrypted. It is noted that, although primarily depicted and described herein with respect to embodiments in which the cryptographic manipulation of the authentication challenge parameter is based on encryption and decryption of the authentication challenge parameter, the cryptographic manipulation of the authentication challenge parameter may be based on any other suitable type of cryptographic manipulation.
  • a NAM may be authorized for use with multiple MDs such that the NAM may be used within any of the multiple MDs without any authentication failures.
  • this may be provided using a single B-KEY, where the same B-KEY is provisioned into each of the multiple MDs and into the SS (e.g., by mapping the equipment identities of each of the multiple MDs to the same B-KEY value using one or more mapping entries).
  • this may be provided using multiple B-KEY values associated with the multiple MDs, where each of the multiple MDs has one of the B-KEYs provisioned therein and the B-KEYs are provisioned into the SS and mapped to the multiple MDs, respectively.
  • an MD may have multiple NAMs associated therewith (i.e., multiple NAMs may be used with the MD).
  • the MD is provisioned with multiple B-KEYs associated with the multiple NAMs which may be used with the MD, respectively.
  • the MD selects the appropriate B-KEY to be used to decrypt the encrypted authentication challenge parameter based on the subscriber identity provided to the MD by the NAM during the authentication procedure.
  • a NAM may be authorized for use with any MD.
  • the MD is not pre-provisioned with a B-KEY specific to the NAM as the value of the subscriber identity would not be known at the time of provisioning of the MD. Rather, in this embodiment, the MD is pre-provisioned with a B-KEY that is associated to the equipment identity of the MD and, similarly, the equipment identity to B-KEY mapping would be maintained in the associated SS.
  • the MD 110 would report its equipment identity (in addition to the subscriber identity of the NAM of the MD) and the SS (e.g., challenge manipulation process 144 ) would use the equipment identity of the MD (rather than the subscriber identity of the NAM of the MD) in order to retrieve the associated B-KEY for the MD for use in encrypting the authentication challenge parameter during authentication of the MD.
  • the SS e.g., challenge manipulation process 144
  • the SS also performs an additional step in order to verify that the equipment identity that is reported by the MD is authorized to be used with the subscriber identity of the NAM that is reported by the MD (e.g., using a subscriber identity to equipment identity mapping table maintained by the SS, or any other suitable source of such mapping information). This verification ensures that the NAM of the MD that is being authenticated is authorized to operate in the MD (i.e., in the device having the equipment identity reported by the MD).
  • the response validation capability may be used within various other types of wireless communication networks.
  • the response validation capability may be used within a 3G CDMA2000 legacy network (e.g., where the RANDU parameter is encrypted and decrypted), a 1 ⁇ EV-DO network (e.g., where the CHAP-Challenge parameter is encrypted and decrypted), or the like.
  • the response validation capability may be used within any security framework that is based on a challenge-response protocol.
  • response validation capability require modifications only to mobile devices configured to support network authentication and to the subscriber server (e.g., HLR, HSS, or the like) supporting authentication for such mobile devices, not to other elements (e.g., not to elements of the RAN, not to elements of the CN, and so forth).
  • the subscriber server e.g., HLR, HSS, or the like
  • FIG. 4 depicts a high-level block diagram of a computer suitable for use in performing functions described herein.
  • the computer 400 includes a processor 402 (e.g., a central processing unit (CPU) and/or other suitable processor(s)) and a memory 404 (e.g., random access memory (RAM), read only memory (ROM), and the like).
  • processor 402 e.g., a central processing unit (CPU) and/or other suitable processor(s)
  • memory 404 e.g., random access memory (RAM), read only memory (ROM), and the like.
  • the computer 400 also may include a cooperating module/process 405 .
  • the cooperating process 405 can be loaded into memory 404 and executed by the processor 402 to implement functions as discussed herein and, thus, cooperating process 405 (including associated data structures) can be stored on a computer readable storage medium, e.g., RAM memory, magnetic or optical drive or diskette, and the like.
  • the computer 400 also may include one or more input/output devices 406 (e.g., a user input device (such as a keyboard, a keypad, a mouse, and the like), a user output device (such as a display, a speaker, and the like), an input port, an output port, a receiver, a transmitter, one or more storage devices (e.g., a tape drive, a floppy drive, a hard disk drive, a compact disk drive, and the like), or the like, as well as various combinations thereof).
  • input/output devices 406 e.g., a user input device (such as a keyboard, a keypad, a mouse, and the like), a user output device (such as a display, a speaker, and the like), an input port, an output port, a receiver, a transmitter, one or more storage devices (e.g., a tape drive, a floppy drive, a hard disk drive, a compact disk drive, and the like), or the like, as well
  • computer 400 depicted in FIG. 4 provides a general architecture and functionality suitable for implementing functional elements described herein and/or portions of functional elements described herein.
  • the computer 400 provides a general architecture and functionality suitable for implementing one or more of MD 110 , NAM 116 , an element of RAN 120 , a portion of an element of RAN 120 , an element of CN 130 , a portion of an element of CN 130 , SS 140 , or the like.

Abstract

A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of U.S. patent application Ser. No. 13/528,802, filed on Jun. 20, 2012, entitled MANIPULATION AND RESTORATION OF AUTHENTICATION CHALLENGE PARAMETERS IN NETWORK AUTHENTICATION PROCEDURES, which is hereby incorporated herein by reference.
    • TECHNICAL FIELD
  • The invention relates generally to communication networks and, more specifically but not exclusively, to network authentication procedures for communication networks.
    • BACKGROUND
  • In many types of networks, security and authentication capabilities are utilized to prevent network access by unauthorized devices.
    • SUMMARY
  • Various deficiencies in the prior art are addressed by embodiments for restricting the use of subscribed network access to a specific authorized device through manipulation and restoration of an authentication challenge parameter.
  • In one embodiment, an apparatus includes a processor and a memory that is communicatively connected to the processor, where the processor is configured to receive an authentication challenge parameter and determine whether the authentication challenge parameter is encrypted.
  • In one embodiment, a method for use by a mobile device comprising a processor and a memory includes receiving, by the processor, an authentication challenge parameter and determining whether the authentication challenge parameter is encrypted.
  • In one embodiment, an apparatus includes a processor and a memory that is communicatively connected to the processor, where the processor is configured to encrypt an original authentication challenge parameter of an authentication vector (AV), based on a binding key, to form an encrypted authentication challenge parameter and replace the original authentication challenge parameter of the AV with the encrypted authentication challenge parameter.
  • In one embodiment, a method includes encrypting, using a processor, an original authentication challenge parameter of an authentication vector (AV), based on a binding key, to form an encrypted authentication challenge parameter, and replacing the original authentication challenge parameter of the AV with the encrypted authentication challenge parameter.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The teachings herein can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:
  • FIG. 1 depicts a high-level block diagram of an exemplary wireless communication system;
  • FIG. 2 depicts one embodiment of a method for use by a subscriber server to encrypt an authentication challenge parameter used for authentication of a subscription with a network;
  • FIG. 3 depicts one embodiment of a method for use by a mobile device to decrypt an authentication challenge parameter used for authentication of a subscription with a network; and
  • FIG. 4 depicts a high-level block diagram of a computer suitable for use in performing functions described herein.
    •
  • To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.
    • DETAILED DESCRIPTION
  • In general, a response validation capability is provided for ensuring validation of a response to an authentication challenge during a network authentication procedure.
  • In at least some embodiments, the response validation capability ensures possession by a mobile device of a subscription secret through validation of a response to an authentication challenge parameter used for authentication of a network authentication module of the mobile device when the mobile device attaches to a wireless network. The authentication challenge parameter is associated with the authentication event in such a way that modification of the authentication challenge parameter will cause an authentication failure such that the mobile device is prevented from accessing the wireless network (namely, modification of the authentication challenge parameter will cause computation of an incorrect authentication response by the network authentication module of the mobile device such that when the authentication response is provided to the wireless network the validation of the authentication response fails the mobile device is prevented from accessing the wireless network). In at least some embodiments, the response validation capability uses a binding key (referred to herein as a B-KEY), which is provisioned on a mobile device and on a subscriber server, to encrypt and decrypt an authentication challenge parameter that is used for authentication of a network authentication module of the mobile device with a wireless access network.
  • In at least some embodiments, the subscriber server is configured to perform cryptographic manipulation of an authentication challenge parameter before the authentication challenge parameter is provided from the subscriber server to the mobile device for subscription authentication. The authentication challenge parameter is associated with a specific authentication event in which an attempt is made to authenticate a subscription associated with the network authentication module of a mobile device. The cryptographic manipulation of the authentication challenge parameter may include encryption of the authentication challenge parameter (e.g., using the B-KEY as the encryption secret) or any other suitable type of manipulation. In at least some embodiments, an authorized mobile device is configured to perform reverse cryptographic manipulation of an authentication challenge parameter before the received authentication challenge parameter is presented to the network authentication module of the mobile device for generating a response to the authentication challenge. The reverse cryptographic manipulation of the authentication challenge parameter may include decryption of the authentication challenge parameter (e.g., using the B-KEY as the decryption secret) or any other suitable type of manipulation.
  • In at least some embodiments, the response validation capability supports restricting the use of a network authentication module (e.g., a smart card, a software-based network authentication module, or the like) to a mobile device authorized to use the network authentication module. In the case of a smartcard (or any other type of physically removable network authentication module), such embodiments ensure that the network authentication module cannot be improperly used in a mobile device that is not authorized to use the network authentication module. In the case of a software-based network authentication module, this ensures that the software-based network authentication module of a mobile device cannot be used to access the network if the response generated by the software-based network authentication module based on the authentication challenge parameter is invalid.
  • It is noted that, although primarily depicted and described herein within the context of embodiments in which the response validation capability is provided within specific types of wireless networks (namely, within cellular-based wireless networks), the response validation capability may be provided in any other suitable types of wireless networks.
  • It is noted that, although primarily depicted and described herein within the context of embodiments in which the response validation capability is provided within specific types of security frameworks (namely, within networks using Authentication and Key Agreement (AKA)-based authentication procedures), the response validation capability may be used within any security framework that is based on a challenge-response protocol.
  • FIG. 1 depicts a high-level block diagram of an exemplary wireless communication system.
  • The exemplary wireless communication system 100 supports network authentication procedures. The network authentication procedures may be challenge-response authentication procedures, which may be AKA-based authentication procedures which use Authentication Vectors (AVs) during network authentication For example, the exemplary wireless communication system 100 may be a Second Generation (2G) cellular network (e.g., a 2G Global System for Mobile (GSM) cellular network, a 2G Code Division Multiple Access (CDMA) cellular network, or the like), a Third Generation (3G) cellular network (e.g., a 3G CDMA2000 network, a 3G Partnership Project (3GPP) Universal Mobile Telecommunication System (UMTS) network, or the like), a Fourth Generation (4G) cellular network (e.g., a Long Term Evolution (LTE) network), or the like.
  • The exemplary wireless communication system 100 includes a mobile device (MD) 110, a Radio Access Network (RAN) 120, a Core Network (CN) 130, and a Subscriber Server (SS) 140.
  • The MD 110 is a mobile device configured to support challenge-response authentication procedures, which may be AKA-based authentication procedures.
  • The MD 110 includes a processor 112 and a memory 113 that is communicatively connected to the processor 112. The memory 113 stores various programs and data, including a challenge restoration process 114 and a B-KEY value 115. The processor 112 is configured to retrieve challenge restoration process 114 from memory 113 and execute the challenge restoration process 114 to provide functions of the response validation capability. The challenge restoration process 114 is configured to decrypt an encrypted authentication challenge parameter of an AV received at the MD 110 during a network authentication procedure, where the encrypted authentication challenge parameter is decrypted using the B-KEY 115 that is maintained on the MD 110 (and also provisioned on SS 140 and used by SS 140 to encrypt the authentication challenge parameter before the AV is sent to the MD 110). The operation of challenge restoration process 114 is described in additional detail below.
  • The MD 110 includes a network authentication module (NAM) 116.
  • The NAM 116 is configured to support challenge-response authentication procedures, which may be AKA-based authentication procedures.
  • The NAM 116 is associated with a network subscription of a subscriber. The NAM 116 ensures integrity and security of personal data of the subscriber using MD 110. The NAM 116 includes subscription credentials (e.g., a subscriber identity, such as an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscription Identity (TMSI), a Globally Unique Temporary Identity (GUTI), or the like), one or more subscription secrets, one or more algorithms for subscription authentication and generation of security keys for protecting session information, and the like.
  • As depicted in FIG. 1, NAM 116 may be implemented in any suitable manner, which may depend on the underlying Radio Access Technology (RAT) of the RAN 120.
  • In one embodiment, as depicted in FIG. 1, the NAM 116 is a physically removable device that is inserted into MD 110. In this embodiment, the NAM 116 may be a smartcard. In the case of a GSM network, for example, the NAM 116 may be a Subscriber Identity Module (SIM) card. In the case of a UMTS network or an LTE network, for example, the NAM 116 may be a Universal Integrated Circuit Card (UICC). The NAM 116 may be any other suitable type of card or device. In such embodiments, for example, NAM 116 may include a Central Processing Unit (CPU), Read-Only Memory (ROM), Random Access Memory (RAM), input-output (I/O) circuits, or the like (which elements are omitted for purposes of clarity).
  • In one embodiment, as depicted in FIG. 1, the NAM 116 is a software-based module stored within MD 110 (e.g., in the memory 113 or in any other suitable storage location within MD 110).
  • The NAM 116 supports one or more applications, at least some of which may depend on the underlying RAT (e.g., a CDMA Subscriber Identity Module (CSIM) application for a CDMA2000 network, a UMTS Subscriber Identity Module (USIM) application for a UMTS network or an LTE network, or the like).
  • The typical configuration and operation of a NAM, such as NAM 116, will be understood by one skilled in the art.
  • The MD 110 has an equipment identity associated therewith. The equipment identity of MD 110 may depend on the RAT of RAN 120. For example, MD 110 may have an International Mobile Equipment Identifier (IMEI) or Mobile Equipment Identifier (MEID) associated therewith. In cases in which the MD 110 is required to provide its equipment identity as part of the network authentication procedure, the manner in which MD 110 provides its equipment identity to the RAN 120 may depend on the RAT of RAN 120. For example, the MD 110 may provide its equipment identity (e.g., IMEI, MEID, or the like) in the initial Attach Request sent by the MD 110 to RAN 120, or the equipment identity of the MD 110 may be requested from MD 110 by RAN 120 in a separate transaction.
  • The NAM 116 has a subscriber identity associated therewith. The subscriber identity of NAM 116 may depend on the RAT of RAN 120. For example, NAM 116 may have one or more subscriber identities (e.g., an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscription Identity (TMSI), a Globally Unique Temporary Identity (GUTI), or the like) associated therewith. The manner in which MD 110 provides the subscriber identity of NAM 116 during the network authentication procedure may depend on the RAT of RAN 120. For example, the MD 110 may provide the IMSI of NAM 116 in the initial Attach Request sent by the MD 110 to the RAN 120, or the MD 110 may provide the TMSI or the GUTI in the initial Attach Request (with the IMSI subsequently being resolved by the RAN 120).
  • It will be appreciated that, although omitted for purposes of clarity, MD 110 may include various other modules and functions typically supported by mobile devices (e.g., a mobile operating system, one or more network interfaces to one or more types of wireless access networks, one or more client modules (e.g., a camera client module, a video client module, or the like), a battery, and the like).
  • The RAN 120 and CN 130 may support any suitable type of wireless communications. For example, RAN 120 and CN 130 may support one or more of 2G cellular communications, 3G cellular communications, 4G cellular communications, or the like, as well as various combinations thereof. The RAN 120 provides a wireless access interface for MD 110, supporting communications between MD 110 and CN 130. The RAN 120 supports network authentication procedures. The typical operation of RAN 120 and CN 130 will be understood by one skilled in the art.
  • The SS 140 is configured to provide security and authentication functions for authenticating mobile devices accessing RAN 120 (illustratively, MD 110). For example, SS 140 may be implemented as a Home Location Register (HLR) (e.g., in a GSM network), as a Home Subscriber Server (HSS) (e.g., in a UMTS network), or the like, as well as various combinations thereof.
  • The SS 140 includes a processor 142 and a memory 143. The memory 143 stores various programs and associated data. More specifically, the memory 143 stores a challenge manipulation process 144 and a subscriber identity to B-KEY mapping table 145. The processor 142 is configured to retrieve challenge manipulation process 144 from memory 143 and execute the challenge manipulation process 144 to provide functions of the response validation capability. The challenge manipulation process 144 is configured to encrypt an authentication challenge parameter that is generated by SS 140 in response to an AV request received from RAN 120 for MD 110 when MD 110 is requesting to attach to RAN 120, where the authentication challenge parameter is encrypted using a B-KEY that is retrieved from the subscriber identity to B-KEY mapping table 145 based on a subscriber identity of the NAM 116 of MD 110 (and also provisioned on MD 110 and used by MD 110 to decrypt the authentication challenge parameter received by the MD 110 as part of the AV). The operation of challenge manipulation process 144 is described in additional detail below. It is noted that, although primarily depicted and described as being part of SS 140, the challenge manipulation process 144 may be implemented as an adjunct process or an adjust module associated with or otherwise capable of communicating with SS 140 (e.g., as a process on another device, as a standalone device, or the like, as well as various combinations thereof).
  • The subscriber identity to B-KEY mapping table 145 includes subscriber identity to B-KEY mapping information, including an entry 146 associated with NAM 116 that includes a mapping of the subscriber identity of NAM 116 to a B-KEY 147. It is noted that, although primarily depicted and described with respect to embodiments in which the subscriber identity to B-KEY mapping information is maintained separate from other information maintained by SS 140, the subscriber identity to B-KEY mapping information may be maintained in any other suitable manner (e.g., via inclusion in one or more existing tables of SS 140 (which are omitted for purposes of clarity), as part of challenge manipulation process 144, or the like, as well as various combinations thereof). It is noted that, although primarily depicted and described herein with respect to embodiments in which the subscriber identity to B-KEY mapping table 145 is stored in a memory within SS 140 (illustratively, memory 143), the subscriber identity to B-KEY mapping table 145 may be maintained using one or more databases associated with SS 140. The subscriber identity to B-KEY mapping information may be maintained and made accessible to SS 140 in any other suitable manner.
  • The exemplary wireless communication system 100 is configured to support AKA-based authentication procedures which use embodiments of the response validation capability.
  • The MD 110 initiates a service attach procedure in which the MD 110 attempts to attach to RAN 120. The MD 110 determines a subscriber identity associated with the NAM 116 of MD 110. The MD 110 sends an initial attach request to the RAN 120. The type of subscriber identity that is provided to RAN 120 by MD 110 (and, the manner in which the subscriber identity is provided to RAN 120 by MD 110) may depend on the access protocol being used by MD 110, which may in turn depend on the RAT of RAN 120.
  • The RAN 120, in response to receiving the initial attach request from MD 110, proceeds with the AKA-based authentication procedure as specified in the standard(s) applicable to the RAN 120. The RAN 120, as part of the authentication procedure, sends an AV request to SS 140. The AV request includes the subscriber identity of the NAM 116 of MD 110.
  • The SS 140 receives the AV request from the RAN 120. The SS 140 obtains the AV in response to the AV request from the RAN 120. In general, a standard AV includes an authentication challenge parameter, an expected response, and one or more other parameters (e.g., one or more Session Keys, an Authentication Token, or the like, as well as various combinations thereof). The numbers and types of parameters included within the AV may depend on the underlying RAT of RAN 120. In the case of a GSM network, for example, the generated AV may include a RAND parameter (i.e., the authentication challenge parameter), a signed response (SRES) (i.e., the expected response), and a Session Key. In the case of a UMTS network, for example, the generated AV may include a RAND parameter (i.e., the authentication challenge parameter), an XRES (i.e., the expected response), Session Keys (including a Ciphering Key (CK) and an Integrity Key (IK)), and an Authentication Token (AUTN). The parameters typically included within AVs of various RATs will be understood by one skilled in the art. In the case of a LTE network, for example, the generated AV may include a RAND parameter (i.e., the authentication challenge parameter), an XRES (i.e., the expected response), a Session Key (KASME), and an Authentication Token (AUTN). In each case, the AV includes the authentication challenge parameter.
  • The SS 140, before providing an AV response (including the generated AV having the original authentication challenge parameter) to the RAN 120, executes the challenge manipulation process 144. The challenge manipulation process 144 supports cryptographic manipulation of the original authentication challenge parameter. The challenge manipulation process 144 determines the subscriber identity of the NAM 116 of MD 110, retrieves the B-KEY 147 that is associated with the subscriber identity of the NAM 116 of MD 110, encrypts the original authentication challenge parameter based on the B-KEY 147 in order to form an encrypted authentication challenge parameter, and replaces the original authentication challenge parameter in the AV with the encrypted authentication challenge parameter in the AV.
  • The challenge manipulation process 144 retrieves the B-KEY 147 that is associated with the subscriber identity of the NAM 116 from the subscriber identity to B-KEY mapping table 145, using the subscriber identity of NAM 116 as a key into the subscriber identity to B-KEY mapping table 145.
  • The challenge manipulation process 144 encrypts the original authentication challenge parameter using a cipher that takes B-KEY 147 as a secret. The challenge manipulation process 144 may use any suitable cipher in order to encrypt the authentication challenge parameter. For example, the challenge manipulation process 144 may use the Advanced Encryption Standard (AES), SNOW3G, KASUMI, or the like. The cipher that is used by challenge manipulation process 144 of SS 140 corresponds to the cipher used by the challenge restoration process 114 of MD 110 to decrypt the encrypted authentication challenge parameter.
  • It is noted that the SS 140 does not require the equipment identity of the MD 110; rather, SS 140 simply assumes (based on presence of the B-KEY 147 in the entry 146 that is associated with the NAM 116 of the MD 110) that the MD 110 that is currently being used with the NAM 116 is provisioned with the correct B-KEY.
  • The SS 140 sends the updated AV including the encrypted authentication challenge parameter to RAN 120 and the RAN 120 delivers the updated AV including the encrypted authentication challenge parameter to MD 110.
  • The MD 110 receives the updated AV including the encrypted authentication challenge parameter. The MD 110 detects that the encrypted authentication challenge parameter needs to be decrypted in order to recover the original authentication challenge parameter such that the original authentication challenge parameter may be provided to NAM 116. The MD 110 executes the challenge restoration process 114 in order to decrypt the encrypted authentication challenge parameter and, thus, recover the original authentication challenge parameter. The challenge restoration process 114 retrieves the B-KEY 115 from memory 113 and decrypts the encrypted authentication challenge parameter based on B-KEY 115. The challenge restoration process 114 decrypts the encrypted authentication challenge parameter based on B-KEY 115 using a cipher that takes B-KEY 115 as a secret. The cipher that is used by challenge restoration process 114 of MD 110 corresponds to the cipher used by the challenge manipulation process 144 of SS 140 to encrypt the original authentication challenge parameter).
  • The processor 112 provides the original authentication challenge parameter to NAM 116. The processor 112 may provide the original authentication challenge parameter to NAM 116 in any suitable manner. For example, the processor 112 may replace the encrypted authentication challenge parameter with the original authentication challenge parameter in the AV and provide the AV including the original authentication challenge parameter to NAM 116, such that NAM 116 may perform the normal AKA authentication computations. For example, the processor 112 may provide the original authentication challenge parameter (and, optionally, any other required parameters from the AV and/or computed from the AV) to NAM 116, such that NAM 116 may perform the normal AKA authentication computations. The processor 112 may provide the original authentication challenge parameter to NAM 116 in any other suitable manner.
  • The NAM 116 receives the original authentication challenge parameter and any other required parameters from processor 112. The NAM 116 performs normal AKA-based authentication computations using the original authentication challenge parameter and any other required parameters. The NAM 116 determines parameters to be returned to the processor 112 of MD 110, including a response (RES) to the AV received at MD 110. The parameters determined by NM 116 may depend on the underlying RAT of RAN 120. In the case of a GSM network, for example, the returned parameters may include the RES and a Session Key. In the case of a UMTS network, for example, the returned parameters may include the RES and the Session Keys (including a CK and an IK). In the case of an LTE network, for example, the returned parameters may include the RES and a Session Key (KASME). The parameters typically returned by the NAM 116 to the MD 110 for various RATs will be understood by one skilled in the art.
  • The processor 112 receives the returned parameters, including the RES, from the NAM 116. The processor 112 propagates the RES to the RAN 120. The RAN 120 validates the RES in the usual manner (e.g., via a comparison of one or more parameters of the RES received from the MD 110 to one or more parameters of the AV received from SS 140). The successful validation of the RES by RAN 120 results in successful authentication of MD 110 and the MD 110 is permitted to attach to RAN 120. The unsuccessful validation of the RES by RAN 120 results in an authentication failure for MD 110 and MD 110 is prevented from attaching to RAN 120.
  • As noted above, in order to support encryption and decryption of the authentication challenge parameter, a secret B-KEY is provisioned into SS 140 and MD 110 for use as a key for encryption and decryption. It will be appreciated that the B-KEY values provisioned into SS 140 and MD 110 correspond to each other (e.g., B-KEY 147 of SS 140 is the same as B-KEY 115 of MD 110). In the case of a physically removable NAM 116, this ensures that, if the NAM 116 is removed from MD 110 and placed into a different MD having a B-KEY that is different than the B-KEY 147 of SS 140, the different MD will not properly decrypt the encrypted authentication challenge parameter and, thus, the different MD will not be authenticated by RAN 120. In the case of a software-based NAM 116, this ensures that if the NAM 116 is hacked, the MD 110 will not be authenticated by the RAN 120. The provisioning of the same B-KEY value on MD 110 and SS 140 may be used to prevent or mitigate various other types of security threats.
  • The B-KEY value may be determined in any suitable manner (e.g., using any suitable value) and, similarly, may be provisioned into SS 140 (namely, as B-KEY 147) and MD 110 (namely, as B-KEY 115) in any suitable manner.
  • In one embodiment, for example, the B-KEY value may be a pre-provisioned random number or string. The pre-provisioning of the B-KEY value into MD 110 may be performed during device manufacturing, by the operator (or an affiliated entity) prior to deployment, using one or more device management mechanisms (e.g., Open Mobile Alliance-Device Management (OMA-DM)), or the like.
  • In one embodiment, for example, the B-KEY value may be a string (e.g., a key, password, or the like) that is provisioned into MD 110 during a bootstrapping procedure, while the same B-KEY is provisioned into SS 140 via a potentially proprietary mechanism (e.g., using an offline provisioning method).
  • In one embodiment, for example, the B-KEY value may be the output of a hash function. In this embodiment, the hash function may utilize any suitable input(s), such as one or more of (1) a random value, (2) a device-specific identity and/or parameter (e.g., an IMEI, a Media Access Control (MAC) address, a serial number, a model number, or the like, as well as various combinations thereof), or the like, as well as various combinations thereof.
  • In one embodiment, for example, the B-KEY value may be a number or string chosen using proprietary criteria.
  • The B-KEY value may be determined and provisioned into MD 110 and SS 140 in any other suitable manner.
  • In the foregoing description, an assumption is made that the MD 110 is authorized to use the NAM 116. The B-KEY 147 maintained in SS 140 is the same as the B-KEY 115 maintained in the MD 110 and, thus, the original authentication challenge parameter that is encrypted by SS 140 is correctly decrypted by MD 110 such that NAM 116 performs network authentication on the basis of the correct authentication challenge parameter and generates the correct RES and, therefore, the RAN 120 successfully validates the MD 110.
  • In the case in which NAM 116 is a physically removable device that has been inserted into MD 110, if the NAM 116 were to be removed from MD 110 and placed in an unauthorized MD which does not include the correct B-KEY value, an attempt to attach to RAN 120 using the unauthorized MD would result in an incorrect decrypting of the encrypted authentication challenge parameter, which would result in an incorrect RES and, therefore, an authentication failure. In this manner, the NAM 116 is restricted from being used in any MD other than MD 110 for which it is authorized.
  • In the case in which NAM 116 is a software-based module stored within MD 110, if the NAM 116 were to be hacked, an attempt to attach to RAN 120 using the MD 110 would result in an incorrect decrypting of the encrypted authentication challenge parameter, which would result in an incorrect RES and, therefore, an authentication failure. In this manner, the NAM 116 is protected from being hacked.
  • Thus, only an authorized mobile device possessing the correct B-KEY value for a NAM can properly decrypt the authentication challenge parameter such that the NAM can generate the proper RES and the mobile device can be successfully authenticated by the RAN. In this manner, a subscription-specific NAM is securely bound to an authorized mobile device under the full control of the Wireless Operator.
  • As noted above, various functions associated with manipulation and restoration of the authentication challenge parameter may be performed by SS 140 and MD 110. The functions performed by the SS 140 and the MD 110 for manipulating and restoring the authentication challenge parameter may be better understood by way of reference to FIG. 2 and FIG. 3, respectively.
  • FIG. 2 depicts one embodiment of a method for use by a subscriber server to encrypt an authentication challenge parameter used for authentication of a subscription with a network. The MD is associated with a RAN, which is capable of communicating with an SS. The subscription is associated with a NAM of an MD. At step 210, the method 200 begins. At step 220, an AV request is received from the RAN. The AV request includes a subscriber identity of the NAM of the MD. At step 230, an AV is generated. The AV includes an original authentication challenge parameter. At step 240, a B-KEY associated with the NAM is determined based on the subscriber identity of the NAM. At step 250, the original authentication challenge parameter is encrypted, using a cipher based on the B-KEY, to form an encrypted authentication challenge parameter. The B-KEY that is used to encrypt the original authentication challenge parameter on the SS corresponds to a B-KEY to be used to decrypt the authentication challenge parameter on the MD (e.g., the B-KEYs are identical). At step 260, the original authentication challenge parameter is replaced with the encrypted authentication challenge parameter in the AV to form an updated AV. At step 270, the updated AV is propagated toward the RAN. At step 280, method 200 ends. It is noted that the operation of method 200 of FIG. 2 may be better understood when considered in conjunction with FIG. 1.
  • FIG. 3 depicts one embodiment of a method for use by a mobile device to decrypt an authentication challenge parameter used for authentication of a subscription with a network. The MD includes a NAM. The MD is associated with a RAN, which is capable of communicating with an SS. As depicted in FIG. 3, a portion of the steps are performed by the MD and a portion of the steps are performed by the NAM of the MD. At step 305, the method 300 begins. At step 310, the MD receives an AV from the RAN. The AV is received in response to an Attach Request sent from the MD to the RAN. The AV includes an encrypted authentication challenge parameter. At step 315, the MD decrypts the encrypted authentication challenge parameter using a cipher based on a B-KEY that is stored on the MD. The B-KEY that is used by the MD to decrypt the encrypted authentication challenge parameter corresponds to the B-KEY that is used by the SS to encrypt the authentication challenge parameter (e.g., the B-KEYs are identical). At step 320, the MD propagates the decrypted authentication challenge parameter toward the NAM. At step 325, the NAM receives the decrypted authentication challenge parameter from the MD. At step 330, the NAM performs authentication computations, based on the decrypted authentication challenge parameter, to determine a RES associated with the AV. At step 335, the NAM propagates the RES toward the MD. At step 340, the MD receives the RES from the NAM. At step 345, the MD propagates the RES toward the RAN. At step 350, method 300 ends. It is noted that the operation of method 300 of FIG. 3 may be better understood when considered in conjunction with FIG. 1.
  • Returning now to FIG. 1, it is noted that, although primarily depicted and described herein with respect to embodiments in which the response validation capability is used during authentication, the response validation capability also may be used during re-authentication performed in response to a synchronization failure. In a rare case of a synchronization failure, the value of the authentication challenge parameter that is used by the NAM 116 for the authentication computations to generate the RES (i.e., the decrypted authentication challenge parameter) is not reported back to the RAN 120. Rather, only an authentication token (e.g., an AUTS token as defined in RFC 3310) is sent to the RAN 120 by the NAM 116 via the MD 110, where the authentication token includes the expected value of the authentication synchronization parameter. The RAN 120 associates the received authentication token with the last used value of the authentication challenge parameter that was used during the previous authentication (i.e., the encrypted authentication challenge parameter) and provides the authentication token with the associated authentication challenge value to the SS 140. The SS 140 (e.g., challenge manipulation process 144 or any other suitable process) decrypts the encrypted authentication challenge parameter before SS 140 regenerates the AV for re-synchronization. In other words, the encrypted authentication challenge parameter received by the SS 140 from the RAN 120 in the synchronization failure transaction needs to be recovered (e.g., decrypted) before association with the original authentication parameter is restored and re-synchronization may be achieved. The decryption of the encrypted authentication challenge parameter to recover the original authentication challenge parameter uses the same cipher that was used to encrypt the original authentication challenge parameter during the previous authentication of the NAM 116. Similarly, the decryption of the encrypted authentication challenge parameter to recover the original authentication challenge parameter uses the same B-KEY that was used to encrypt the original authentication challenge parameter during the previous authentication of the NAM 116 (i.e., the B-KEY associated with the subscriber identity of the NAM 116). In other words, during re-synchronization, the SS 140 performs processing similar to that performed by the MD 110 during authentication.
  • It is noted that various embodiments of the response validation capability may be particularly useful within the context of Machine Type Communications (MTC). MTC is being defined by multiple standardization bodies to allow Wireless Operator support for Machine-to-Machine (M2M) communications. In general, M2M communications include communications by wireless devices without human interaction. It is increasingly expected that wireless devices involved in M2M communications, typically referred to as MTC devices or M2M devices, will be based on typical wireless mobile platforms while maximizing the use of existing wireless radio access and core network technologies. In other words, M2M/MTC-specific modifications to the commercial wireless architecture and infrastructure are expected to be reduced to a minimum. However, specifics of MTC/M2M feature operation require that a NAM associated with an MTC/M2M subscription can only be used in mobile devices that are specially designed as MTC/M2M devices and/or authorized to perform the M2M/MTC functions. Various embodiments of the response validation capability are adapted to restrict a NAM associated with an MTC/M2M subscription to a mobile device that is equipped to perform MTC/M2M functions and/or that is authorized to perform MTC/M2M functions. Various embodiments of the response validation capability are adapted to restrict the access of a NAM that is dedicated to be used only with MTC/M2M modules associated with a specific billing plan. Various embodiments of the response validation capability support the requirement, defined in 3GPP TS 22.368 (3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Service requirements for Machine-Type Communications (MTC); Stage 1 (Release 11)), which restricts the use of a USIM to specific MTC/M2M devices (as well as similar requirements which may be specified in other standards, e.g., 3GPP2 S.P0146-0 Version 0.50 (Machine-to-Machine Communication System Requirements, Stage 1 Requirements, February 2012) or the like). In one embodiment, a specially equipped or authorized MTC/M2M device is provisioned with a secret B-KEY value (associated with one or both of an equipment identity of the specially equipped or authorized MTC/M2M device or a subscriber identity of a NAM of the specially equipped or authorized MTC/M2M device), which is also stored in a database in the network of the home operator for use in post-processing an AV that is generated in the network of the home operator when the specially equipped or authorized MTC/M2M device is authenticated for access to an access network.
  • It is noted that, although primarily depicted and described herein with respect to embodiments in which the SS computes the AV for the MD when the AV request is received from the RAN, in at least some embodiments the SS may pre-compute and store the AV for the MD prior to receipt of the AV request from the RAN. In this embodiment, the AV associated with the MD may be retrieved by the SS when the AV request is received from the RAN. Thus, the SS may be configured to obtain the AV for the MD when the AV request is received from the RAN, where obtaining the AV for the MD may be considered to include computing the AV when the AV request is received or retrieving the AV when the AV request is received. The pre-computed AV may be stored in any suitable type of storage module (e.g., buffer, cache, or the like). It is noted that the pre-computed AV may include the encrypted authentication challenge parameter or the original authentication challenge parameter.
  • In one embodiment, the pre-computed and stored AV includes the encrypted authentication challenge parameter. The SS is able to encrypt the original authentication challenge parameter in advance of receipt of the AV, because the SS already maintains the associated information for the NAM (i.e., the subscriber identity, the subscription secret (i.e., B-KEY), and the original authentication challenge parameter). Thus, if the SS has information indicative that the original authentication challenge parameter of a NAM needs to be encrypted, the SS can generate the AV including the encrypted authentication challenge parameter (including performing encryption of the original authentication challenge parameter) and store the AV including the encrypted authentication challenge parameter for later use in responding to a request by an MD to access the RAN. This prevents the SS from having to generate the AV, including encryption of the original authentication challenge parameter to form the encrypted authentication challenge parameter, in real time when the AV request is received. The SS may be configured to compute multiple AVs for multiple subscriptions in advance and to store the pre-computed AVs such that the pre-computed AVs are available for retrieval when the associated MDs access the RAN. The SS may be configured such that, as the AV are retrieved from the SS in response to AV requests, new AVs including encrypted authentication challenge parameters and computed and stored for use during subsequent accesses by the MDs to the RAN. In this manner, the load on the SS may be averaged over time.
  • In one embodiment, the pre-computed and stored AV includes the original authentication challenge parameter. In this embodiment, the original authentication challenge parameter is encrypted based on the B-KEY when the AV request is received from the RAN. This embodiment may be useful when post-processing is done in association with a specific MD rather than in association with the NAM (e.g., where the SS does not know in advance the MD into which the NAM is inserted and, thus, must wait until the AV request (including the equipment identity of the MD in addition to the subscriber identity of the NAM) is received).
  • It is noted that, although primarily depicted and described herein with respect to embodiments in which the AV is provided from the RAN to the MD, in at least some embodiments only a portion of the AV is provided from the RAN to the MD. In one embodiment in which the RAN is a GSM-based network, for example, only the authentication challenge parameter (i.e., RAND) of the AV is provided from the RAN to the MD. In one embodiment in which the RAN is a UMTS-based network, for example, only the authentication challenge parameter (i.e., RAND) and the authentication token (i.e., AUTN) of the AV are provided from the RAN to the MD. In one embodiment in which the RAN is an LTE-based network, for example, only the authentication challenge parameter (i.e., RAND) and the authentication token (i.e., AUTN) of the AV are provided from the RAN to the MD. It is noted that, in each case, at least the authentication challenge parameter of the AV is provided from the RAN to the MD.
  • It is noted that, although primarily depicted and described herein with respect to embodiments in which it is assumed that the authentication challenge parameter that is provided from the SS to the RAN to the MD is an encrypted authentication challenge parameter, in at least some embodiments the MD may be capable receiving both encrypted authentication challenge parameters and authentication challenge parameters that are not encrypted (e.g., an MD may be capable of supporting multiple subscriptions in which at least one subscription is configured to use an encrypted authentication challenge parameter and at least one subscription is configured to use an unencrypted authentication challenge parameter. In one embodiment, the MD may be configured to determine whether a received authentication challenge parameter is encrypted (i.e., to determine whether the received authentication challenge parameter needs to be decrypted before being provided to the NAM). In one embodiment, the MD is configured to determine whether the received authentication challenge parameter is encrypted based on a subscriber identity. In one embodiment, the MD is configured such that, when a determination is made that the authentication challenge parameter is encrypted, the encrypted authentication challenge parameter is decrypted based on the B-KEY and the decrypted authentication challenge parameter is propagated toward the NAM. In one embodiment, the MD is configured such that, when a determination is made that the authentication challenge parameter is not encrypted, the authentication challenge parameter is propagated toward the NAM. This may be used, for example, within an MD that includes a non-MTC/M2M subscription (e.g., a typical telephone service subscription) and an MTC/M2M subscription (e.g., for a heart rate monitor or any other MTC/M2M application), where (1) each access to the RAN by the non-MTC/M2M subscription results in return of an authentication challenge parameter that is not encrypted and, thus, does not need to be decrypted before being provided to the NAM and (2) each access to the RAN by the MTC/M2M subscription results in return of an authentication challenge parameter that is encrypted and, thus, needs to be decrypted based on the B-KEY before being provided to the NAM. It will be appreciated that this is merely one example of cases in which an MD may be configured to determine whether a received authentication challenge parameter is encrypted. It also will be appreciated that, as primarily depicted and described herein, an MD may be configured such that it is not necessary to determine whether a received authentication challenge parameter is encrypted. It is noted that, although primarily depicted and described herein with respect to embodiments in which the cryptographic manipulation of the authentication challenge parameter is based on encryption and decryption of the authentication challenge parameter, the cryptographic manipulation of the authentication challenge parameter may be based on any other suitable type of cryptographic manipulation.
  • It is noted that, although primarily depicted and described herein with respect to embodiments in which a NAM is bound to a single authorized MD, in at least some embodiments a NAM may be authorized for use with multiple MDs such that the NAM may be used within any of the multiple MDs without any authentication failures. In one embodiment, this may be provided using a single B-KEY, where the same B-KEY is provisioned into each of the multiple MDs and into the SS (e.g., by mapping the equipment identities of each of the multiple MDs to the same B-KEY value using one or more mapping entries). In one embodiment, this may be provided using multiple B-KEY values associated with the multiple MDs, where each of the multiple MDs has one of the B-KEYs provisioned therein and the B-KEYs are provisioned into the SS and mapped to the multiple MDs, respectively.
  • It is noted that, although primarily depicted and described herein with respect to embodiments in which an MD has a single NAM associated therewith, in at least some embodiments an MD may have multiple NAMs associated therewith (i.e., multiple NAMs may be used with the MD). In one embodiment, the MD is provisioned with multiple B-KEYs associated with the multiple NAMs which may be used with the MD, respectively. In this embodiment, when the MD receives an AV including an encrypted authentication challenge parameter, the MD selects the appropriate B-KEY to be used to decrypt the encrypted authentication challenge parameter based on the subscriber identity provided to the MD by the NAM during the authentication procedure.
  • It is noted that, although primarily depicted and described herein with respect to embodiments in which NAM is bound to one or more MDs in a restricted manner, in at least some embodiments a NAM may be authorized for use with any MD. In this embodiment, the MD is not pre-provisioned with a B-KEY specific to the NAM as the value of the subscriber identity would not be known at the time of provisioning of the MD. Rather, in this embodiment, the MD is pre-provisioned with a B-KEY that is associated to the equipment identity of the MD and, similarly, the equipment identity to B-KEY mapping would be maintained in the associated SS. In this embodiment, the MD 110 would report its equipment identity (in addition to the subscriber identity of the NAM of the MD) and the SS (e.g., challenge manipulation process 144) would use the equipment identity of the MD (rather than the subscriber identity of the NAM of the MD) in order to retrieve the associated B-KEY for the MD for use in encrypting the authentication challenge parameter during authentication of the MD. In this embodiment, the SS (e.g., challenge manipulation process 144) also performs an additional step in order to verify that the equipment identity that is reported by the MD is authorized to be used with the subscriber identity of the NAM that is reported by the MD (e.g., using a subscriber identity to equipment identity mapping table maintained by the SS, or any other suitable source of such mapping information). This verification ensures that the NAM of the MD that is being authenticated is authorized to operate in the MD (i.e., in the device having the equipment identity reported by the MD).
  • It is noted that, although primarily depicted and described herein with respect to use of the response validation capability within specific types of wireless communication networks (namely, cellular communication networks using AKA-based authentication procedures, such as 2G GSM networks, 2G, CDMA networks, 3G CDMA2000 networks, 3GPP 3G (UMTS) networks, 4G (LTE) networks, or the like), the response validation capability may be used within various other types of wireless communication networks. For example, the response validation capability may be used within a 3G CDMA2000 legacy network (e.g., where the RANDU parameter is encrypted and decrypted), a 1×EV-DO network (e.g., where the CHAP-Challenge parameter is encrypted and decrypted), or the like.
  • It is noted that, although primarily depicted and described herein with respect to use of the response validation capability within specific types of frameworks (namely, cellular-based communication networks), the response validation capability may be used within any security framework that is based on a challenge-response protocol.
  • It is noted that various embodiments of the response validation capability require modifications only to mobile devices configured to support network authentication and to the subscriber server (e.g., HLR, HSS, or the like) supporting authentication for such mobile devices, not to other elements (e.g., not to elements of the RAN, not to elements of the CN, and so forth).
  • FIG. 4 depicts a high-level block diagram of a computer suitable for use in performing functions described herein.
  • The computer 400 includes a processor 402 (e.g., a central processing unit (CPU) and/or other suitable processor(s)) and a memory 404 (e.g., random access memory (RAM), read only memory (ROM), and the like).
  • The computer 400 also may include a cooperating module/process 405. The cooperating process 405 can be loaded into memory 404 and executed by the processor 402 to implement functions as discussed herein and, thus, cooperating process 405 (including associated data structures) can be stored on a computer readable storage medium, e.g., RAM memory, magnetic or optical drive or diskette, and the like.
  • The computer 400 also may include one or more input/output devices 406 (e.g., a user input device (such as a keyboard, a keypad, a mouse, and the like), a user output device (such as a display, a speaker, and the like), an input port, an output port, a receiver, a transmitter, one or more storage devices (e.g., a tape drive, a floppy drive, a hard disk drive, a compact disk drive, and the like), or the like, as well as various combinations thereof).
  • It will be appreciated that computer 400 depicted in FIG. 4 provides a general architecture and functionality suitable for implementing functional elements described herein and/or portions of functional elements described herein. For example, the computer 400 provides a general architecture and functionality suitable for implementing one or more of MD 110, NAM 116, an element of RAN 120, a portion of an element of RAN 120, an element of CN 130, a portion of an element of CN 130, SS 140, or the like.
  • It will be appreciated that the functions depicted and described herein may be implemented in software (e.g., via implementation of software on one or more processors, for executing on a general purpose computer (e.g., via execution by one or more processors) so as to implement a special purpose computer, and the like) and/or may be implemented in hardware (e.g., using a general purpose computer, one or more application specific integrated circuits (ASIC), and/or any other hardware equivalents).
  • It is contemplated that some of the steps discussed herein as software methods may be implemented within hardware, for example, as circuitry that cooperates with the processor to perform various method steps. Portions of the functions/elements described herein may be implemented as a computer program product wherein computer instructions, when processed by a computer, adapt the operation of the computer such that the methods and/or techniques described herein are invoked or otherwise provided. Instructions for invoking the inventive methods may be stored in fixed or removable media, transmitted via a data stream in a broadcast or other signal bearing medium, and/or stored within a memory within a computing device operating according to the instructions.
  • Although various embodiments which incorporate the teachings of the present invention have been shown and described in detail herein, those skilled in the art can readily devise many other varied embodiments that still incorporate these teachings.

Claims (20)

What is claimed is:
1. A mobile device, comprising:
a memory configured to store a binding key associated with a network authentication module of the mobile device; and
a processor communicatively connected to the memory, the processor configured to:
propagate, toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with the network authentication module of the mobile device;
receive an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter;
determine, based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and
decrypt the encrypted authentication challenge parameter, using the binding key, to recover the original authentication challenge parameter.
2. The mobile device of claim 1, wherein the binding key comprises one of a pre-provisioned random number or string, a string provisioned during a bootstrapping procedure, an output of a hash function, a string, or a number.
3. The mobile device of claim 1, wherein the processor is configured to:
propagate, toward the network authentication module of the mobile device, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter.
4. The mobile device of claim 3, wherein the processor is configured to:
receive, from the network authentication module of the mobile device, an authentication response computed by the network authentication module of the mobile device based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
propagate the authentication response toward the wireless access network.
5. The mobile device of claim 1, wherein the mobile device further comprises the network authentication module of the mobile device, wherein the network authentication module of the mobile device is configured to:
receive, from the processor, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter;
compute an authentication response based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
propagate the authentication response toward the processor.
6. The mobile device of claim 5, wherein the network authentication module of the mobile device is configured to:
compute a session key based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
propagate the session key toward the processor.
7. The mobile device of claim 1, wherein the processor is configured to:
prior to receiving the authentication challenge:
propagate, toward the wireless access network, a request to attach to the wireless access network;
wherein the request to attach to the wireless access network includes the equipment identity of the mobile device and the subscriber identity of the network authentication module of the mobile device.
8. The mobile device of claim 1, wherein the equipment identity of the mobile device comprises an International Mobile Equipment Identity (IMEI) or a Mobile Equipment Identifier (MEID).
9. The mobile device of claim 1, wherein the mobile device further comprises the network authentication module of the mobile device.
10. The mobile device of claim 9, wherein the network authentication module of the mobile device comprises one of:
a device configured to be inserted within the mobile device and removed from the mobile device; or
a software module stored in the memory of the mobile device.
11. A method, comprising:
storing, by a memory of a mobile device, a binding key associated with a network authentication module of the mobile device;
propagating, by a processor of the mobile device from the mobile device toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with a network authentication module of the mobile device;
receiving, by the processor of the mobile device, an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter;
determining, by the processor of the mobile device based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and
decrypting, by the processor of the mobile device using the binding key, the encrypted authentication challenge parameter to recover the original authentication challenge parameter.
12. The method of claim 11, wherein the binding key comprises one of a pre-provisioned random number or string, a string provisioned during a bootstrapping procedure, an output of a hash function, a string, or a number.
13. The method of claim 11, further comprising:
propagating, by the processor of the mobile device toward the network authentication module of the mobile device, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter.
14. The method of claim 13, further comprising:
receiving, by the processor of the mobile device from the network authentication module of the mobile device, an authentication response computed by the network authentication module of the mobile device based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
propagating, by the processor of the mobile device, the authentication response toward the wireless access network.
15. The method of claim 11, wherein the mobile device further comprises the network authentication module of the mobile device, the method further comprising:
receiving, by the network authentication module from the processor, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter;
computing, by the network authentication module, an authentication response based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
propagating, by the network authentication module toward the processor, the authentication response.
16. The method of claim 15, further comprising:
computing, by the network authentication module, a session key based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
propagating, by the network authentication module toward the processor, the session key.
17. The method of claim 11, further comprising:
prior to receiving the authentication challenge:
propagating, by the processor of the mobile device toward the wireless access network, a request to attach to the wireless access network;
wherein the request to attach to the wireless access network includes the equipment identity of the mobile device and the subscriber identity of the network authentication module of the mobile device.
18. The method of claim 11, wherein the equipment identity of the mobile device comprises an International Mobile Equipment Identity (IMEI) or a Mobile Equipment Identifier (MEID).
19. The method of claim 11, wherein the mobile device further comprises the network authentication module of the mobile device.
20. The method of claim 19, wherein the network authentication module of the mobile device comprises one of:
a device configured to be inserted within the mobile device and removed from the mobile device; or
a software module stored in the memory of the mobile device.
US15/375,684 2012-06-20 2016-12-12 Manipulation and restoration of authentication challenge parameters in network authentication procedures Abandoned US20170093588A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/375,684 US20170093588A1 (en) 2012-06-20 2016-12-12 Manipulation and restoration of authentication challenge parameters in network authentication procedures

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/528,802 US9537663B2 (en) 2012-06-20 2012-06-20 Manipulation and restoration of authentication challenge parameters in network authentication procedures
US15/375,684 US20170093588A1 (en) 2012-06-20 2016-12-12 Manipulation and restoration of authentication challenge parameters in network authentication procedures

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/528,802 Continuation US9537663B2 (en) 2012-06-20 2012-06-20 Manipulation and restoration of authentication challenge parameters in network authentication procedures

Publications (1)

Publication Number Publication Date
US20170093588A1 true US20170093588A1 (en) 2017-03-30

Family

ID=48746657

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/528,802 Active 2032-12-06 US9537663B2 (en) 2012-06-20 2012-06-20 Manipulation and restoration of authentication challenge parameters in network authentication procedures
US15/375,684 Abandoned US20170093588A1 (en) 2012-06-20 2016-12-12 Manipulation and restoration of authentication challenge parameters in network authentication procedures

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/528,802 Active 2032-12-06 US9537663B2 (en) 2012-06-20 2012-06-20 Manipulation and restoration of authentication challenge parameters in network authentication procedures

Country Status (6)

Country Link
US (2) US9537663B2 (en)
EP (1) EP2865155B1 (en)
JP (2) JP2015525545A (en)
KR (1) KR101632946B1 (en)
CN (1) CN104521213A (en)
WO (1) WO2013192173A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180013593A1 (en) * 2016-07-11 2018-01-11 Global Unichip Corporation Unlock detector, unlock-detecting method and clock and data recovery circuit

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10013563B2 (en) * 2013-09-30 2018-07-03 Dell Products L.P. Systems and methods for binding a removable cryptoprocessor to an information handling system
JP6420352B2 (en) * 2014-02-10 2018-11-07 ゼットティーイー コーポレーションZte Corporation Triggering different devices in machine-to-machine communication systems
EP3105909A4 (en) 2014-02-10 2017-03-08 ZTE Corporation Techniques for mapping machine to machine communication to different underlying networks
EP3105911B1 (en) 2014-02-10 2020-01-29 ZTE Corporation Extending connectivity in a machine to machine communication system
US10263980B2 (en) * 2014-03-06 2019-04-16 Telefonaktiebolaget Lm Ericsson (Publ) Network node, device and methods for providing an authentication module
EP3132627B1 (en) 2014-04-17 2018-10-03 Mavenir Systems, Inc. Gsm a3/a8 authentication in an ims network
CN107113606B (en) * 2014-12-22 2020-09-29 瑞典爱立信有限公司 Method, apparatus and storage medium for communicating with a GPRS network
US10897363B2 (en) * 2015-11-17 2021-01-19 Cryptography Research, Inc. Authenticating a secondary device based on encrypted tables
EP3556051B1 (en) * 2016-12-15 2024-03-27 Saronikos Trading and Services, Unipessoal Lda Apparatuses, system, and methods for controlling an actuator through a wireless communications system
KR102381389B1 (en) 2018-12-24 2022-04-01 인천대학교 산학협력단 System and Method for Controlling Multi Factor Access Prioritized
WO2021160231A1 (en) * 2020-02-13 2021-08-19 Onomondo Aps Improved packet transfer
CN117596588B (en) * 2024-01-18 2024-03-26 中国电子科技集团公司第三十研究所 Method and device for dynamically updating long-term key of mobile communication network

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5481611A (en) * 1993-12-09 1996-01-02 Gte Laboratories Incorporated Method and apparatus for entity authentication
US5887253A (en) * 1996-03-22 1999-03-23 Bellsouth Corporation Method for activating and servicing a cellular telephone
US5953652A (en) * 1997-01-24 1999-09-14 At&T Wireless Services Inc. Detection of fraudulently registered mobile phones
US6427073B1 (en) * 1996-09-17 2002-07-30 Nokia Telecommunications Oy Preventing misuse of a copied subscriber identity in a mobile communication system
US20060291660A1 (en) * 2005-12-21 2006-12-28 Telefonaktiebolaget Lm Ericsson (Publ) SIM UICC based broadcast protection
US20080070549A1 (en) * 2005-01-30 2008-03-20 Huawei Technologies Co., Ltd. Method for Setting a Key and a Method for Setting an Inital Security Key to a Mobile Terminal
US7660417B2 (en) * 2003-09-26 2010-02-09 Telefonaktiebolaget Lm Ericsson (Publ) Enhanced security design for cryptography in mobile communication systems
US7844834B2 (en) * 2003-12-30 2010-11-30 Telecom Italia S.P.A. Method and system for protecting data, related communication network and computer program product
US20110004754A1 (en) * 2007-06-12 2011-01-06 John Michael Walker Method And Apparatuses For Authentication And Reauthentication Of A User With First And Second Authentication Procedures
US8170528B2 (en) * 2009-10-09 2012-05-01 Hewlett-Packard Development Company, L.P. Network access control
US8385953B2 (en) * 2010-06-23 2013-02-26 At&T Mobility Ii Llc Systems, methods, and computer program products for automatic mapping between parlay-X short messaging service message element XML encoding and native SMPP protocol data coding scheme
US20130155948A1 (en) * 2011-04-01 2013-06-20 Interdigital Patent Holdings, Inc. System and method for sharing a common pdp context
US8571218B2 (en) * 2010-06-01 2013-10-29 GreatCall, Inc. Short message service cipher
US8689012B1 (en) * 2008-10-17 2014-04-01 Sprint Communications Company L.P. Diagnostics for secure elements in a mobile device
US8724819B2 (en) * 2007-10-16 2014-05-13 Nokia Corporation Credential provisioning
US8989091B2 (en) * 2011-07-15 2015-03-24 Telefonaktiebolaget L M Ericsson (Publ) Dynamic enablement of M2M services over 3GPP access networks
US9112905B2 (en) * 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
US9154310B1 (en) * 2012-02-12 2015-10-06 Sypris Electronics, Llc Resilient device authentication system
US9253178B2 (en) * 2011-01-17 2016-02-02 Telefonaktiebolaget L M Ericsson Method and apparatus for authenticating a communication device

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6065120A (en) 1997-12-09 2000-05-16 Phone.Com, Inc. Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices
US7308431B2 (en) 2000-09-11 2007-12-11 Nokia Corporation System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure
FI115098B (en) 2000-12-27 2005-02-28 Nokia Corp Authentication in data communication
US7900242B2 (en) 2001-07-12 2011-03-01 Nokia Corporation Modular authentication and authorization scheme for internet protocol
US7185362B2 (en) 2001-08-20 2007-02-27 Qualcomm, Incorporated Method and apparatus for security in a data processing system
US7194765B2 (en) 2002-06-12 2007-03-20 Telefonaktiebolaget Lm Ericsson (Publ) Challenge-response user authentication
US6947725B2 (en) 2002-03-04 2005-09-20 Microsoft Corporation Mobile authentication system with reduced authentication delay
US6836670B2 (en) 2002-05-09 2004-12-28 Casabyte, Inc. Method, apparatus and article to remotely associate wireless communications devices with subscriber identities and /or proxy wireless communications devices
US7155526B2 (en) 2002-06-19 2006-12-26 Azaire Networks, Inc. Method and system for transparently and securely interconnecting a WLAN radio access network into a GPRS/GSM core network
US20030235305A1 (en) 2002-06-20 2003-12-25 Hsu Raymond T. Key generation in a communication system
AU2003272988A1 (en) 2002-10-11 2004-05-04 Matsushita Electric Industrial Co., Ltd. Identification information protection method in wlan interconnection
US7398550B2 (en) 2003-06-18 2008-07-08 Microsoft Corporation Enhanced shared secret provisioning protocol
US7940932B2 (en) 2004-04-08 2011-05-10 Texas Instruments Incorporated Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
JP2006033765A (en) 2004-07-21 2006-02-02 Sanyo Electric Co Ltd Contents utilizing information providing apparatus and contents utilizing information appreciation apparatus
JP2006085676A (en) * 2004-08-20 2006-03-30 Matsushita Electric Ind Co Ltd Encryption instruction processing apparatus
US8611536B2 (en) 2004-09-08 2013-12-17 Qualcomm Incorporated Bootstrapping authentication using distinguished random challenges
JP4786190B2 (en) 2005-02-01 2011-10-05 株式会社エヌ・ティ・ティ・ドコモ Authentication vector generation apparatus, subscriber authentication module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method
CN100428848C (en) 2005-05-31 2008-10-22 华为技术有限公司 Method for authenticating IP multi-media zone to terminal user mark module
SE532098C2 (en) 2005-08-23 2009-10-20 Smarttrust Ab Authentication system and procedure
US20090217048A1 (en) 2005-12-23 2009-08-27 Bce Inc. Wireless device authentication between different networks
EP1976322A1 (en) 2007-03-27 2008-10-01 British Telecommunications Public Limited Company An authentication method
CN102857912A (en) 2007-10-05 2013-01-02 交互数字技术公司 Method for secure channelization by using internal key center (IKC)
EP2377337B1 (en) 2008-12-15 2017-09-06 Koninklijke KPN N.V. Service-based authentication to a network
US20100318782A1 (en) * 2009-06-12 2010-12-16 Microsoft Corporation Secure and private backup storage and processing for trusted computing and data services
WO2011009496A1 (en) * 2009-07-24 2011-01-27 Telefonaktiebolaget Lm Ericsson (Publ) Terminal identifiers in a communications network
JP2011223495A (en) 2010-04-14 2011-11-04 Sony Corp Information processor and method, and program
US8346287B2 (en) * 2011-03-31 2013-01-01 Verizon Patent And Licensing Inc. Provisioning mobile terminals with a trusted key for generic bootstrap architecture
US9450759B2 (en) 2011-04-05 2016-09-20 Apple Inc. Apparatus and methods for controlling distribution of electronic access clients
US10044713B2 (en) 2011-08-19 2018-08-07 Interdigital Patent Holdings, Inc. OpenID/local openID security

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5481611A (en) * 1993-12-09 1996-01-02 Gte Laboratories Incorporated Method and apparatus for entity authentication
US5887253A (en) * 1996-03-22 1999-03-23 Bellsouth Corporation Method for activating and servicing a cellular telephone
US6427073B1 (en) * 1996-09-17 2002-07-30 Nokia Telecommunications Oy Preventing misuse of a copied subscriber identity in a mobile communication system
US5953652A (en) * 1997-01-24 1999-09-14 At&T Wireless Services Inc. Detection of fraudulently registered mobile phones
US7660417B2 (en) * 2003-09-26 2010-02-09 Telefonaktiebolaget Lm Ericsson (Publ) Enhanced security design for cryptography in mobile communication systems
US7844834B2 (en) * 2003-12-30 2010-11-30 Telecom Italia S.P.A. Method and system for protecting data, related communication network and computer program product
US20080070549A1 (en) * 2005-01-30 2008-03-20 Huawei Technologies Co., Ltd. Method for Setting a Key and a Method for Setting an Inital Security Key to a Mobile Terminal
US20060291660A1 (en) * 2005-12-21 2006-12-28 Telefonaktiebolaget Lm Ericsson (Publ) SIM UICC based broadcast protection
US20110004754A1 (en) * 2007-06-12 2011-01-06 John Michael Walker Method And Apparatuses For Authentication And Reauthentication Of A User With First And Second Authentication Procedures
US8724819B2 (en) * 2007-10-16 2014-05-13 Nokia Corporation Credential provisioning
US8689012B1 (en) * 2008-10-17 2014-04-01 Sprint Communications Company L.P. Diagnostics for secure elements in a mobile device
US8170528B2 (en) * 2009-10-09 2012-05-01 Hewlett-Packard Development Company, L.P. Network access control
US8571218B2 (en) * 2010-06-01 2013-10-29 GreatCall, Inc. Short message service cipher
US8385953B2 (en) * 2010-06-23 2013-02-26 At&T Mobility Ii Llc Systems, methods, and computer program products for automatic mapping between parlay-X short messaging service message element XML encoding and native SMPP protocol data coding scheme
US9112905B2 (en) * 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
US9253178B2 (en) * 2011-01-17 2016-02-02 Telefonaktiebolaget L M Ericsson Method and apparatus for authenticating a communication device
US20130155948A1 (en) * 2011-04-01 2013-06-20 Interdigital Patent Holdings, Inc. System and method for sharing a common pdp context
US8989091B2 (en) * 2011-07-15 2015-03-24 Telefonaktiebolaget L M Ericsson (Publ) Dynamic enablement of M2M services over 3GPP access networks
US9154310B1 (en) * 2012-02-12 2015-10-06 Sypris Electronics, Llc Resilient device authentication system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180013593A1 (en) * 2016-07-11 2018-01-11 Global Unichip Corporation Unlock detector, unlock-detecting method and clock and data recovery circuit
US9942062B2 (en) * 2016-07-11 2018-04-10 Global Unichip Corporation Unlock detector, unlock-detecting method and clock and data recovery circuit

Also Published As

Publication number Publication date
JP2017192134A (en) 2017-10-19
CN104521213A (en) 2015-04-15
KR20150013821A (en) 2015-02-05
EP2865155A1 (en) 2015-04-29
US9537663B2 (en) 2017-01-03
WO2013192173A1 (en) 2013-12-27
US20130343538A1 (en) 2013-12-26
KR101632946B1 (en) 2016-07-08
EP2865155B1 (en) 2017-01-18
JP2015525545A (en) 2015-09-03

Similar Documents

Publication Publication Date Title
US20170093588A1 (en) Manipulation and restoration of authentication challenge parameters in network authentication procedures
RU2722508C1 (en) Subscriber subscription concealed identifier
KR102369847B1 (en) Subscriber identification module pooling
JP6492115B2 (en) Encryption key generation
US9788209B2 (en) Apparatus and methods for controlling distribution of electronic access clients
US9432349B2 (en) Service access authentication method and system
US10356614B2 (en) Secure electronic subscriber identity module (eSIM) restoration
EP3657835B1 (en) Access method of user equipment, user equipment and computer-readable storage medium
US20060206710A1 (en) Network assisted terminal to SIM/UICC key establishment
KR102173534B1 (en) Methods for providing information of mobile network operator and apparatus for performing the same
WO2018076740A1 (en) Data transmission method and related device
US20140153722A1 (en) Restricting use of mobile subscriptions to authorized mobile devices
CA3137389A1 (en) Parameter sending method and apparatus
US8700907B2 (en) Use of mobile communication network credentials to protect the transfer of posture data
US20230023665A1 (en) Privacy information transmission method, apparatus, computer device and computer-readable medium
NZ618957B2 (en) Service access authentication method and system

Legal Events

Date Code Title Description
AS Assignment

Owner name: ALCATEL-LUCENT USA INC., NEW JERSEY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MIZIKOVSKY, SEMYON;BROUSTIS, IOANNIS;CAKULEV, VIOLETA;SIGNING DATES FROM 20120622 TO 20120716;REEL/FRAME:040709/0387

AS Assignment

Owner name: PROVENANCE ASSET GROUP LLC, CONNECTICUT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NOKIA TECHNOLOGIES OY;NOKIA SOLUTIONS AND NETWORKS BV;ALCATEL LUCENT SAS;REEL/FRAME:043877/0001

Effective date: 20170912

Owner name: NOKIA USA INC., CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNORS:PROVENANCE ASSET GROUP HOLDINGS, LLC;PROVENANCE ASSET GROUP LLC;REEL/FRAME:043879/0001

Effective date: 20170913

Owner name: CORTLAND CAPITAL MARKET SERVICES, LLC, ILLINOIS

Free format text: SECURITY INTEREST;ASSIGNORS:PROVENANCE ASSET GROUP HOLDINGS, LLC;PROVENANCE ASSET GROUP, LLC;REEL/FRAME:043967/0001

Effective date: 20170913

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: NOKIA US HOLDINGS INC., NEW JERSEY

Free format text: ASSIGNMENT AND ASSUMPTION AGREEMENT;ASSIGNOR:NOKIA USA INC.;REEL/FRAME:048370/0682

Effective date: 20181220

AS Assignment

Owner name: PROVENANCE ASSET GROUP LLC, CONNECTICUT

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CORTLAND CAPITAL MARKETS SERVICES LLC;REEL/FRAME:058983/0104

Effective date: 20211101

Owner name: PROVENANCE ASSET GROUP HOLDINGS LLC, CONNECTICUT

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CORTLAND CAPITAL MARKETS SERVICES LLC;REEL/FRAME:058983/0104

Effective date: 20211101

Owner name: PROVENANCE ASSET GROUP LLC, CONNECTICUT

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:NOKIA US HOLDINGS INC.;REEL/FRAME:058363/0723

Effective date: 20211129

Owner name: PROVENANCE ASSET GROUP HOLDINGS LLC, CONNECTICUT

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:NOKIA US HOLDINGS INC.;REEL/FRAME:058363/0723

Effective date: 20211129

AS Assignment

Owner name: RPX CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PROVENANCE ASSET GROUP LLC;REEL/FRAME:059352/0001

Effective date: 20211129