WO2008048179A3 - Cryptographic key management in communication networks - Google Patents

Cryptographic key management in communication networks Download PDF

Info

Publication number
WO2008048179A3
WO2008048179A3 PCT/SE2007/050734 SE2007050734W WO2008048179A3 WO 2008048179 A3 WO2008048179 A3 WO 2008048179A3 SE 2007050734 W SE2007050734 W SE 2007050734W WO 2008048179 A3 WO2008048179 A3 WO 2008048179A3
Authority
WO
WIPO (PCT)
Prior art keywords
access
keys
transformation
key
networks
Prior art date
Application number
PCT/SE2007/050734
Other languages
French (fr)
Other versions
WO2008048179A2 (en
Inventor
Rolf Blom
Mats Naeslund
Karl Norrman
Original Assignee
Ericsson Telefon Ab L M
Rolf Blom
Mats Naeslund
Karl Norrman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ericsson Telefon Ab L M, Rolf Blom, Mats Naeslund, Karl Norrman filed Critical Ericsson Telefon Ab L M
Priority to CA002666384A priority Critical patent/CA2666384A1/en
Priority to CN2007800383825A priority patent/CN101523797B/en
Priority to JP2009533280A priority patent/JP5216014B2/en
Priority to AU2007313523A priority patent/AU2007313523B2/en
Priority to EP07835319.0A priority patent/EP2074739A4/en
Publication of WO2008048179A2 publication Critical patent/WO2008048179A2/en
Publication of WO2008048179A3 publication Critical patent/WO2008048179A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Abstract

An authentication server and a system and method for managing cryptographic keys across different combinations of user terminals, access networks, and core networks. A Transformation Coder Entity, TCE, (25) creates a master key, Mk, which is used to derive keys during the authentication procedure. During handover between the different access types, the Mk or a transformed Mk is passed between two authenticator nodes (42, 43, 44) that hold the key in the respective access networks when a User Equipment, UE, terminal (41, 51, 52, 53) changes access. The transformation of the Mk is performed via a one-way function, and has the effect that if the Mk is somehow compromised, it is not possible to automatically obtain access to previously used master keys. The transformation is performed based on the type of authenticator node and type of UE/identity module with which the transformed key is to be utilized. The Mk is never used directly, but is only used to derive the keys that are directly used to protect the access link.
PCT/SE2007/050734 2006-10-18 2007-10-11 Cryptographic key management in communication networks WO2008048179A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CA002666384A CA2666384A1 (en) 2006-10-18 2007-10-11 Cryptographic key management in communication networks
CN2007800383825A CN101523797B (en) 2006-10-18 2007-10-11 Cryptographic key management in communication networks
JP2009533280A JP5216014B2 (en) 2006-10-18 2007-10-11 Encryption key management in communication networks
AU2007313523A AU2007313523B2 (en) 2006-10-18 2007-10-11 Cryptographic key management in communication networks
EP07835319.0A EP2074739A4 (en) 2006-10-18 2007-10-11 Cryptographic key management in communication networks

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US82995406P 2006-10-18 2006-10-18
US60/829,954 2006-10-18
US11/857,621 US8094817B2 (en) 2006-10-18 2007-09-19 Cryptographic key management in communication networks
US11/857,621 2007-09-19

Publications (2)

Publication Number Publication Date
WO2008048179A2 WO2008048179A2 (en) 2008-04-24
WO2008048179A3 true WO2008048179A3 (en) 2008-06-19

Family

ID=39314487

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2007/050734 WO2008048179A2 (en) 2006-10-18 2007-10-11 Cryptographic key management in communication networks

Country Status (8)

Country Link
US (1) US8094817B2 (en)
EP (1) EP2074739A4 (en)
JP (1) JP5216014B2 (en)
KR (1) KR20090067185A (en)
CN (1) CN101523797B (en)
AU (1) AU2007313523B2 (en)
CA (1) CA2666384A1 (en)
WO (1) WO2008048179A2 (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
HUE048727T2 (en) * 2006-12-28 2020-08-28 Nokia Technologies Oy Handover of circuit-switched call to packet-switched call and vice versa
CN101400059B (en) * 2007-09-28 2010-12-08 华为技术有限公司 Cipher key updating method and device under active state
CN101399767B (en) 2007-09-29 2011-04-20 华为技术有限公司 Method, system and apparatus for security capability negotiation during terminal moving
US8819765B2 (en) 2008-01-22 2014-08-26 Telefonaktiebolaget L M Ericsson (Publ) Security policy distribution to communication terminals
CN101953204B (en) * 2008-02-21 2013-04-10 上海贝尔股份有限公司 Method, user equipment and communication system for inter-RAT handover in 3G LTE
ES2447546T3 (en) 2008-04-11 2014-03-12 Telefonaktiebolaget L M Ericsson (Publ) Access through non-3GPP access networks
CN101267668B (en) * 2008-04-16 2015-11-25 中兴通讯股份有限公司 Key generation method, Apparatus and system
CN102595525B (en) * 2008-04-28 2016-03-30 华为技术有限公司 The successional method, system and device of a kind of maintenance customer service
US9706395B2 (en) * 2008-04-28 2017-07-11 Nokia Technologies Oy Intersystem mobility security context handling between different radio access networks
US9928379B1 (en) 2008-09-08 2018-03-27 Steven Miles Hoffer Methods using mediation software for rapid health care support over a secured wireless network; methods of composition; and computer program products therefor
JP4435254B1 (en) * 2008-10-22 2010-03-17 株式会社エヌ・ティ・ティ・ドコモ Mobile communication method and switching center
JP5113717B2 (en) * 2008-10-27 2013-01-09 Kddi株式会社 Mobile communication network system
US9742560B2 (en) 2009-06-11 2017-08-22 Microsoft Technology Licensing, Llc Key management in secure network enclaves
US8352741B2 (en) * 2009-06-11 2013-01-08 Microsoft Corporation Discovery of secure network enclaves
CN101945384B (en) * 2009-07-09 2013-06-12 中兴通讯股份有限公司 Method, device and system for processing safe key in reconnection of RRC (Radio Resource Control)
US8443431B2 (en) * 2009-10-30 2013-05-14 Alcatel Lucent Authenticator relocation method for WiMAX system
CN102055747B (en) * 2009-11-06 2014-09-10 中兴通讯股份有限公司 Method for acquiring key management server information, and monitoring method, system and equipment
US8307097B2 (en) * 2009-12-18 2012-11-06 Tektronix, Inc. System and method for automatic discovery of topology in an LTE/SAE network
US8848916B2 (en) 2010-04-15 2014-09-30 Qualcomm Incorporated Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node
SG184442A1 (en) * 2010-04-15 2012-11-29 Qualcomm Inc Apparatus and method for signaling enhanced security context for session encryption and integrity keys
US9084110B2 (en) 2010-04-15 2015-07-14 Qualcomm Incorporated Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network
KR101474094B1 (en) 2010-04-16 2014-12-17 퀄컴 인코포레이티드 Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node
CN101835154B (en) * 2010-04-20 2016-03-30 中兴通讯股份有限公司 A kind of method and system setting up the air interface key of enhancing
CN102378168B (en) * 2010-08-17 2016-02-10 中兴通讯股份有限公司 The method of multisystem core net notice key and multisystem network
CN102378167B (en) * 2010-08-17 2015-11-25 中兴通讯股份有限公司 Safety information acquisition method and multisystem network
WO2012149982A1 (en) * 2011-05-05 2012-11-08 Telefonaktiebolaget L M Ericsson (Publ) Security mechanism for mobile users
US10433161B2 (en) * 2012-01-30 2019-10-01 Telefonaktiebolaget Lm Ericsson (Publ) Call handover between cellular communication system nodes that support different security contexts
DE102012020987A1 (en) * 2012-10-25 2014-04-30 Giesecke & Devrient Gmbh A method for securely managing subscriber identity data
KR101672663B1 (en) * 2013-01-11 2016-11-03 엘지전자 주식회사 Method and apparatus for applying security information in wireless communication system
CN104937965B (en) * 2013-01-22 2019-09-03 华为技术有限公司 The method and the network equipment of the safety certification of mobile communication system
WO2014113921A1 (en) * 2013-01-22 2014-07-31 华为技术有限公司 Method and network device for security authentication of mobile communication system
CN103973651B (en) * 2013-02-01 2018-02-27 腾讯科技(深圳)有限公司 Setting, querying method and device are identified based on the account password of salt cryptographic libraries is added
MX363294B (en) * 2013-12-24 2019-03-19 Nec Corp Apparatus, system and method for sce.
US9992670B2 (en) 2014-08-12 2018-06-05 Vodafone Ip Licensing Limited Machine-to-machine cellular communication security
GB2529391A (en) * 2014-08-12 2016-02-24 Vodafone Ip Licensing Ltd Machine-to-machine cellular communication security
US9883385B2 (en) * 2015-09-15 2018-01-30 Qualcomm Incorporated Apparatus and method for mobility procedure involving mobility management entity relocation
US20170118635A1 (en) * 2015-10-26 2017-04-27 Nokia Solutions And Networks Oy Key separation for local evolved packet core
US10887295B2 (en) * 2016-10-26 2021-01-05 Futurewei Technologies, Inc. System and method for massive IoT group authentication
WO2018125020A1 (en) * 2016-12-29 2018-07-05 Limited Liability Company "Innovation Development Hub" Cryptographic transformation device
FR3077175A1 (en) * 2018-01-19 2019-07-26 Orange TECHNIQUE FOR DETERMINING A KEY FOR SECURING COMMUNICATION BETWEEN USER EQUIPMENT AND AN APPLICATION SERVER
CN108966217B (en) * 2018-08-29 2022-05-17 焦作市数据安全工程研究中心 Secret communication method, mobile terminal and secret gateway
CA3169639A1 (en) * 2020-02-05 2021-08-12 Quantum Digital Solutions Corporation Information theory genomics-enabled hyper-scalability
US11562057B2 (en) 2020-02-05 2023-01-24 Quantum Digital Solutions Corporation Ecosystem security platforms for enabling data exchange between members of a digital ecosystem using digital genomic data sets
JP2024507719A (en) 2021-02-04 2024-02-21 クアンタム デジタル ソリューションズ コーポレーション Ciphergenics-based ecosystem security platform

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050254653A1 (en) * 2004-05-14 2005-11-17 Proxim Corporation Pre-authentication of mobile clients by sharing a master key among secured authenticators

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1273126A1 (en) * 2000-04-06 2003-01-08 Nokia Corporation Method and system for generating a sequence number to be used for authentication
US7607015B2 (en) * 2002-10-08 2009-10-20 Koolspan, Inc. Shared network access using different access keys
US7774828B2 (en) * 2003-03-31 2010-08-10 Alcatel-Lucent Usa Inc. Methods for common authentication and authorization across independent networks
JP3968329B2 (en) * 2003-07-25 2007-08-29 ソフトバンクモバイル株式会社 Generation information notification method of information communication terminal, generation information management server, and information communication terminal
JP2005341290A (en) * 2004-05-27 2005-12-08 Keio Gijuku Communications system, and radio communications device
US7908484B2 (en) * 2003-08-22 2011-03-15 Nokia Corporation Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
CN1857024B (en) * 2003-09-26 2011-09-28 艾利森电话股份有限公司 Enhanced security design for cryptography in mobile communication systems
EP1531645A1 (en) * 2003-11-12 2005-05-18 Matsushita Electric Industrial Co., Ltd. Context transfer in a communication network comprising plural heterogeneous access networks
US7675885B2 (en) * 2003-12-03 2010-03-09 Qualcomm Incorporated Methods and apparatus for CDMA2000/GPRS roaming
US7773554B2 (en) * 2003-12-03 2010-08-10 John Wallace Nasielski Methods and apparatus for CDMA2000/GPRS roaming
US7546459B2 (en) * 2004-03-10 2009-06-09 Telefonaktiebolaget L M Ericsson (Publ) GSM-like and UMTS-like authentication in a CDMA2000 network environment
GB0423301D0 (en) * 2004-10-20 2004-11-24 Fujitsu Ltd User authorization for services in a wireless communications network
AU2005306523B2 (en) * 2004-11-02 2010-04-08 Blackberry Limited Generic access network (GAN) controller selection in PLMN environment
JP4703238B2 (en) * 2004-12-15 2011-06-15 パナソニック株式会社 Wireless network control device, wireless LAN relay device, wireless communication system, and communication method of wireless communication system
FI20050384A0 (en) * 2005-04-14 2005-04-14 Nokia Corp Use of generic authentication architecture for distribution of Internet protocol keys in mobile terminals
CN100550725C (en) * 2005-06-17 2009-10-14 中兴通讯股份有限公司 The method of a kind of user and application server negotiating about cipher key shared
JP4984020B2 (en) * 2005-08-19 2012-07-25 日本電気株式会社 Communication system, node, authentication server, communication method and program thereof
US8578159B2 (en) * 2006-09-07 2013-11-05 Motorola Solutions, Inc. Method and apparatus for establishing security association between nodes of an AD HOC wireless network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050254653A1 (en) * 2004-05-14 2005-11-17 Proxim Corporation Pre-authentication of mobile clients by sharing a master key among secured authenticators

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "Requirements on SAE/LTE AKA", S3-060476, 3GPP TSG SA WG3 SECURITY - SA3#44, 11 July 2006 (2006-07-11) - 14 July 2006 (2006-07-14), XP003022043, Retrieved from the Internet <URL:http://www.3gpp.org> *
NEITTAANMAKI P. ET AL: "European Congress on Computational Methods in Applied Sciences and Engineering", 24 July 2004, JYVASKYLA, article NYBERG K.: "Chryptographic algorithms for UMTS", pages: 1 - 18, XP003022045 *
NOKIA ET AL.: "Updated version of Rationale and track of security decisions in Long Term Evolved RAN/3GPP System Architecture Evolution", 3GPP TSG SA WG3 SECURITY-SA3#44, S3-060564, TALLIN, ESTONIA, 11 July 2006 (2006-07-11) - 14 July 2006 (2006-07-14), XP003022044 *

Also Published As

Publication number Publication date
EP2074739A4 (en) 2014-08-06
CN101523797A (en) 2009-09-02
WO2008048179A2 (en) 2008-04-24
US20080095362A1 (en) 2008-04-24
CA2666384A1 (en) 2008-04-24
AU2007313523B2 (en) 2011-04-07
JP5216014B2 (en) 2013-06-19
KR20090067185A (en) 2009-06-24
CN101523797B (en) 2012-02-15
AU2007313523A1 (en) 2008-04-24
US8094817B2 (en) 2012-01-10
JP2010507325A (en) 2010-03-04
EP2074739A2 (en) 2009-07-01

Similar Documents

Publication Publication Date Title
WO2008048179A3 (en) Cryptographic key management in communication networks
Chen et al. Lightweight and provably secure user authentication with anonymity for the global mobility network
EP1394982B1 (en) Methods and apparatus for secure data communication links
CN103533539B (en) Virtual SIM card parameter management method and device
WO2006107513A3 (en) Methods and systems for exchanging security information via peer-to-peer wireless networks
Jiang et al. An efficient scheme for user authentication in wireless sensor networks
US7689211B2 (en) Secure login method for establishing a wireless local area network connection, and wireless local area network system
ATE513403T1 (en) SYSTEM AND METHOD FOR PROVISIONING AND AUTHENTICATION OVER A NETWORK
TW200704100A (en) Encryption communication method and system
US8656171B2 (en) Method, apparatus, and system for configuring key
WO2009031112A3 (en) Node for a network and method for establishing a distributed security architecture for a network
CN108683510A (en) A kind of user identity update method of encrypted transmission
WO2005065132A3 (en) System, method, and devices for authentication in a wireless local area network (wlan)
CA2335172A1 (en) Secure mutual network authentication and key exchange protocol
WO2007005101A3 (en) System and method for establishing a shared key between network peers
CN102013975B (en) Secret key management method and system
CN112671798A (en) Service request method, device and system in Internet of vehicles
WO2007084863A3 (en) Privacy protection in communication systems
CN105262591A (en) Data-based network communication implementation method
WO2009065923A3 (en) Method and apparatus for establishing a cryptographic relationship in a mobile communications network
US20090259849A1 (en) Methods and Apparatus for Authenticated User-Access to Kerberos-Enabled Applications Based on an Authentication and Key Agreement (AKA) Mechanism
CN105553979A (en) Encryption publishing method for privacy information in smart power grid
CN103581202B (en) The trade company of identity-based authentication platform makes board cross-certification method
Ortiz-Yepes Balsa: Bluetooth low energy application layer security add-on
Qi et al. TBVPAKE: An efficient and provably secure verifier-based PAKE protocol for IoT applications

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780038382.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07835319

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
REEP Request for entry into the european phase

Ref document number: 2007835319

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007835319

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2009533280

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2666384

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2007313523

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 1020097007876

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2007313523

Country of ref document: AU

Date of ref document: 20071011

Kind code of ref document: A