Recherche dans les collections de brevets nationales et internationales
Une partie du contenu de cette demande n'est pas disponible pour le moment.
Si cette situation persiste, contactez-nous auObservations et contact
1. (WO2015177397) AUTHENTIFICATION DE RÉSEAU CELLULAIRE
Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

CLAIMS

I . A method in a cellular terminal, comprising:

transmitting a request that requires authentication procedure triggering to a cellular network and responsively receiving from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms;

decoding the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal; based on the decoded authentication request, the shared secret and the selected cryptographic algorithm, producing and encrypting an authentication response message; and

transmitting the authentication response message to the cellular network. 2. The method of claim 1 , wherein the request that requires authentication procedure triggering is a network registration request.

3. The method of claim 1 , wherein the request that requires authentication procedure triggering is a routing area request.

4. The method of claim 1 , wherein the request that requires authentication procedure triggering is a tracking area update request.

5. The method of any of preceding claims, wherein the authentication request message is received from a mobility management entity.

6. The method of any of preceding claims, wherein the authentication response message is transmitted to the mobility management entity.

7. The method of any of preceding claims, wherein the authentication request message is an authentication request of an evolved packet system architecture.

8. The method of any of preceding claims, wherein the cellular terminal comprises a security entity.

9. The method of claim 8, wherein the security entity comprises a secure element and a subscriber identity application.

10. The method of claim 9, wherein the secure element is removable or embedded or integrated in an existing processor architecture.

I I . The method of any of preceding claims, wherein the cellular terminal comprises user equipment.

12. The method of claim 1 1 , wherein the user equipment is configured to perform communications over radio interface with a base station.

13. The method of claim 1 1 or 12, wherein the user equipment is selected from a group consisting of: a mobile terminal; a laptop computer; a vehicle; a car; a car key; a portable device; a handheld electronic device; and a single or multifunction device with cellular radio capability.

14. The method of any of preceding claims, wherein the cellular terminal comprises a security entity that is configured to decode authentication requests and to produce authentication responses.

15. The method of any of preceding claims, wherein the cryptographic algorithms are selected from a group consisting of MILENAGE; 128 bit TUAK; and 256 bit TUAK.

16. The method of any of preceding claims, wherein the authentication request message is an extended authentication request message.

17. The method of claim 16, wherein the extended authentication request comprises a message type indication that is configured to cause legacy terminals to neglect the extended authentication request message.

18. The method of claim 16 or 17, wherein the extended authentication request comprises a field configured to accommodate a 256 bit authentication token, AUTN.

19. The method of claim 16 or 17, wherein the extended authentication request comprises an authentication token that comprises 128 bits, 192 bits, 256 bits or 320 bits.

20. The method of any of claims 16 to 19, wherein the authentication token comprises a sequence number, SQN.

21 . The method of claim 2017, wherein the sequence number consists of 48 bits.

22. The method of any of claims 16 to 21 , wherein the authentication token comprises an anonymity key, AK.

23. The method of claim 2217, wherein the anonymity key consists of 48 bits. 24. The method of any of claims 16 to 23, wherein the authentication token comprises an authentication management field, AMF.

25. The method of claim 24, wherein the authentication management field consists of 16 bits.

26. The method of claim 24 or 25, wherein the authentication management field

comprises 7 spare bits.

27. The method of claim 26, wherein the spare bits indicate cryptography adaptation information.

28. The method of any of claims 16 to 27, wherein the authentication token comprises a challenge, RAND.

29. The method of claim 28, wherein the challenge consists of 128 bits.

30. The method of any of preceding claims, wherein the cellular authentication employs a cipher key, CK.

31 . The method of claim 30, wherein the cipher key consists of 64 bits, 128 bits or 256 bits.

32. The method of any of preceding claims, wherein the cellular authentication employs an integrity key, IK.

33. The method of claim 32, wherein the integrity key consists of 64 bits, 128 bits or 256 bits.

34. The method of any of preceding claims, wherein the cellular authentication employs a response parameter, RES.

35. The method of claim 34, wherein the response parameter consists of 32 bits, 64 bits, 128 bits or 256 bits.

36. The method of any of preceding claims, wherein the authentication request message is an updated authentication request.

37. The method of claim 36, wherein the updated authentication request comprises an identifier for indicating which cryptographic algorithm is being used for the authentication.

38. The method of claim 37, wherein the identifier is a new field in addition to those in the normal authentication request.

39. The method of claim 37, wherein the identifier is contained in one or more bits of an authentication management field, AMF.

40. The method of any of preceding claims, wherein the authentication request message comprises a protocol discriminator.

41 . The method of any of preceding claims, wherein the authentication request message comprises a security header type.

42. The method of any of preceding claims, wherein the authentication request message comprises a non-access stratum key set identifier.

43. The method of any of preceding claims, wherein the authentication request message comprises a spare half octet.

44. The method of any of preceding claims, wherein the authentication request message comprises a challenge, RAND.

45. The method of any of preceding claims, wherein the authentication response message comprises a message type indication.

46. The method of claim 45, wherein the message type indication identifies the authentication response message as an extended authentication response message.

47. The method of claim 45 or 46, wherein the message type indication matches with that of a normal authentication response message.

48. The method of claim 46, wherein the extended authentication response message comprises a variable length authentication response parameter, RES.

49. The method of claim 48, wherein the authentication response parameter has a length selected from a group consisting of any one or more of: 32 bits, 64 bits, 128 bits or 256 bits.

50. The method of any of preceding claims, wherein the authentication response message is provided with a new information element in comparison the normal authentication response message.

51 . The method of claim 50, wherein the new information element is configured to accommodate a 128 bit or a 256 bit authentication response parameter.

52. The method of any of preceding claims, wherein the authentication response message comprises an extended authentication response parameter field that is configured to accommodate a 128 bit or a 256 bit authentication response parameter.

53. The method of any of preceding claims, wherein the authentication response message comprises a cryptography algorithm indication.

54. A method comprising:

identifying a selected cryptographic algorithm for use by a cellular terminal for authentication of the cellular terminal;

obtaining network credentials corresponding to the selected cryptographic algorithm for the authentication of the cellular terminal;

transmitting to the cellular terminal an authentication request message with an indication of the selected cryptographic algorithm;

receiving an authentication response message from the cellular terminal; decoding the authentication response message according to the selected

cryptographic algorithm; and

determining, based on the network credentials and the decoded authentication response message, whether authentication of the cellular terminal is successful or not successful.

55. The method of claim 54 performed by a mobility management entity.

56. The method of claim 54 or 55, wherein the authentication request is an authentication request of an evolved packet system architecture.

57. The method of any of claims 54 to 56, wherein the cryptographic algorithm is selected from a plurality of cryptographic algorithms.

58. The method of any of claims 54 to 56, wherein the cryptographic algorithm is selected from a plurality of cryptographic algorithms consisting of MILENAGE; 128 bit TUAK; and 256 bit TUAK.

59. The method of any of claims 54 to 58, wherein the identifying of the selected cryptographic algorithm for use by a cellular terminal for authentication of the cellular terminal is performed by the mobility management entity.

60. The method of any of claims 54 to 59, comprising determining if the cellular terminal fails to timely produce a successful response message and subsequently sending a new authentication request message using the selected cryptographic algorithm or selecting another cryptographic algorithm and sending a new authentication request sending a new authentication request message.

61 . The method of any of claims 54 to 60, wherein the identifying of the selected cryptographic algorithm for use by a cellular terminal for authentication of the cellular terminal is performed by a home subscriber server.

62. The method of any of claims 54 to 61 , wherein the transmitting to the cellular terminal of the authentication request message is performed using an extended authentication request message.

63. The method of claim 62, wherein the extended authentication request comprises a message type indication that is configured to cause legacy terminals to neglect the extended authentication request message.

64. The method of claim 62 or 63, wherein the method comprises transmitting the extended authentication request, if the selected cryptographic algorithm use results in data fields the total length of which exceeds the length of a normal authentication request.

65. The method of any of claims 62 to 64, wherein the extended authentication

request comprises a field configured to accommodate a 256 bit authentication token, AUTN.

66. The method of any of claims 54 to 65, wherein the transmitting to the cellular terminal of the authentication request message is performed by using an updated authentication request.

67. The method of claim 66, wherein the updated authentication request comprises an identifier for indicating which cryptographic algorithm is being used for the authentication.

68. The method of claim 67, wherein the identifier is added as a new field in addition to those in the normal authentication request.

69. The method of claim 67, wherein the identifier is contained in one or more bits of an authentication management field, AMF.

70. The method of claim 65, wherein the authentication token comprises 128 bits, 192 bits, 256 bits or 320 bits.

71 . The method of claim 65 or 70, wherein the authentication token comprises a sequence number, SQN.

72. The method of claim 71 , wherein the sequence number consists of 48 bits.

73. The method of claim 65 or any of claims 70 to 72, wherein the authentication token comprises an anonymity key, AK.

74. The method of claim 73, wherein the anonymity key consists of 48 bits.

75. The method of claim 65 or any of claims 70 to 74, wherein the authentication token comprises an authentication management field, AMF.

76. The method of claim 75, wherein the authentication management field consists of 16 bits.

77. The method of claim 76, wherein the authentication management field comprises 7 spare bits.

78. The method of claim 77, wherein the spare bits are used to indicate cryptography adaptation information.

79. The method of claim 65 or any of claims 70 to 78, wherein the authentication token comprises a challenge, RAND.

80. The method of claim 79, wherein the challenge consists of 128 bits.

81 . The method of any of claims 54 to 80, wherein the cellular authentication employs a cipher key, CK.

82. The method of claim 81 , wherein the cipher key consists of 64 bits, 128 bits or 256 bits.

83. The method of any of claims 54 to 82, wherein the cellular authentication employs an integrity key, IK.

84. The method of claim 83, wherein the integrity key consists of 64 bits, 128 bits or 256 bits.

85. The method of any of claims 54 to 84, wherein the cellular authentication employs a response parameter, RES.

86. The method of claim 85, wherein the response parameter consists of 32 bits, 64 bits, 128 bits or 256 bits.

87. The method of any of claims 54 to 86, wherein the authentication request message comprises a protocol discriminator.

88. The method of any of claims 54 to 87, wherein the authentication request message comprises a security header type.

89. The method of any of claims 54 to 88, wherein the authentication request message comprises a non-access stratum key set identifier.

90. The method of any of claims 54 to 89, wherein the authentication request message comprises a spare half octet.

91 . The method of any of claims 54 to 90, wherein the authentication request message comprises a challenge, RAND. The authentication request message comprises an authentication token, AUTN.

92. The method of any of claims 54 to 91 , wherein the authentication response message comprises a message type indication that identifies the authentication response message as an extended authentication response message.

93. The method of any of claims 54 to 92, wherein the extended authentication response message comprises a variable length authentication response parameter,

RES.

94. The method of claim 93, wherein the authentication response parameter has a length selected from a group consisting of any one or more of: 32 bits, 64 bits, 128 bits or 256 bits.

95. A process comprising the method of any of claims 1 to 53 and the method of any of claims 54 to 94.

96. An apparatus comprising at least one memory and processor that are collectively configured to cause the apparatus to perform the method of any of claims 1 to 53.

97. An apparatus comprising at least one memory and processor that are collectively configured to cause the apparatus to perform the method of any of claims 54 to 94.

98. An apparatus comprising means for performing the method of any of claims 1 to 53.

99. An apparatus comprising means for performing the method of any of claims 54 to 94.

100. A system comprising the apparatus of claim 96 or 98 and the apparatus of claim 97 or 99.

101 . A computer program comprising computer executable program code configured to execute the method of any of claims 1 to 94.

102. A non-transitory computer readable memory medium comprising the computer program of claim 101 .