US20030235305A1 - Key generation in a communication system - Google Patents
Key generation in a communication system Download PDFInfo
- Publication number
- US20030235305A1 US20030235305A1 US10/177,017 US17701702A US2003235305A1 US 20030235305 A1 US20030235305 A1 US 20030235305A1 US 17701702 A US17701702 A US 17701702A US 2003235305 A1 US2003235305 A1 US 2003235305A1
- Authority
- US
- United States
- Prior art keywords
- access
- msk
- authentication
- key
- communication system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access, e.g. scheduled or random access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Abstract
A communication system generates a Master Session Key (MSK) for accesses to a system entity that does not provide encryption to traffic. Both the home server and the user generate the same MSK. The MSK is used to generate encryption keys for traffic. In one embodiment the MSK is generated using a hashing function and information specific to the requestor. The home server determines the need to generate the MSK based on information contained in an access request message. Once generated, the MSK is provided to the system entity to enable the entity to encrypt communications.
Description
- The present Application for Patent is related to the following co-pending Applications for Patent:
- “Authentication in a Communication System,” by Raymond Hsu, filed concurrently herewith, having Attorney Docket No. 020499, assigned to the assignee hereof and hereby expressly incorporated by reference; and
- “Inter-working Function for a Communication System,” by Raymond Hsu, filed concurrently herewith, having Attorney Docket No. 020503, assigned to the assignee hereof and hereby expressly incorporated by reference.
- 1. Field
- The present relates to an inter-working function for a communication system, and more specifically to mechanisms for common authentication and key exchange through an inter-working function for use in a Wireless Local Area Network (WLAN).
- 2. Background
- A Wireless Local Area Network (WLAN) allows users virtually unrestricted access to Internet Protocol (IP) services and data networks. The use of a WLAN is not limited to laptop computers and other computing devices, but is rapidly expanding to include cellular telephones, Personal Digital Assistants (PDA)s, and other small wireless devices supported by an external network or carrier. For example, a wireless device communicating via a cellular carrier may roam into a WLAN in a cyber-cafe or workspace. In this situation, the wireless device has access to the cellular system, but desires access to the WLAN. The WLAN access requires authentication. As the wireless device has already gained access to the cellular system, the need for further authentication is redundant. There is a need therefore, for a mechanism that allows a common authentication for access to a cellular system and to a WLAN. Further, there is a need for a common mechanism for generating encryption keys used during communications.
- FIG. 1 is a communication system including an High Data Rate or HDR type network and a Wireless Local Area Network (WLAN).
- FIG. 2 is a timing diagram of authentication procedure in a communication system.
- FIG. 3 is a timing diagram of an authentication procedure in a communication system.
- FIGS. 4 and 5 are access request message formats.
- FIG. 6 is a wireless apparatus including functionality to generate a Master Session Key (MSK).
- The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any embodiment described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments.
- An HDR subscriber station, referred to herein as an access terminal (AT), may be mobile or stationary, and may communicate with one or more HDR base stations, referred to herein as modem pool transceivers (MPTs). An access terminal transmits and receives data packets through one or more modem pool transceivers to an HDR base station controller, referred to herein as a modem pool controller (MPC). Modem pool transceivers and modem pool controllers are parts of a network called an access network. An access network transports data packets between multiple access terminals. The access network may be further connected to additional networks outside the access network, such as a corporate intranet or the Internet, and may transport data packets between each access terminal and such outside networks. An access terminal that has established an active traffic channel connection with one or more modem pool transceivers is called an active access terminal, and is said to be in a traffic state. An access terminal that is in the process of establishing an active traffic channel connection with one or more modem pool transceivers is said to be in a connection setup state. An access terminal may be any data device that communicates through a wireless channel or through a wired channel, for example using fiber optic or coaxial cables. An access terminal may further be any of a number of types of devices including but not limited to PC card, compact flash, external or internal modem, or wireless or wireline phone. The communication link through which the access terminal sends signals to the modem pool transceiver is called a reverse link. The communication link through which a modem pool transceiver sends signals to an access terminal is called a forward link.
- FIG. 1 illustrates a communication system having a Wireless Local Area Network (WLAN)104 with multiple Access Points (APs). An AP is a hub or bridge that provides a star topology control of the wireless side of the
WLAN 104, as well as access to a wired network. - Each AP110, as well as others not shown, supports a connection to a data service, such as the Internet. A MS 102, such as a laptop computer, or other digital computing device, communicates with an AP via the air interface, thus the term Wireless LAN. The AP then communicates with an Authentication Server (AS) or Authentication Center (AC). The AC is a component for performing authentication services for devices requesting admittance to a network. Implementations include Remote Authentication Dial-In User Service (RADIUS), which is an Internet user authentication described in RFC 2138, “Remote Authentication Dial In User Service (RADIUS)” by C. Rigney et al., published April 1997, and other Authentication, Authorization and Accounting (AAA) servers.
- Wireless networking is emerging as a significant aspect of internetworking. It presents a set of unique issues based on the fact that the only boundary of a wireless network is the radio signal strength. There is no wiring to define membership in a network. There is no physical method to restrict a system within radio range to be a member of a wireless network. Wireless networking, more than any other networking technology, needs an authentication and access control mechanism. Various groups are currently working on developing a standard authentication mechanism. Currently the accepted standard is the IEEE 802.11.
- The nature of an RF based network leaves it open to packet interception by any radio within range of a transmitter. Interception can occur far outside the users ‘working’ range by using hi-gain antennas. With readily available tools, the eavesdropper is not limited to just collecting packets for later analysis, but can actually see interactive sessions like web pages viewed by a valid wireless user. An eavesdropper can also catch weak authentication exchanges, like some website logins. The eavesdropper could later duplicate the logon and gain access.
- Once an attacker has gained the knowledge of how a WLAN controls admittance, he may be able to either gain admittance to the network on his own, or steal a valid user's access. Stealing a user's access is simple if the attacker can mimic the valid user's MAC address and use its assigned IP address. The attacker waits until the valid system stops using the network and then takes over its position in the network. This would allow an attacker direct access to all devices within a network, or to use the network to gain access to the wider Internet, all the while appearing to be a valid user of the attacked network. Therefore, authentication and encryption become key concerns in implementation of a WLAN.
- Authentication is the process of proving the identity of an individual or application in a communication. Such identification allows the service provider to verify the entity as a valid user and also to verify the user for the specific services requested. Authentication and authorization actually have very specific meanings, though the two names are often used interchangeably, and in practice are often not clearly distinguished.
- Authentication is the process where a user establishes a right to an identity—in essence, the right to use a name. There are a large number of techniques that may be used to authenticate a user—passwords, biometric techniques, smart cards, certificates.
- A name or identity has attributes associated with it. Attributes may be bound closely to a name (for example, in a certificate payload) or they may be stored in a directory or other database under a key corresponding to the name. Attributes may change over time.
- Authorization is the process of determining whether an identity (plus a set of attributes associated with that identity) is permitted to perform some action, such as accessing a resource. Note that permission to perform an action does not guarantee that the action can be performed. Note that authentication and authorization decisions can be made at different points, by different entities.
- In a cellular network, the authentication feature is a network capability that allows cellular networks to validate the identity of wireless device, thereby reducing unauthorized use of cellular networks. The process is transparent to subscribers. Customers are not required to do anything to authenticate the identity of their phones when they make a call.
- Authentication typically involves a cryptographic scheme, wherein the service provider and the user have some shared information and some private information. The shared information is typically referred to as a “shared secret.”
- The A-Key
- The authentication key (A-key) is a secret value that is unique to each individual cellular phone. It is registered with the cellular service provider and stored in the phone and Authentication Center (AC). The A-key is programmed into the phone by the manufacturer. It can also be entered manually by the user, from the wireless device menu, or by a special terminal at the point of sale.
- The wireless device and the AC must have the same A-key to produce the same calculations. The primary function of the A-key is to be used as a parameter to calculate the shared secret data (SSD).
- The Shared Secret Data (SSD)
- The SSD is used as an input for authentication calculations in the wireless device and the AC, and is stored in both places. Unlike the A-key, the SSD may be modified over the network. The AC and the wireless device share three elements that go into the calculation of the SSD: 1) the Electronic Serial Number (ESN); 2) the Authentication Key (A-Key); and 3) a RANDom number for Shared Secret Data calculation (RANDSSD).
- The ESN and RANDSSD are transmitted over the network and over the air interface. The SSD is updated when a device makes its first system access, and periodically thereafter. When the SSD is calculated, the result is two separate values, SSD-A and SSD-B. SSD-A is used for authentication. SSD-B is used for encryption and voice privacy.
- Depending on the capabilities of the serving system, SSD may be shared or not shared between the AC and serving Mobile Switching Center (MSC). If secret data is shared, it means the AC will send it to the serving MSC and the serving MSC must be capable of executing CAVE. If it is not shared, the AC will keep the data and perform authentication.
- The type of sharing affects how an authentication challenge is conducted. An authentication challenge is a message sent to challenge the identify of the wireless device. Basically, the authentication challenge sends some information, typically random number data, for the user to process. The user then processes the information and sends a response. The response is analyzed for verification of the user. With shared secret data, a challenge is handled at the serving MSC. With non-shared secret data, a challenge is handled by the AC. By sharing secret data, the system may minimize the amount of traffic sent and allow challenges to happen more quickly at the serving switch.
- Authentication Procedures
- In a given system, a Home Location Register (HLR) controls the authentication process by acting as intermediary between the MSC and AC. The serving MSC is set up to support authentication with the mobile's HLR and vice versa.
- The device initiates the process by notifying the serving MSC if it is capable of authentication, by setting an authorization field in the overhead message train. In response, the serving MSC starts the registration/authentication process with an Authentication Request.
- By sending the Authentication Request, the serving MSC tells the HLR/AC whether it is capable of doing CAVE calculations. The AC controls which of the serving MSC's as well as device capabilities will be used out of those available. When the serving MSC does not have CAVE capability, the SSD cannot be shared between the AC and MSC and therefore all authentication processes are performed in the AC.
- The purpose of the Authentication Request (AUTHREQ) is to authenticate the phone and request SSD. The AUTHREQ contains two parameters for authentication, the AUTHR and RAND parameters. When the AC gets the AUTHREQ, it uses the RAND and the last known SSD to calculate AUTHR. If it matches the AUTHR sent in the AUTHREQ then authentication is successful. The return result to the AUTHREQ will contain the SSD if it can be shared.
- The Challenge
- The Authentication process consists of a challenge and response dialog. If SSD is shared, the dialog runs between the MSC and the device. If SSD is not shared, the dialog runs between the HLR/AC and the device. Depending on the switch type, the MSC may be capable of either a Unique Challenge, a Global Challenge, or both. Some MSCs are currently not capable of global challenge. The Unique Challenge is a challenge that occurs during call attempts only, because it uses the voice channel. Unique challenge presents an authentication to a single device during call origination and call delivery. The Global Challenge is a challenge that occurs during registration, call origination, and call delivery. The Global challenge presents an authentication challenge to all MSs that are using a particular radio control channel. It is called global challenge because it is broadcast on the radio control channel, and the challenge is used by all phones accessing that control channel.
- During a challenge, the device responds to a random number provided by the MSC or AC. The device uses the random number and shared secret data stored in the device to calculate a response to the MSC. The MSC also uses the random number and shared secret data to calculate what the response from the device should be. These calculations are done through the CAVE algorithm. If the responses are not the same, service is denied. The challenge process does not increase the amount of time it takes to connect the call. In fact, the call may proceed in some cases, only to be torn down when authentication fails.
- Wireless Local Area Networks (WLANs) have gained tremendous popularity as a means of providing users with untethered access to IP data networks. High Data Rate (HDR) networks such as 1xEV-DO networks and other third generation (3G) networks are also designed to offer high-speed data access; although the data rates they support are typically lower than those of WLANs, 3G networks offer data coverage over a much wider area. Though they might be viewed as competitors, WLAN and HDR networks may be complementary: WLANs offer high-capacity “hot-spot” coverage in public areas such as airport lounges and hotel lobbies, while HDR networks can provide users with nearly ubiquitous data service while on the move. Therefore, the same carrier may provide both HDR and WLAN access services under a single user subscription. This means that the MS uses the same authentication method and secret to both types of access authentication.
- One protocol, such as the Challenge Handshake Authentication Protocol (CHAP), which is also referred to as MD5-Challenge, may be used for both HDR network and WLAN access authentication. CHAP specifically uses the RADIUS protocol to authenticate a terminal without sending security data. The MS is authenticated by its home RADIUS server, wherein the home RADIUS server and the MS share a root secret. After the MS is authenticated successfully via a CHAP challenge, the MS and the home or HDR network derive the same encryption keys that are to be used to protect traffic exchanged between the MS and the WLAN Access Point (AP).
- After successful WLAN access authentication via a CHAP challenge, the home RADIUS server and the MS generate the same Master Session Key (MSK) from the shared root secret. The MSK will be used to derive encryptions keys for the protection of actual traffic between the MS and the AP of the WLAN. The shared root secret is configured to the MS and is static. The MSK is generated on a per packet data session and is only constant during the session. For a new session, a new MSK is generated from the shared root secret using a different random number.
- Since the MSK is not required when the MS is accessing the HDR network, one embodiment provides a mechanism to allow the home RADIUS server to determine whether the MS is accessing WLAN or the HDR network.
- FIG. 1 illustrates a
communication system 100 including anHDR network 106, aWLAN 104, and anMS 102. TheMS 102 is able to access theHDR network 106, and has roamed into aWLAN 104 coverage area. TheMS 102 seeks access to theWLAN 104 via theAP 110 within theWLAN 104. Note thatWLAN 104 may include any number of APs (not shown). TheWLAN 104 also includes an Authentication Authorization and Accounting entity orserver 112. Note that theHDR network 106 also includes anAAA server 108. - FIG. 2 illustrates the message flow for access authentication to a WLAN when CHAP or the MD5-Challenge is used in the
communication system 100. TheMS 102 uses a Network Access Identifier (NAI) for identification. The NAI has the format of username@realm, where realm identifies the home network of the MS, which in this instance isHDR network 106. TheAAA server 112 in theWLAN network 104 initiates a RADIUS Access-Request message to theAAA server 108 at the home network of theMS 102, i.e., to theHDR network 106. Note theHDR network 106 may be any network that supports high data rate transmissions. TheAAA 108 then issues a CHAP Challenge to theMS 102 via theWLAN 104. TheMS 102 calculates a response based on the challenge, such as a random number, and the response is conveyed as a RADIUS Access-Request request to theAAA 108 via theWLAN 104. If authentication is successful, thehome AAA server 108 acknowledges such with a RADIUS Access-Accept message granting theMS 102 access to theWLAN network 104. As discussed hereinabove, both thehome AAA server 108 and theMS 102 generate a same Master Session Key (MSK) from a shared root secret. - As stated hereinabove, the CAVE algorithm is commonly used for cellular communications and therefore, is well used and distributed. Alternate algorithms for authentication are also used. Specifically in data communications a variety of algorithms exist of varying complexity and application. To coordinate these mechanisms, the Extensible Authentication Protocol (EAP) has been developed as a general protocol framework that supports multiple authentication and key distribution mechanisms. The EAP is described in “PPP Extensible Authentication Protocol (EAP)” by L. Blunk et al, RFC 2284, published March 1998.
- One such mechanism supported by the EAP as defined in “EAP AKA Authentication” by J. Arkko et al., published as an Internet Draft in February 2002, is the AKA algorithm. There is a need therefore to extend EAP to include the cellular algorithm CAVE. This is desirable to provide back compatibility for new systems and networks.
- EAP
- The Extensible Authentication Protocol (EAP) is a general protocol for authentication which supports multiple authentication mechanisms. EAP does not select a specific authentication mechanism during link set up and control, but rather postpones this until the authentication procedure begins. This allows the authenticator to request more information before determining the specific authentication mechanism. The authenticator is defined as the end of the link requiring the authentication. The authenticator specifies the authentication protocol to be used in the during link establishment.
- Key Generation
- A key hierarchy is the sequence of steps that are used to generate from a root key a set of encryption keys that are used to either encrypt/decrypt messages or authenticate messages. A key hierarchy should include some time varying information so that the same set of encryption keys is not generated each time the hierarchy is used. A key hierarchy should also be set up such that if the derived encryption keys were to become known, the root key could not be obtained from the encryption keys.
- In one embodiment, an overall key hierarchy consists of three smaller layered key hierarchies: master key hierarchy; rekeying key hierarchy; and per-packet key hierarchy. The master key hierarchy may include EAP keying, pre-shared key, or random number, depending on the hierarchy and authentication method. If EAP keying is used for the master key hierarchy, the master key hierarchy will normally reside on the RADIUS server.
- The rekeying key hierarchy has two types which are called Pairwise key hierarchies and Group key hierarchies. The steps in these two types of hierarchies are similar; only the inputs to the two types are different.
- The per-packet key hierarchy. This may be either for TKIP (using an RC4 encryption engine), or for AES.
- Pairwise key hierarchies are used to derive the keys that are used between two entities in a wireless network (AP and associated station, or a pair of stations in a network).
- Group key hierarchies are used to derive and transfer keys that are used by all entities in a wireless group (an AP and all stations associated with that AP in a network, or all entities in a network).
- Pairwise key hierarchies are instantiated in parallel on the two entities that are using the Pairwise key, with each entity calculating the same set of encryption keys using shared information. One of the two entities drives the Pairwise key hierarchy, that entity is known as the Pairwise key owner. For a given network, the Pairwise key owner is the AP; for other networks each possible pair of stations will have a Pairwise key hierarchy, and the Pairwise key owner is the station of the pair with the lower Medium Access Control layer address.
- Group key hierarchies are instantiated only on one entity, and the derived encryption keys are promulgated to all the other entities; the entity that drives the Group key hierarchy is the Group key owner. For a given network, such as referred to as a Basic Service Set (BSS), the Group key owner is the AP; for an Independent Basic Service Set (IBSS) network the Group key owner is the current beacon transmitter. Note that a BSS network is made up of an AP and associated stations, whereas an IBSS network is made up of a set of stations, all of which are peers of one another. As used herein station is a workstation, and includes a mobile station or other wireless device capable of accessing a local area network.
- Each station will have at least two key hierarchies' instantiated, and quite probably more. In a BSS network, the AP will have a Pairwise key hierarchy instantiated for each station that is associated, and also at least one Group key hierarchy; the AP will be the key owner for all these hierarchies. Each associated station will have one Pairwise key hierarchy instantiated, and at least one Group key hierarchy. For the IBSS network, each station will have a Pairwise key hierarchy instantiated for every other station in the network, as well as a single Group key hierarchy.
- The key owner will have a single Group rekeying hierarchy instantiation for the Group keys, and a Pairwise rekeying hierarchy instantiation for each association. A key owner will have a per-packet key hierarchy per Temporary Key Integrity Protocol (TKIP) temporal key for both Group and Pairwise temporal keys (if any). A non-key owner will have a rekeying hierarchy instantiation for Group keys and Pairwise keys per association, and a perpacket key hierarchy per TKIP temporal key for both Group and Pairwise temporal keys (if any).
- MSK
- According to the exemplary embodiment, the MSK includes the Cellular Message Encryption Algorithm (CMEA) key, which is used for protecting MS traffic such as to a WLAN, and a Cipher Key (CK).
- FIG. 3 illustrates the key hierarchy for generating encryption keys to protect traffic between the
MS 102 andWLAN network 104. The process begins with the negotiation of theMS 102 identity. TheWLAN 104 then sends a RADIUS access request message to theAAA 108, which responds with a RADIUS access challenge message. TheWLAN 104 passes the challenge to theMS 102, which calculates a response therefrom. TheMS 102 response to the challenge is then provided to theWLAN 104. Instep 4 a, after theMS 102 sends the authentication response to theWLAN 104, theMS 102 uses the root secret to generate the Master Session Key (MSK). - The
WLAN 104 sends the RADIUS access request message to theAAA 108, including the challenge response. Instep 5 a, if theMS 102 is authenticated successfully, thehome AAA server 108 uses theMS 102 root secret to generate the same MSK as generated by theMS 102 atstep 4 a. In step 6, thehome AAA server 108 includes the MSK in the RADIUS Access-Accept message, using an attribute, such as the MS-MPPE-Recv-Key attribute. Instep 7, theMS 102 andWLAN network 104 use the procedures such as those specified in the document entitled “Draft Supplement to Standard for Telecommunications and Information Exchange Between Systems—LAN/MAN Specific Requirements—Part 11: Wireless Medium Access Control (MAC) and physical layer (PHY) specifications: Specification for Enhanced Security” IEEE Std 802.11i/D2.0, March 2002, (herein referred to as “the 802.11i standard), to generate encryption keys from the MSK. - The following provides two examples of algorithms and parameters used to generate the MSK in both the
MS 102 andhome AAA server 108. In a first embodiment, the MSK is defined as: - MSK=hashing function (secret, challenge, NAI, secret) (1)
- Wherein the MSK is the result of applying a hashing function (e.g., CHAP, HMAC) using the following parameters:
-
MS 102 root secret; - The challenge used to authenticate
MS 102 in steps 4-5 of FIG. 3; -
MS 102 NAI; and -
MS 102 root secret again. - According to this embodiment, the
MS 102 andhome AAA server 108 have all the key materials necessary to generate the same MSK independently. In other words, no additional key materials need be exchanged between theMS 102 andhome AAA server 108 for MSK generation. Note that the MSK and theMS 102 access authentication response are generated from a same challenge value. An alternate embodiment generates the MSK from a different random value. - A second example, according to another embodiment, defines the MSK as:
- MSK=hashing function (secret, NAI, random number) (2)
- Wherein the MSK is the result of applying a hashing function (e.g., CHAP, HMAC) on the following parameters:
-
MS 102 root secret; -
MS 102 NAI; and - A random number generated by the home AAA server,
- Wherein the random number is different from the challenge value. According to this embodiment, the MSK is generated from a random number that is different from the challenge value used in the
MS 102 access authentication. The use of independent challenge values provides less correlation between the MSK and theMS 102 access authentication, and therefore, provides improved security. Note that the random number is sent to theMS 102 and the MSK generated therefrom. The random number is sent to theMS 102 via a RADIUS Access-Accept (step 6 in FIG. 3) and the mechanisms defined in the 802.11i standard (step 7 in FIG. 3). - The procedure to generate MSK is used when the
MS 102 is accessing aWLAN 104, and is not used when the MS is accessing 1xEV-DO or other HDR network. This is due to the over the air encryption provided by the HDR system. As the MS initiates the access to either theWLAN network 104 or theHDR network 106, theMS 102 is able to determine whether MSK generation is needed. However, the home AAA server must also determine when to generate the MSK. - In one embodiment, a special RADIUS attribute is implemented to notify the
AAA 108 to generate an MSK. In steps 2 and 5 of FIG. 3, theWLAN network 104 sends the RADIUS Access-Request message containing a special or designated attribute indicating theMS 102 desires or is requestingWLAN 104 access. The attribute status will trigger thehome AAA server 108 to perform MSK generation (if theMS 102 authentication was successful). When the designated attribute is not present in the RADIUS Access-Request message, thehome AAA server 108 will not perform MSK generation. Note that for implementation in a system consistent with 3GPP2, the designated attribute is specific to 3GPP2 and thus may be defined as a vendor-specific attribute with the vendor ID of 3GPP2. - FIG. 4 illustrates the RADIUS format described in RFC 2865 entitled “Remote Authentication Dial In User Service (RADIUS)” by C. Rigney et al, published June 2000. The
data format 200 includes: acode field 202 identifying the type of RADIUS packet (e.g., access request, access reject, etc.); anID field 204 to coordinate matching requests and responses; and alength field 206 to indicate the length of the associated packet. Anattribute 220 is also illustrated, including: atype field 222 identifying the contents of thevalue field 226; alength field 224 giving the length of the attribute; and a value field providing the specific information of this attribute. Note that RADIUS supports vendor-specific attributes, wherein thevalue field 226 is used to provide the vendor identification, followed by the attribute information. The vendor-specific type may be as described in RFC 2548 entitled “Microsoft Vendor-specific RADIUS Attributes” by G. Zorn, published March 1999, for application to CHAP messages. - An alternate embodiment implements a standard attribute called the Network Access Server (NAS) Internet Protocol (IP) address in the RADIUS Access-Request message. The standard attribute identifies the IP address of the RADIUS client originating the RADIUS Access-Request message. The
home AAA server 108 is configured with a database containing the IP addresses of all the RADIUS clients in theWLAN network 104. If the IP address indicated in the NAS IP address attribute matches an address in the database, then the RADIUS Access-Request message is originated from theWLAN network 104, and thehome AAA server 108 will perform MSK generation (if the MS authentication was successful). Otherwise, thehome AAA server 108 will not perform MSK generation. - The format for the standard attribute is illustrated in FIG. 5, with an example superimposed over the value field. The
attribute format 300 includes atype field 302 identifying the contents of avalue field 306; alength field 304 giving the length of the attribute; and avalue field 306 containing the attribute information. Note that without modification to the description given in RFC 2865, thevalue field 306 may be partitioned into significant fields fortype 322 indicating the type of sub-attribute, such as an MSK generation instruction; alength field 324 giving the length of the sub-attribute; and avalue field 326 containing the sub-attribute information, such as an MSK generation indicator. As an example, to convey a message to theAAA 108 instructing theAAA 108 on MSK generation, the type filed 322 may identify this sub-attribute as an MSK generation instruction using a corresponding predefined code. Thevalue field 326 would then have a value either: 1—instructing theAAA 108 to generate an MSK; or 2—instructing theAAA 108 to not generate the MSK. - A wireless device, such as
MS 102, is illustrated in FIG. 6. Thedevice 600 includes receivecircuitry 602 and transmitcircuitry 604 for receiving transmissions and sending transmissions, respectively. The receivecircuitry 602 and the transmitcircuitry 604 are both coupled to acommunication bus 612. Thedevice 600 also includes a Central Processing Unit (CPU) 606 for controlling operations within thedevice 600. TheCPU 606 is responsive to computer-readable instructions stored in memory storage devices within thedevice 600. Two such storage devices are illustrated as storing the authentication procedure(s) 608 and theMSK generation 610. Note that alternate embodiments may implement the procedure in hardware, software, firmware, or a combination thereof. TheCPU 606 is then responsive to authentication processing instructions from theauthentication procedure 608. TheCPU 606 places theauthentication procedure 608 messages into a transport format, such as an EAP format. Upon authentication to a WLAN, theCPU 606 is responsive to theMSK generation unit 610 to generate the MSK. TheCPU 606 further processes received transport format messages to extract the authentication messages therefrom. - Note that while the embodiments described herein detail a WLAN, the methods and apparatus described herein are also applicable to other system entities. The present invention provides a method of enabling a system entity to provide encryption to a communication. By using the home server to generate the MSK, and providing the MSK to a system entity, that entity is provided sufficient information for secure transmissions to a user, such as a MS.
- Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
- Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
- The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
- The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
- The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (24)
1. A method for key generation in a communication system, comprising:
authenticating an access to a Wireless Local Area Network (WLAN);
generating a Master Session Key (MSK) for the access; and
sending an access accept message including the MSK.
2. The method as in claim 1 , wherein authenticating comprises:
receiving a user identification;
determining a challenge value; and
determining the shared secret,
and wherein generating an MSK comprises:
hashing the user identification, the challenge value and the shared secret.
3. The apparatus as in claim 2 , wherein the user identification is a Network Access Identifier (NAI).
4. The method as in claim 1 , wherein authenticating comprises:
receiving a user identification;
determining a challenge value; and
determining a random value,
and wherein generating an MSK comprises:
hashing the user identification, the challenge value and the random value.
5. The apparatus as in claim 4 , wherein the apparatus identifier is a Network Access Identifier (NAI).
6. A method for key generation in a communication system, comprising:
requesting authentication of an access to a Wireless Local Area Network (WLAN);
receiving an access accept message including a Master Session Key (MSK) for the access; and
generating at least one encryption key as a function of the MSK, wherein the at least one encryption key is used to encrypt traffic for the access.
7. An apparatus for key generation in a communication system, comprising:
means for authenticating an access to a Wireless Local Area Network (WLAN);
means for generating a Master Session Key (MSK) for the access; and
means for determining an encryption key from the MSK.
8. An apparatus for key generation in a communication system, comprising:
means for requesting authentication of an access to a Wireless Local Area Network (WLAN);
means for receiving an access accept message including a Master Session Key (MSK) for the access; and
means for generating at least one encryption key as a function of the MSK, wherein the at least one encryption key is used to encrypt traffic for the access.
9. An apparatus, comprising:
a processing unit;
an authentication procedure unit coupled to the processing unit, adapted to request authentication of an access to a system, and adapted to compute a response to a challenge for the authentication; and
a Master Session Key (MSK) generation unit coupled to the processing unit, adapted to generate an MSK, wherein the MSK is for generating at least one encryption key to encrypt traffic for the access.
10. The apparatus as in claim 9 , wherein the MSK is generated using an apparatus identifier, a shared secret, and the challenge.
11. The apparatus as in claim 10 , wherein the apparatus identifier is a Network Access Identifier (NAI).
12. The apparatus as in claim 9 , wherein the MSK is generated using an apparatus identifier, a shared secret, and a random number.
13. The apparatus as in claim 12 , wherein the apparatus identifier is a Network Access Identifier (NAI).
14. A method in a communication system, comprising:
receiving an access request message for an access to the communication system, the access request message having a first field;
determining the state of the first field; and
if the state is a first value, generating a Master Session Key (MSK) for the access.
15. The method as in claim 14 , further comprising:
sending an access accept message, wherein:
if the state is the first value the access accept message includes the MSK.
16. The method as in claim 15 , further comprising:
authenticating the access.
17. The method as in claim 14 , wherein the first field corresponds to an attribute indicating an access to an entity of the communication system that does not support encryption.
18. The method as in claim 17 , wherein the entity is a Wireless Local Area Network (WLAN).
19. The method as in claim 14 , wherein the first field corresponds to an attribute indicating origination of the access request message
20. The method as in claim 14 , further comprising:
authenticating the access by:
receiving a user identification;
determining a challenge value; and
determining the shared secret,
and wherein generating the MSK comprises:
hashing the user identification, the challenge value and the shared secret.
21. The method as in claim 14 , further comprising:
authenticating the access by:
receiving a user identification;
determining a challenge value; and
determining a random value,
and wherein generating the MSK comprises:
hashing the user identification, the challenge value and the random value.
22. An infrastructure element in a communication system, comprising:
means for receiving an access request message for an access to the communication system, the access request message having a first field;
means for determining the state of the first field; and
means for generating a Master Session Key (MSK) for the access if the state is a first value.
23. An access request message format for a communication system, comprising:
a type field identifying a type of attribute information for an access to the communication system; and
a value field for the attribute information, the value field comprising:
a second type field identifying a type of sub-attribute information for the access; and
a second value field for the sub-attribute information.
24. The access request message format as in claim 23 , wherein the sub-attribute information is a Master Session Key (MSK) generation instruction.
Priority Applications (21)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/177,017 US20030235305A1 (en) | 2002-06-20 | 2002-06-20 | Key generation in a communication system |
TW101126108A TWI388180B (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
BRPI0311994-7A BR0311994A (en) | 2002-06-20 | 2003-06-20 | key generation in a communication system |
RU2005101217/09A RU2333607C2 (en) | 2002-06-20 | 2003-06-20 | Key generation in communication system |
CA2862069A CA2862069C (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
CN201410439953.8A CN104243145A (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
CNA038192977A CN1720688A (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
CN201310460165.2A CN103532939B (en) | 2002-06-20 | 2003-06-20 | Method and device for key generation in a communication system |
AU2003243680A AU2003243680B2 (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
CA2792490A CA2792490C (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
CA2490131A CA2490131C (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
JP2004516007A JP4897215B2 (en) | 2002-06-20 | 2003-06-20 | Key generation method and apparatus in communication system |
EP03761176A EP1525706A4 (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
PCT/US2003/019465 WO2004002056A1 (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
KR1020047020774A KR101062781B1 (en) | 2002-06-20 | 2003-06-20 | Key Generation in Communication Systems |
TW092116837A TWI360975B (en) | 2002-06-20 | 2003-06-20 | Key generation in a communication system |
US10/912,898 US7190793B2 (en) | 2002-06-20 | 2004-08-06 | Key generation in a communication system |
HK15103526.0A HK1203706A1 (en) | 2002-06-20 | 2006-04-12 | Key generation in a communication system |
JP2010092578A JP5313200B2 (en) | 2002-06-20 | 2010-04-13 | Key generation method and apparatus in communication system |
TW099142508A TWI376905B (en) | 2002-06-20 | 2010-06-20 | Key generation in a communication system |
JP2012012031A JP5512709B2 (en) | 2002-06-20 | 2012-01-24 | Key generation method and apparatus in communication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/177,017 US20030235305A1 (en) | 2002-06-20 | 2002-06-20 | Key generation in a communication system |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/912,898 Division US7190793B2 (en) | 2002-06-20 | 2004-08-06 | Key generation in a communication system |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030235305A1 true US20030235305A1 (en) | 2003-12-25 |
Family
ID=29734262
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/177,017 Abandoned US20030235305A1 (en) | 2002-06-20 | 2002-06-20 | Key generation in a communication system |
US10/912,898 Expired - Lifetime US7190793B2 (en) | 2002-06-20 | 2004-08-06 | Key generation in a communication system |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/912,898 Expired - Lifetime US7190793B2 (en) | 2002-06-20 | 2004-08-06 | Key generation in a communication system |
Country Status (12)
Country | Link |
---|---|
US (2) | US20030235305A1 (en) |
EP (1) | EP1525706A4 (en) |
JP (3) | JP4897215B2 (en) |
KR (1) | KR101062781B1 (en) |
CN (3) | CN104243145A (en) |
AU (1) | AU2003243680B2 (en) |
BR (1) | BR0311994A (en) |
CA (3) | CA2792490C (en) |
HK (1) | HK1203706A1 (en) |
RU (1) | RU2333607C2 (en) |
TW (3) | TWI388180B (en) |
WO (1) | WO2004002056A1 (en) |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030236982A1 (en) * | 2002-06-20 | 2003-12-25 | Hsu Raymond T. | Inter-working function for a communication system |
US20040073672A1 (en) * | 2002-10-08 | 2004-04-15 | Fascenda Anthony C. | Self-managed network access using localized access management |
US20040162998A1 (en) * | 2003-02-14 | 2004-08-19 | Jukka Tuomi | Service authentication in a communication system |
WO2004084019A2 (en) * | 2003-03-14 | 2004-09-30 | Thomson Licensing S.A. | Secure web browser based system administration for embedded platforms |
US20040203602A1 (en) * | 2002-09-12 | 2004-10-14 | Broadcom Corporation | Enabling and controlling access to wireless hot spots |
US20040221154A1 (en) * | 2003-05-02 | 2004-11-04 | Sudhir Aggarwal | Mobile security architecture |
US20040235468A1 (en) * | 2003-05-19 | 2004-11-25 | Luebke Charles J. | Wireless network clustering communication system, wireless communication network, and access port for same |
US20050074122A1 (en) * | 2003-10-07 | 2005-04-07 | Koolspan, Inc. | Mass subscriber management |
WO2005038608A2 (en) * | 2003-10-15 | 2005-04-28 | Koolspan, Inc. | Mass subscriber management |
US20050160269A1 (en) * | 2004-01-20 | 2005-07-21 | Matsushita Electric Works, Ltd. | Common security key generation apparatus |
US20060007897A1 (en) * | 2003-05-15 | 2006-01-12 | Matsushita Electric Industrial Co.,Ltd. | Radio lan access authentication system |
WO2006005999A1 (en) * | 2004-06-29 | 2006-01-19 | Nokia Corporation | Enhanced use of a network access identifier in wlan |
US20060030293A1 (en) * | 2002-09-12 | 2006-02-09 | Broadcom Corporation | Controlling and enhancing handoff between wireless access points |
US20060046690A1 (en) * | 2004-09-02 | 2006-03-02 | Rose Gregory G | Pseudo-secret key generation in a communications system |
US20060094401A1 (en) * | 2004-10-29 | 2006-05-04 | Eastlake Donald E Iii | Method and apparatus for authentication of mobile devices |
EP1657943A1 (en) * | 2004-11-10 | 2006-05-17 | Alcatel | A method for ensuring secure access to a telecommunication system comprising a local network and a PLMN |
US20060161771A1 (en) * | 2002-08-14 | 2006-07-20 | Junbiao Zhang | Session key management for public wireless lan supporting multiple virtual operators |
US20060173981A1 (en) * | 2004-03-11 | 2006-08-03 | Junbiao Zhang | Secure web browser based system administration for embedded platforms |
WO2007005588A1 (en) * | 2005-06-30 | 2007-01-11 | Intel Corporation | Reservation with access points |
US20070097934A1 (en) * | 2005-11-03 | 2007-05-03 | Jesse Walker | Method and system of secured direct link set-up (DLS) for wireless networks |
US20070263873A1 (en) * | 2006-05-15 | 2007-11-15 | Qi Emily H | Methods and apparatus for a keying mechanism for end-to-end service control protection |
US7310307B1 (en) * | 2002-12-17 | 2007-12-18 | Cisco Technology, Inc. | System and method for authenticating an element in a network environment |
US7325134B2 (en) | 2002-10-08 | 2008-01-29 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US20080104399A1 (en) * | 2002-10-08 | 2008-05-01 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US20090116651A1 (en) * | 2006-07-12 | 2009-05-07 | Huawei Technologies Co., Ltd. | Method and system for generating and distributing mobile ip key |
US20090136032A1 (en) * | 2007-11-26 | 2009-05-28 | Kyocera Mita Corporation | Image reading apparatus and image forming apparatus |
US20090279518A1 (en) * | 2006-08-24 | 2009-11-12 | Rainer Falk | Method and arrangement for providing a wireless mesh network |
US20110138170A1 (en) * | 2007-06-15 | 2011-06-09 | Koolspan, Inc. | System and method of per-packet keying |
US20110199997A1 (en) * | 2008-11-04 | 2011-08-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for determining resource indices |
US9008312B2 (en) | 2007-06-15 | 2015-04-14 | Koolspan, Inc. | System and method of creating and sending broadcast and multicast data |
EP2854329A4 (en) * | 2012-05-23 | 2015-07-15 | Huawei Tech Co Ltd | Method, system, and device for securely establishing wireless local area network |
US20170338959A1 (en) * | 2014-11-17 | 2017-11-23 | Samsung Electronics Co., Ltd. | Method and apparatus for providing service on basis of identifier of user equipment |
CN108075896A (en) * | 2016-11-11 | 2018-05-25 | 华为国际有限公司 | Use the system and method for the cryptography structure Self-certified message based on mark |
EP3916600A1 (en) * | 2020-05-27 | 2021-12-01 | Mettler-Toledo (Albstadt) GmbH | Method for operating an electronic data processing system and electronic data processing system |
Families Citing this family (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8140845B2 (en) * | 2001-09-13 | 2012-03-20 | Alcatel Lucent | Scheme for authentication and dynamic key exchange |
KR100479260B1 (en) * | 2002-10-11 | 2005-03-31 | 한국전자통신연구원 | Method for cryptographing wireless data and apparatus thereof |
US7787497B1 (en) * | 2003-03-03 | 2010-08-31 | Cisco Technology, Inc. | System for grouping attributes in packets in a radius protocol |
US20050044363A1 (en) * | 2003-08-21 | 2005-02-24 | Zimmer Vincent J. | Trusted remote firmware interface |
US7299354B2 (en) * | 2003-09-30 | 2007-11-20 | Intel Corporation | Method to authenticate clients and hosts to provide secure network boot |
JP3918827B2 (en) * | 2004-01-21 | 2007-05-23 | 株式会社日立製作所 | Secure remote access system |
JP4009273B2 (en) * | 2004-05-19 | 2007-11-14 | 松下電器産業株式会社 | Communication method |
US7992193B2 (en) * | 2005-03-17 | 2011-08-02 | Cisco Technology, Inc. | Method and apparatus to secure AAA protocol messages |
US20060259759A1 (en) * | 2005-05-16 | 2006-11-16 | Fabio Maino | Method and apparatus for securely extending a protected network through secure intermediation of AAA information |
US7596225B2 (en) * | 2005-06-30 | 2009-09-29 | Alcatl-Lucent Usa Inc. | Method for refreshing a pairwise master key |
KR100770928B1 (en) * | 2005-07-02 | 2007-10-26 | 삼성전자주식회사 | Authentication system and method thereofin a communication system |
US7715562B2 (en) * | 2006-03-06 | 2010-05-11 | Cisco Technology, Inc. | System and method for access authentication in a mobile wireless network |
CN101496387B (en) * | 2006-03-06 | 2012-09-05 | 思科技术公司 | System and method for access authentication in a mobile wireless network |
US8118214B2 (en) * | 2006-03-24 | 2012-02-21 | Atmel Corporation | Method and system for generating electronic keys |
KR101161258B1 (en) | 2006-04-14 | 2012-07-02 | 삼성전자주식회사 | System and method for authenticating using a privacy key management version 2 authentication scheme in a communication system |
KR100739809B1 (en) | 2006-08-09 | 2007-07-13 | 삼성전자주식회사 | Method and apparatus for managing stations which are associated with wpa-psk wireless network |
DE102006038037A1 (en) * | 2006-08-14 | 2008-02-21 | Siemens Ag | Method and system for providing an access-specific key |
CN101155092B (en) * | 2006-09-29 | 2010-09-08 | 西安电子科技大学 | Wireless local area network access method, device and system |
US8176327B2 (en) * | 2006-12-27 | 2012-05-08 | Airvana, Corp. | Authentication protocol |
CN100456725C (en) * | 2007-03-15 | 2009-01-28 | 北京安拓思科技有限责任公司 | Network system and method for obtaining the public key certificate for WAPI |
CN100456726C (en) * | 2007-03-15 | 2009-01-28 | 北京安拓思科技有限责任公司 | Network system and method for realizing the Internet access authentication based on WAPI |
KR101002799B1 (en) * | 2007-03-21 | 2010-12-21 | 삼성전자주식회사 | mobile telecommunication network and method for authentication of mobile node in mobile telecommunication network |
US8265281B2 (en) | 2007-07-09 | 2012-09-11 | Qualcomm Incorporated | IP service authorization in wireless communications networks |
US8509440B2 (en) * | 2007-08-24 | 2013-08-13 | Futurwei Technologies, Inc. | PANA for roaming Wi-Fi access in fixed network architectures |
CN101378591B (en) | 2007-08-31 | 2010-10-27 | 华为技术有限公司 | Method, system and device for negotiating safety capability when terminal is moving |
CN101399767B (en) | 2007-09-29 | 2011-04-20 | 华为技术有限公司 | Method, system and apparatus for security capability negotiation during terminal moving |
CN101145913B (en) * | 2007-10-25 | 2010-06-16 | 东软集团股份有限公司 | A method and system for network security communication |
US20090217038A1 (en) * | 2008-02-22 | 2009-08-27 | Vesa Petteri Lehtovirta | Methods and Apparatus for Locating a Device Registration Server in a Wireless Network |
US8660268B2 (en) * | 2008-04-29 | 2014-02-25 | Red Hat, Inc. | Keyed pseudo-random number generator |
US8156333B2 (en) * | 2008-05-29 | 2012-04-10 | Red Hat, Inc. | Username based authentication security |
US9258113B2 (en) * | 2008-08-29 | 2016-02-09 | Red Hat, Inc. | Username based key exchange |
US8695082B2 (en) * | 2008-10-27 | 2014-04-08 | Nokia Siemens Networks Oy | Method and communication system for accessing a wireless communication network |
US20100106971A1 (en) * | 2008-10-27 | 2010-04-29 | Domagoj Premec | Method and communication system for protecting an authentication connection |
US9106426B2 (en) | 2008-11-26 | 2015-08-11 | Red Hat, Inc. | Username based authentication and key generation |
US20100251330A1 (en) * | 2009-03-12 | 2010-09-30 | Kroeselberg Dirk | Optimized relaying of secure network entry of small base stations and access points |
CN102026092B (en) * | 2009-09-16 | 2014-03-12 | 中兴通讯股份有限公司 | Method and network for mobile multimedia broadcasting service key synchronization |
CN102056159B (en) * | 2009-11-03 | 2014-04-02 | 华为技术有限公司 | Method and device for acquiring safe key of relay system |
US9225526B2 (en) * | 2009-11-30 | 2015-12-29 | Red Hat, Inc. | Multifactor username based authentication |
JP2012044327A (en) * | 2010-08-16 | 2012-03-01 | Ntt Docomo Inc | Mobile communication method, relay node, and radio base station |
WO2013042022A1 (en) * | 2011-09-20 | 2013-03-28 | Koninklijke Philips Electronics N.V. | Management of group secrets by group members |
KR101172876B1 (en) | 2011-10-19 | 2012-08-10 | 인포섹(주) | System and method for performing mutual authentication between user terminal and server |
US20130254125A1 (en) * | 2011-12-30 | 2013-09-26 | VideoiGames, Inc. | Remote Execution of and Transfer of Rights in Registered Applications |
US9537663B2 (en) | 2012-06-20 | 2017-01-03 | Alcatel Lucent | Manipulation and restoration of authentication challenge parameters in network authentication procedures |
US20140153722A1 (en) * | 2012-12-03 | 2014-06-05 | Semyon Mizikovsky | Restricting use of mobile subscriptions to authorized mobile devices |
US9173095B2 (en) * | 2013-03-11 | 2015-10-27 | Intel Corporation | Techniques for authenticating a device for wireless docking |
US9363671B2 (en) * | 2013-03-15 | 2016-06-07 | Qualcomm Incorporated | Authentication for relay deployment |
KR102314917B1 (en) * | 2015-03-19 | 2021-10-21 | 삼성전자주식회사 | Method and apparatus for configuring connection between devices in a communication system |
CN106415573B (en) * | 2015-05-08 | 2021-01-08 | 松下电器(美国)知识产权公司 | Authentication method, authentication system and controller |
CN106330445B (en) * | 2015-06-19 | 2019-11-12 | 中兴新能源汽车有限责任公司 | Vehicle authentication method and device |
US9980133B2 (en) | 2015-08-12 | 2018-05-22 | Blackberry Limited | Network access identifier including an identifier for a cellular access network node |
CN105451245B (en) * | 2015-11-16 | 2020-02-21 | 上海斐讯数据通信技术有限公司 | Wireless equipment management method |
US11172359B2 (en) * | 2017-08-09 | 2021-11-09 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for attach procedure with security key exchange for restricted services for unauthenticated user equipment |
RU2726144C1 (en) * | 2019-11-25 | 2020-07-09 | Валерий Алексеевич Степанов | Device for cryptographic protection of information transmitted over communication networks |
CN113268722B (en) * | 2021-05-17 | 2022-04-26 | 时昕昱 | Personal digital identity management system and method |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3526688B2 (en) * | 1996-03-29 | 2004-05-17 | 富士通株式会社 | Metered system and method for connectionless communication |
CN100486391C (en) * | 1997-12-10 | 2009-05-06 | 西尔可穆无线公司 | Communication system |
JPH11215116A (en) * | 1998-01-27 | 1999-08-06 | Nippon Telegr & Teleph Corp <Ntt> | Key management method and its system |
DE19822795C2 (en) * | 1998-05-20 | 2000-04-06 | Siemens Ag | Method and arrangement for computer-aided exchange of cryptographic keys between a first computer unit and a second computer unit |
US6178506B1 (en) * | 1998-10-23 | 2001-01-23 | Qualcomm Inc. | Wireless subscription portability |
DE60029217T2 (en) * | 1999-05-21 | 2007-05-31 | International Business Machines Corp. | METHOD AND DEVICE FOR INITIALIZING SAFE CONNECTIONS BETWEEN AND BETWEEN ONLY CUSTOMIZED CORDLESS EQUIPMENT |
FI19991733A (en) * | 1999-08-16 | 2001-02-17 | Nokia Networks Oy | Authentication in a mobile communication system |
JP3570310B2 (en) * | 1999-10-05 | 2004-09-29 | 日本電気株式会社 | Authentication method and authentication device in wireless LAN system |
FI20000760A0 (en) * | 2000-03-31 | 2000-03-31 | Nokia Corp | Authentication in a packet data network |
JP2002009762A (en) * | 2000-06-26 | 2002-01-11 | Sony Corp | Information processing system, information processing method, and information processing apparatus, and program providing medium |
JP2002124952A (en) * | 2000-10-12 | 2002-04-26 | Furukawa Electric Co Ltd:The | Approval method and system of wireless terminal in wireless network |
US8140845B2 (en) * | 2001-09-13 | 2012-03-20 | Alcatel Lucent | Scheme for authentication and dynamic key exchange |
-
2002
- 2002-06-20 US US10/177,017 patent/US20030235305A1/en not_active Abandoned
-
2003
- 2003-06-20 CA CA2792490A patent/CA2792490C/en not_active Expired - Lifetime
- 2003-06-20 WO PCT/US2003/019465 patent/WO2004002056A1/en active Application Filing
- 2003-06-20 BR BRPI0311994-7A patent/BR0311994A/en not_active Application Discontinuation
- 2003-06-20 CA CA2862069A patent/CA2862069C/en not_active Expired - Lifetime
- 2003-06-20 TW TW101126108A patent/TWI388180B/en not_active IP Right Cessation
- 2003-06-20 TW TW092116837A patent/TWI360975B/en not_active IP Right Cessation
- 2003-06-20 JP JP2004516007A patent/JP4897215B2/en not_active Expired - Lifetime
- 2003-06-20 CA CA2490131A patent/CA2490131C/en not_active Expired - Lifetime
- 2003-06-20 CN CN201410439953.8A patent/CN104243145A/en active Pending
- 2003-06-20 AU AU2003243680A patent/AU2003243680B2/en not_active Expired
- 2003-06-20 RU RU2005101217/09A patent/RU2333607C2/en active
- 2003-06-20 KR KR1020047020774A patent/KR101062781B1/en active IP Right Grant
- 2003-06-20 CN CNA038192977A patent/CN1720688A/en active Pending
- 2003-06-20 EP EP03761176A patent/EP1525706A4/en not_active Withdrawn
- 2003-06-20 CN CN201310460165.2A patent/CN103532939B/en not_active Expired - Lifetime
-
2004
- 2004-08-06 US US10/912,898 patent/US7190793B2/en not_active Expired - Lifetime
-
2006
- 2006-04-12 HK HK15103526.0A patent/HK1203706A1/en unknown
-
2010
- 2010-04-13 JP JP2010092578A patent/JP5313200B2/en not_active Expired - Lifetime
- 2010-06-20 TW TW099142508A patent/TWI376905B/en not_active IP Right Cessation
-
2012
- 2012-01-24 JP JP2012012031A patent/JP5512709B2/en not_active Expired - Lifetime
Cited By (85)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8630414B2 (en) | 2002-06-20 | 2014-01-14 | Qualcomm Incorporated | Inter-working function for a communication system |
US20030236982A1 (en) * | 2002-06-20 | 2003-12-25 | Hsu Raymond T. | Inter-working function for a communication system |
US20070226499A1 (en) * | 2002-08-14 | 2007-09-27 | Thomson Licensing | Session key management for public wireless lan supporting multiple virtual operators |
US8145193B2 (en) * | 2002-08-14 | 2012-03-27 | Thomson Licensing | Session key management for public wireless LAN supporting multiple virtual operators |
US20060161771A1 (en) * | 2002-08-14 | 2006-07-20 | Junbiao Zhang | Session key management for public wireless lan supporting multiple virtual operators |
US7239864B2 (en) * | 2002-08-14 | 2007-07-03 | Thomson Licensing | Session key management for public wireless LAN supporting multiple virtual operators |
US20080212535A1 (en) * | 2002-09-12 | 2008-09-04 | Broadcom Corporation | Controlling and enhancing handoff between wireless access points |
US8538426B2 (en) | 2002-09-12 | 2013-09-17 | Broadcom Corporation | Controlling and enhancing handoff between wireless access points |
US20040203602A1 (en) * | 2002-09-12 | 2004-10-14 | Broadcom Corporation | Enabling and controlling access to wireless hot spots |
US8019342B2 (en) | 2002-09-12 | 2011-09-13 | Broadcom Corporation | Controlling and enhancing handoff between wireless access points |
US20060030293A1 (en) * | 2002-09-12 | 2006-02-09 | Broadcom Corporation | Controlling and enhancing handoff between wireless access points |
US20050260972A1 (en) * | 2002-09-12 | 2005-11-24 | Broadcom Corporation | Enabling and controlling access to wireless hot spots |
US7386296B2 (en) * | 2002-09-12 | 2008-06-10 | Broadcom Corporation | Controlling and enhancing handoff between wireless access points |
US7853788B2 (en) | 2002-10-08 | 2010-12-14 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US9294915B2 (en) | 2002-10-08 | 2016-03-22 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US20080104399A1 (en) * | 2002-10-08 | 2008-05-01 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US7325134B2 (en) | 2002-10-08 | 2008-01-29 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US7574731B2 (en) | 2002-10-08 | 2009-08-11 | Koolspan, Inc. | Self-managed network access using localized access management |
US20040073672A1 (en) * | 2002-10-08 | 2004-04-15 | Fascenda Anthony C. | Self-managed network access using localized access management |
US8301891B2 (en) | 2002-10-08 | 2012-10-30 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US8769282B2 (en) | 2002-10-08 | 2014-07-01 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US20110055574A1 (en) * | 2002-10-08 | 2011-03-03 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US7940656B2 (en) | 2002-12-17 | 2011-05-10 | Cisco Technology, Inc. | System and method for authenticating an element in a network environment |
US7310307B1 (en) * | 2002-12-17 | 2007-12-18 | Cisco Technology, Inc. | System and method for authenticating an element in a network environment |
US20080081592A1 (en) * | 2002-12-17 | 2008-04-03 | Cisco Technology, Inc. | System and Method for Authenticating an Element in a Network Environment |
US20040162998A1 (en) * | 2003-02-14 | 2004-08-19 | Jukka Tuomi | Service authentication in a communication system |
WO2004084019A3 (en) * | 2003-03-14 | 2004-12-02 | Thomson Licensing Sa | Secure web browser based system administration for embedded platforms |
WO2004084019A2 (en) * | 2003-03-14 | 2004-09-30 | Thomson Licensing S.A. | Secure web browser based system administration for embedded platforms |
US20040221154A1 (en) * | 2003-05-02 | 2004-11-04 | Sudhir Aggarwal | Mobile security architecture |
US20060007897A1 (en) * | 2003-05-15 | 2006-01-12 | Matsushita Electric Industrial Co.,Ltd. | Radio lan access authentication system |
US7127234B2 (en) * | 2003-05-15 | 2006-10-24 | Matsushita Electric Industrial Co., Ltd. | Radio LAN access authentication system |
US20040235468A1 (en) * | 2003-05-19 | 2004-11-25 | Luebke Charles J. | Wireless network clustering communication system, wireless communication network, and access port for same |
US20110004759A1 (en) * | 2003-10-07 | 2011-01-06 | Koolspan, Inc. | Mass subscriber management |
US7325133B2 (en) * | 2003-10-07 | 2008-01-29 | Koolspan, Inc. | Mass subscriber management |
US8515078B2 (en) | 2003-10-07 | 2013-08-20 | Koolspan, Inc. | Mass subscriber management |
US20050074122A1 (en) * | 2003-10-07 | 2005-04-07 | Koolspan, Inc. | Mass subscriber management |
US20080152140A1 (en) * | 2003-10-07 | 2008-06-26 | Koolspan, Inc. | Mass subscriber management |
WO2005038608A3 (en) * | 2003-10-15 | 2006-09-08 | Koolspan Inc | Mass subscriber management |
WO2005038608A2 (en) * | 2003-10-15 | 2005-04-28 | Koolspan, Inc. | Mass subscriber management |
US20050160269A1 (en) * | 2004-01-20 | 2005-07-21 | Matsushita Electric Works, Ltd. | Common security key generation apparatus |
US20060173981A1 (en) * | 2004-03-11 | 2006-08-03 | Junbiao Zhang | Secure web browser based system administration for embedded platforms |
WO2006005999A1 (en) * | 2004-06-29 | 2006-01-19 | Nokia Corporation | Enhanced use of a network access identifier in wlan |
US20060019635A1 (en) * | 2004-06-29 | 2006-01-26 | Nokia Corporation | Enhanced use of a network access identifier in wlan |
WO2006029051A1 (en) * | 2004-09-02 | 2006-03-16 | Qualcomm Incorporated | Method and apparatus for pseudo-secret key generation to generate a response to a challenge received from service provider |
US20060046690A1 (en) * | 2004-09-02 | 2006-03-02 | Rose Gregory G | Pseudo-secret key generation in a communications system |
EP2254305A1 (en) * | 2004-09-02 | 2010-11-24 | Qualcomm Incorporated | Method and apparatus for pseudo-secret key generation to generate a response to a challenge received from service provider |
KR100896365B1 (en) * | 2004-10-29 | 2009-05-08 | 모토로라 인코포레이티드 | Method and apparatus for authentication of mobile device |
DE112005002651B4 (en) * | 2004-10-29 | 2019-11-14 | Motorola Solutions, Inc. | Method and device for authentication of mobile devices |
WO2006050200A3 (en) * | 2004-10-29 | 2006-12-07 | Motorola Inc | Method and apparatus for authentication of mobile devices |
US7734280B2 (en) * | 2004-10-29 | 2010-06-08 | Motorola, Inc. | Method and apparatus for authentication of mobile devices |
US20060094401A1 (en) * | 2004-10-29 | 2006-05-04 | Eastlake Donald E Iii | Method and apparatus for authentication of mobile devices |
WO2006050200A2 (en) * | 2004-10-29 | 2006-05-11 | Motorola, Inc. | Method and apparatus for authentication of mobile devices |
EP1657943A1 (en) * | 2004-11-10 | 2006-05-17 | Alcatel | A method for ensuring secure access to a telecommunication system comprising a local network and a PLMN |
US7394800B2 (en) | 2005-06-30 | 2008-07-01 | Intel Corporation | Reservation with access points |
WO2007005588A1 (en) * | 2005-06-30 | 2007-01-11 | Intel Corporation | Reservation with access points |
US20070097934A1 (en) * | 2005-11-03 | 2007-05-03 | Jesse Walker | Method and system of secured direct link set-up (DLS) for wireless networks |
US20100070767A1 (en) * | 2005-11-03 | 2010-03-18 | Intel Corporation | Method and system of secured direct link set-up (DLS) for wireless networks |
US7995546B2 (en) | 2005-11-03 | 2011-08-09 | Intel Corporation | Method and system of secured direct link set-up (DLS) for wireless networks |
EP2988471A1 (en) * | 2005-11-03 | 2016-02-24 | Intel Corporation | Method, system and readable medium for setting up secure direct links between wireless network stations using direct link set-up (dls) protocol |
US9380457B2 (en) | 2005-11-03 | 2016-06-28 | Intel Corporation | Method and system of secured direct link set-up (DLS) for wireless networks |
WO2007056103A1 (en) * | 2005-11-03 | 2007-05-18 | Intel Corporation | Method, system and readable medium for setting up secure direct links between wireless network stations using direct link set-up (dls) protocol |
US20070263873A1 (en) * | 2006-05-15 | 2007-11-15 | Qi Emily H | Methods and apparatus for a keying mechanism for end-to-end service control protection |
WO2007134227A1 (en) * | 2006-05-15 | 2007-11-22 | Intel Corporation | Methods and apparatus for a keying mechanism for end-to-end service control protection |
US7945053B2 (en) | 2006-05-15 | 2011-05-17 | Intel Corporation | Methods and apparatus for a keying mechanism for end-to-end service control protection |
US8542838B2 (en) * | 2006-07-12 | 2013-09-24 | Huawei Technologies Co., Ltd. | Method and system for generating and distributing mobile IP key |
US20090116651A1 (en) * | 2006-07-12 | 2009-05-07 | Huawei Technologies Co., Ltd. | Method and system for generating and distributing mobile ip key |
US9271319B2 (en) | 2006-08-24 | 2016-02-23 | Unify Gmbh & Co. Kg | Method and arrangement for providing a wireless mesh network |
US9560008B2 (en) | 2006-08-24 | 2017-01-31 | Unify Gmbh & Co. Kg | Method and arrangement for providing a wireless mesh network |
US20090279518A1 (en) * | 2006-08-24 | 2009-11-12 | Rainer Falk | Method and arrangement for providing a wireless mesh network |
US8811242B2 (en) * | 2006-08-24 | 2014-08-19 | Unify Gmbh & Co. Kg | Method and arrangement for providing a wireless mesh network |
US9820252B2 (en) | 2006-08-24 | 2017-11-14 | Unify Gmbh & Co. Kg | Method and arrangement for providing a wireless mesh network |
US9209969B2 (en) * | 2007-06-15 | 2015-12-08 | Koolspan, Inc. | System and method of per-packet keying |
US20110138170A1 (en) * | 2007-06-15 | 2011-06-09 | Koolspan, Inc. | System and method of per-packet keying |
US9008312B2 (en) | 2007-06-15 | 2015-04-14 | Koolspan, Inc. | System and method of creating and sending broadcast and multicast data |
US20090136032A1 (en) * | 2007-11-26 | 2009-05-28 | Kyocera Mita Corporation | Image reading apparatus and image forming apparatus |
US20110199997A1 (en) * | 2008-11-04 | 2011-08-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for determining resource indices |
US8331305B2 (en) | 2008-11-04 | 2012-12-11 | Huawei Technologies Co., Ltd. | Method, apparatus and system for determining resource indices |
US9826398B2 (en) | 2012-05-23 | 2017-11-21 | Huawei Technologies Co., Ltd. | Secure establishment method, system and device of wireless local area network |
EP3503496A1 (en) * | 2012-05-23 | 2019-06-26 | Huawei Technologies Co., Ltd. | Secure establishment method, system and decive of a wireless local area network |
EP2854329A4 (en) * | 2012-05-23 | 2015-07-15 | Huawei Tech Co Ltd | Method, system, and device for securely establishing wireless local area network |
US10687213B2 (en) | 2012-05-23 | 2020-06-16 | Huawei Technologies Co., Ltd. | Secure establishment method, system and device of wireless local area network |
US20170338959A1 (en) * | 2014-11-17 | 2017-11-23 | Samsung Electronics Co., Ltd. | Method and apparatus for providing service on basis of identifier of user equipment |
US10862684B2 (en) * | 2014-11-17 | 2020-12-08 | Samsung Electronics Co., Ltd. | Method and apparatus for providing service on basis of identifier of user equipment |
CN108075896A (en) * | 2016-11-11 | 2018-05-25 | 华为国际有限公司 | Use the system and method for the cryptography structure Self-certified message based on mark |
EP3916600A1 (en) * | 2020-05-27 | 2021-12-01 | Mettler-Toledo (Albstadt) GmbH | Method for operating an electronic data processing system and electronic data processing system |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7190793B2 (en) | Key generation in a communication system | |
US8094821B2 (en) | Key generation in a communication system | |
US8630414B2 (en) | Inter-working function for a communication system | |
US20030236980A1 (en) | Authentication in a communication system | |
KR101068426B1 (en) | Inter-working function for a communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: QUALCOMM INCORPORATED A DELAWARE, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HSU, RAYMOND T.;REEL/FRAME:013057/0933 Effective date: 20020620 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |