Enhanced security design for cryptography in mobile communication systems
First Claim
1. A method of enhancing security for protected communication based on a key agreement procedure in a mobile communications network serving a mobile terminal having at least one basic cryptographic security algorithm, said method comprising the steps of:
- selecting an enhanced version of a basic cryptographic security algorithm for communication between the mobile terminal and the network side;
modifying a basic security key resulting from the key agreement procedure in dependence on information representative of the selected algorithm to generate an algorithm-specific security key;
applying the basic cryptographic security algorithm with the algorithm-specific security key as key input to enhance security for protected communication in said mobile communications network.
1 Assignment
0 Petitions
Accused Products
Abstract
A basic idea according to the invention is to enhance or update the basic cryptographic security algorithms by an algorithm-specific modification of the security key information generated in the normal key agreement procedure of the mobile communication system. For communication with the mobile terminal, the network side normally selects an enhanced version of one of the basic cryptographic security algorithms supported by the mobile, and transmits information representative of the selected algorithm to the mobile terminal. The basic security key resulting from the key agreement procedure (AKA, 10) between the mobile terminal and the network is then modified (22) in dependence on the selected algorithm to generate an algorithm-specific security key. The basic security algorithm (24) is then applied with this algorithm-specific security key as key input to enhance security for protected communication in the mobile communications network.
57 Citations
41 Claims
-
1. A method of enhancing security for protected communication based on a key agreement procedure in a mobile communications network serving a mobile terminal having at least one basic cryptographic security algorithm, said method comprising the steps of:
-
selecting an enhanced version of a basic cryptographic security algorithm for communication between the mobile terminal and the network side;
modifying a basic security key resulting from the key agreement procedure in dependence on information representative of the selected algorithm to generate an algorithm-specific security key;
applying the basic cryptographic security algorithm with the algorithm-specific security key as key input to enhance security for protected communication in said mobile communications network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An arrangement for enhancing security for protected communication based on a key agreement procedure in a mobile communications network serving a mobile terminal having at least one basic security algorithm, said arrangement comprising:
-
means for selecting an enhanced version of a basic cryptographic security algorithm for communication between the mobile terminal and the network side;
means for modifying a basic security key resulting from the key agreement procedure in dependence on information representative of the selected algorithm to generate an algorithm-specific security key; and
means for applying the basic cryptographic security algorithm with the algorithm-specific security key as key input to enhance security for protected communication in said mobile communications network. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A mobile terminal for operation in a mobile communications network, said mobile terminal comprising:
-
authentication and key agreement (AKA) functionality;
an engine for a basic cryptographic security algorithm;
means for modifying a basic security key from said AKA functionality in response to information representative of a selected cryptographic security algorithm to generate an algorithm-specific security key for input to said basic cryptographic security algorithm engine to enhance security for protected communication in said mobile communications network. - View Dependent Claims (33, 34, 35)
-
-
36. A network node for operation in a mobile communications network that supports at least one basic cryptographic security algorithm, said network node comprising:
means for deriving an algorithm-specific security key corresponding to an enhanced version of the basic cryptographic security algorithm for input to the basic cryptographic security algorithm to enhance security for protected communication in said mobile communications network. - View Dependent Claims (37, 38, 39, 40, 41)
Specification