Enhanced security design for cryptography in mobile communication systems

US 20050111666A1
Filed: 09/10/2004
Published: 05/26/2005
Est. Priority Date: 09/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method of enhancing security for protected communication based on a key agreement procedure in a mobile communications network serving a mobile terminal having at least one basic cryptographic security algorithm, said method comprising the steps of:

selecting an enhanced version of a basic cryptographic security algorithm for communication between the mobile terminal and the network side;

modifying a basic security key resulting from the key agreement procedure in dependence on information representative of the selected algorithm to generate an algorithm-specific security key;

applying the basic cryptographic security algorithm with the algorithm-specific security key as key input to enhance security for protected communication in said mobile communications network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A basic idea according to the invention is to enhance or update the basic cryptographic security algorithms by an algorithm-specific modification of the security key information generated in the normal key agreement procedure of the mobile communication system. For communication with the mobile terminal, the network side normally selects an enhanced version of one of the basic cryptographic security algorithms supported by the mobile, and transmits information representative of the selected algorithm to the mobile terminal. The basic security key resulting from the key agreement procedure (AKA, 10) between the mobile terminal and the network is then modified (22) in dependence on the selected algorithm to generate an algorithm-specific security key. The basic security algorithm (24) is then applied with this algorithm-specific security key as key input to enhance security for protected communication in the mobile communications network.

57 Citations

View as Search Results

41 Claims

1. A method of enhancing security for protected communication based on a key agreement procedure in a mobile communications network serving a mobile terminal having at least one basic cryptographic security algorithm, said method comprising the steps of:
- selecting an enhanced version of a basic cryptographic security algorithm for communication between the mobile terminal and the network side;
  
  modifying a basic security key resulting from the key agreement procedure in dependence on information representative of the selected algorithm to generate an algorithm-specific security key;
  
  applying the basic cryptographic security algorithm with the algorithm-specific security key as key input to enhance security for protected communication in said mobile communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein said step of selecting an enhanced version of a basic cryptographic security algorithm is performed on the network side, and said method further comprises the step of transmitting information representative of the selected algorithm to the mobile terminal.
  - 3. The method of claim 1, wherein said step of selecting an enhanced version of a basic cryptographic security algorithm is based on an agreement between said mobile terminal and said network.
  - 4. The method of claim 1, wherein said steps of modifying a basic security key and applying the basic cryptographic security algorithm with the algorithm-specific key as key input are performed both on the network side and at the mobile terminal.
  - 5. The method of claim 1, wherein the basic security algorithm together with the algorithm-specific modification of said basic security key correspond to the enhanced version of the security algorithm.
  - 6. The method of claim 1, wherein said mobile terminal modifies the basic security key resulting from the key agreement procedure in dependence on said information representative of the selected algorithm, and forwards the modified security key to a cryptographic engine for the basic security algorithm in said mobile terminal.
  - 7. The method of claim 1, wherein said information representative of the selected algorithm is an algorithm identifier identifying the selected enhanced version of the security algorithm.
  - 8. The method of claim 1, wherein said step of selecting an enhanced version of the security algorithm is based on a list of supported algorithms from the mobile terminal and a list of algorithms allowed by the network.
  - 9. The method of claim 1, wherein said security algorithms are configured for at least one of data confidentiality, data integrity and authentication.
  - 10. The method of claim 9, wherein said security algorithms are configured for encrypted communication in said mobile communications network.
  - 11. The method of claim 1, further comprising the steps of:
    - said network side embedding replay protection information into a random challenge (RAND) used for authentication and key agreement with the mobile terminal;
      
      said mobile terminal extracting said replay protection information from said random challenge; and
      
      said mobile terminal performing a replay protection check based on the extracted replay protection information.
  - 12. The method of claim 11, wherein said replay protection information is counter-based or time-based.
  - 13. The method of claim 1, further comprising the steps of:
    - said network side generating key-dependent authentication information at least partly based on a secret key shared between the mobile terminal and the network side;
      
      said network side embedding said key-dependent authentication information into the random challenge (RAND) used for authentication and key agreement with the mobile terminal;
      
      said mobile terminal extracting said key-dependent authentication information from said random challenge; and
      
      said mobile terminal checking said key-dependent authentication information at least partly based on said shared secret key to verify network authenticity.
  - 14. The method of claim 13, wherein said steps of generating key-dependent authentication information and checking said key-dependent authentication information are performed based at least partly on a random value initiated from the network side and a key locally derived from said shared secret key, said random value being embedded into said random challenge (RAND) together with said key-dependent authentication information.
  - 15. The method of claim 13, wherein said steps of generating key-dependent authentication information and checking said key-dependent authentication information are performed based at least partly on said shared secret key and at least one information item, said at least one information item being embedded into said random challenge (RAND) together with said key-dependent authentication information, thereby integrity protecting said at least one information item.
  - 16. The method of claim 15, wherein said at least one information item includes replay protection information.
  - 17. The method of claim 15, wherein said step of selecting an enhanced version of the security algorithm is performed by a visited network, said at least one information item includes information on security algorithms allowed by a home network of the mobile terminal, and said mobile terminal checks whether the security algorithm selected by the visited network is allowed by the home network.
  - 18. The method of claim 1, wherein said step of modifying a basic security key is performed based on a software-implemented cryptographic modify function responsive to the basic security key and information representative of the selected algorithm.

19. An arrangement for enhancing security for protected communication based on a key agreement procedure in a mobile communications network serving a mobile terminal having at least one basic security algorithm, said arrangement comprising:
- means for selecting an enhanced version of a basic cryptographic security algorithm for communication between the mobile terminal and the network side;
  
  means for modifying a basic security key resulting from the key agreement procedure in dependence on information representative of the selected algorithm to generate an algorithm-specific security key; and
  
  means for applying the basic cryptographic security algorithm with the algorithm-specific security key as key input to enhance security for protected communication in said mobile communications network.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 20. The arrangement of claim 19, wherein said selecting means comprises means for selecting, on the network side, said enhanced version of a basic cryptographic security algorithm for communication with the mobile terminal, and said arrangement further comprises means for transmitting information representative of the selected algorithm to the mobile terminal.
  - 21. The arrangement of claim 19, wherein said selecting means comprises means for negotiating between said mobile terminal and said network to select an enhanced version of a basic cryptographic security algorithm.
  - 22. The arrangement of claim 19, wherein said means for modifying a basic security key and said means for applying the basic cryptographic security algorithm with the algorithm-specific security key as key input are implemented both on the network side and at the mobile terminal.
  - 23. The arrangement of claim 19, wherein the basic security algorithm together with the algorithm-specific modification of said basic security key correspond to the enhanced version of the security algorithm.
  - 24. The arrangement of claim 19, wherein said mobile terminal is operable for modifying the basic security key resulting from the key agreement procedure in dependence on the information representative of the selected algorithm, and for forwarding the modified security key to a cryptographic engine for the basic security algorithm.
  - 25. The arrangement of claim 19, wherein said means for selecting an enhanced version of the security algorithm operates based on a list of supported algorithms from the mobile terminal and a list of algorithms allowed by the network.
  - 26. The arrangement of claim 20, wherein a network node is operable for selecting an enhanced version of a basic security algorithm and modifying the security key on the network side, and for communicating information representative of the selected algorithm to the mobile terminal.
  - 27. The arrangement of claim 20, wherein a first network node is operable for calculating, for each of a plurality of cryptographic security algorithms, an algorithm-specific security key and for transferring the calculated set of algorithm-specific security keys to a second network node, said second network node being operable for selecting an enhanced version of a basic security algorithm and for extracting a security key from said set of algorithm-specific security keys.
  - 28. The arrangement of claim 19, wherein said security algorithms are configured for encrypted communication in said mobile communications network.
  - 29. The arrangement of claim 19, further comprising:
    - means for embedding, on the network side, replay protection information into a random challenge (RAND) used for authentication and key agreement with the mobile terminal;
      
      means for extracting, at said mobile terminal, said replay protection information from said random challenge; and
      
      means for performing, at said mobile terminal, a replay protection check based on the extracted replay protection information.
  - 30. The arrangement of claim 19, further comprising:
    - means for generating, on the network side, key-dependent authentication information at least partly based on a secret key shared between the mobile terminal and the network side;
      
      means for embedding, on the network side, said key-dependent authentication information into the random challenge (RAND) used for authentication and key agreement with the mobile terminal;
      
      means for extracting, at said mobile terminal, said key-dependent authentication information from said random challenge; and
      
      means for checking, at said mobile terminal, said key-dependent authentication information at least partly based on said shared secret key to verify network authenticity.
  - 31. The arrangement of claim 19, wherein said means for modifying a basic security key is provided as a software upgrade.

32. A mobile terminal for operation in a mobile communications network, said mobile terminal comprising:
- authentication and key agreement (AKA) functionality;
  
  an engine for a basic cryptographic security algorithm;
  
  means for modifying a basic security key from said AKA functionality in response to information representative of a selected cryptographic security algorithm to generate an algorithm-specific security key for input to said basic cryptographic security algorithm engine to enhance security for protected communication in said mobile communications network.
- View Dependent Claims (33, 34, 35)
- - 33. The mobile terminal of claim 32, wherein the selected security algorithm is an enhanced version of the basic cryptographic security algorithm, and the enhanced version of the basic security algorithm is selected from the network side, and said mobile terminal is operable for receiving information representative of the selected algorithm from the network side.
  - 34. The mobile terminal of claim 32, wherein the basic cryptographic security algorithm together with the modification of said basic security key into an algorithm-specific security key correspond to an improved cryptographic security algorithm.
  - 35. The mobile terminal of claim 32, wherein said means for modifying a basic security key is provided as a software upgrade in the mobile terminal.

36. A network node for operation in a mobile communications network that supports at least one basic cryptographic security algorithm, said network node comprising:
- means for deriving an algorithm-specific security key corresponding to an enhanced version of the basic cryptographic security algorithm for input to the basic cryptographic security algorithm to enhance security for protected communication in said mobile communications network.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The network node of claim 36, further comprising means for selecting said enhanced version of a basic cryptographic security algorithm for protected communication with a mobile terminal.
  - 38. The network node of claim 37, wherein said means for deriving an algorithm-specific security key comprises means for modifying a basic security key resulting from a key agreement procedure in said mobile communications network in dependence on information representative of the selected algorithm.
  - 39. The network node of claim 38, wherein said means for modifying a basic security key is provided as a software upgrade in the network node.
  - 40. The network node of claim 36, wherein said means for deriving an algorithm-specific security key comprises means for selecting a security key from a pre-calculated set of algorithm-specific security keys corresponding to a plurality of security algorithms.
  - 41. The network node of claim 37, further comprising means for communicating algorithm-specific information corresponding to the selected algorithm to the mobile terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Arkko, Jari, Blom, Rolf, Mats, Naslund

Granted Patent

US 7,660,417 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0844   with user authentication or...

H04L 9/3273   for mutual authentication n...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/037   of the control plane, e.g. ...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

Enhanced security design for cryptography in mobile communication systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced security design for cryptography in mobile communication systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links