Securing peer-to-peer and group communications
US-2016065362-A1 · Mar 3, 2016 · US
Authentication and key agreement in communication network
US2018376318A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018376318-A1 |
| Application number | US-201516062581-A |
| Country | US |
| Kind code | A1 |
| Filing date | Dec 24, 2015 |
| Priority date | Dec 24, 2015 |
| Publication date | Dec 27, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for authentication and key agreement in a communication network is disclosed. In the method, a network node generates a common public key and a master secret key, assigns to a first user equipment a first set of one or more pseudonym identifications corresponding to a real identity of the first user equipment, the common public key and a first private key specific to the first user equipment, and assigns to a second user equipment a second set of one or more pseudonym identifications corresponding to a real identity of the second user equipment, the common public key and a second private key specific to the second user equipment. In response to a request for establishing a communication session between the first user equipment with a first pseudonym identification and the second user equipment with a second pseudonym identification, the network node generates a first intermediate key for the first user equipment based on the common public key and a second secret key shared between the second user equipment and the network node, and a second intermediate key for the second user equipment based on the common public key and a first secret key shared between the first user equipment and the network node. Upon successfully authenticate each other based on the common public key, the first and second user equipments generate a session key to be used for securing the communication session based on the first and second intermediate keys respectively.
First claim
Opening claim text (preview).
1 - 40 . (canceled) 41 . A method comprising: generating, at a network node, a common public key and a master secret key; assigning, to a first user equipment, a first set of one or more pseudonym identifications corresponding to a real identity of the first user equipment, the common public key and a first private key specific to the first user equipment; assigning, to a second user equipment, a second set of one or more pseudonym identifications corresponding to a real identity of the second user equipment, the common public key and a second private key specific to the second user equipment; and generating, in response to a request for establishing a communication session between the first user equipment with a first pseudonym identification and the second user equipment with a second pseudonym identification, a first intermediate key for the first user equipment based on the common public key and a second secret key shared between the second user equipment and the network node, and a second intermediate key for the second user equipment based on the common public key and a first secret key shared between the first user equipment and the network node, the first and second intermediate keys being used by the first and second user equipment respectively to generate a session key to be used for securing the communication session upon the first and second user equipment successfully authenticate each other based on the common public key. 42 . The method according to claim 41 , wherein the first private key is generated based on the real identity of the first user equipment, the common public key and the master secret key, and wherein the second private key is generated based on the real identity of the second user equipment, the common public key and the master secret key. 43 . The method according to claim 41 , wherein generating the first and second intermediate keys comprises: generating a random number; performing exponentiation calculation on the common public key with an exponent being a product of the second secret key and the random number, to generate the first intermediate key; and performing exponentiation calculation on the common public key with an exponent being a product of the first secret key and the random number, to generate the second intermediate key. 44 . The method according to claim 41 , wherein the first pseudonym identification is selected from the first set of pseudonym identifications of the first user equipment, and wherein the second pseudonym identification is selected from the second set of pseudonym identifications of the second user equipment. 45 . The method according to claim 41 , wherein the assignment to the first user equipment is performed during registration of the first user equipment with the network node, and the assignment to the second user equipment is performed during registration of the second user equipment with the network node. 46 . The method according to claim 41 , further comprising: receiving a message and a signature on the message; verifying validity of the signature based on the common public key; and recovering a real identity of a signer from the valid signature based on the master secret key. 47 . An apparatus comprising: at least one processor; and memory storing a program of instructions; wherein the memory storing the program of instructions is configured to, with the at least one processor, cause the apparatus to at least: generate a common public key and a master secret key; assign, to a first user equipment, a first set of one or more pseudonym identifications corresponding to a real identity of the first user equipment, the common public key and a first private key specific to the first user equipment; assign, to a second user equipment, a second set of one or more pseudonym identifications corresponding to a real identity of the second user equipment, the common public key and a second private key specific to the second user equipment; and generate, in response to a request for establishing a communication session between the first user equipment with a first pseudonym identification and the second user equipment with a second pseudonym identification, a first intermediate key for the first user equipment based on the common public key and a second secret key shared between the second user equipment and the apparatus, and a second intermediate key for the second user equipment based on the common public key and a first secret key shared between the first user equipment and the apparatus, the first and second intermediate keys being used by the first and second user equipment respectively to generate a session key to be used for securing the communication session upon the first and second user equipment successfully authenticate each other based on the common public key. 48 . The apparatus according to claim 47 , wherein the first private key is generated based on the real identity of the first user equipment, the common public key and the master secret key, and wherein the second private key is generated based on the real identity of the second user equipment, the common public key and the master secret key. 49 . The apparatus according to claim 47 , wherein the memory storing the program of instructions is configured to, with the at least one processor, cause the apparatus to: generate a random number; perform exponentiation calculation on the common public key with an exponent as a product of the second secret key and the random number, to generate the first intermediate key; and perform exponentiation calculation on the common public key with an exponent as a product of the first secret key and the random number, to generate the second intermediate key. 50 . The apparatus according to claim 47 , wherein the first pseudonym identification is selected from the first set of pseudonym identifications of the first user equipment, and wherein the second pseudonym identification is selected from the second set of pseudonym identifications of the second user equipment. 51 . The apparatus according to claim 47 , wherein the assignment to the first user equipment is performed during registration of the first user equipment with the apparatus, and the assignment to the second user equipment is performed during registration of the second user equipment with the apparatus. 52 . The apparatus according to claim 47 , wherein the memory storing the program of instructions is further configured to, with the at least one processor, cause the apparatus to at least: maintain a correspondence between a real identity and a set of pseudonym identifications for a user equipment. 53 . An apparatus comprising: at least one processor; and memory storing a program of instructions; wherein the memory storing the program of instructions is configured to, with the at least one processor, cause the apparatus to at least: obtain, from a network node, a set of one or more pseudonym identifications corresponding to a real identity of the apparatus, a common public key and a first private key specific to the apparatus; send a request for establishing a communication session between the apparatus with a first pseudonym identification and a user equipment with a second pseudonym identification; receive, from the network node, a first intermediate key for the apparatus; perform authentication with the user equipment based on the common public key; and generate a session key to be used for securing the communication session based on the first intermediate key upon the successful authentication. 54 . The apparatus according to claim 53 , whe
Assignees
Inventors
Classifications
Discovery of network devices, e.g. terminals · CPC title
- H04W8/04Primary
Registration at HLR or HSS [Home Subscriber Server] · CPC title
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
using group based signatures, e.g. ring or threshold signatures · CPC title
involving public key infrastructure [PKI] trust models (network architecture or network communication protocol for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018376318A1 cover?
- A method for authentication and key agreement in a communication network is disclosed. In the method, a network node generates a common public key and a master secret key, assigns to a first user equipment a first set of one or more pseudonym identifications corresponding to a real identity of the first user equipment, the common public key and a first private key specific to the first user equ…
- Who is the assignee on this patent?
- Nokia Technologies Oy
- What technology area does this patent fall under?
- Primary CPC classification H04W8/04. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).