P
US9270672B2ActiveUtilityPatentIndex 71

Performing a group authentication and key agreement procedure

Assignee: HOLTMANNS SILKEPriority: May 26, 2011Filed: May 26, 2011Granted: Feb 23, 2016
Est. expiryMay 26, 2031(~4.9 yrs left)· nominal 20-yr term from priority
Inventors:HOLTMANNS SILKEZHANG DA JIANG
H04L 63/0869H04W 4/70H04L 63/104H04L 63/065H04W 12/04H04W 4/005H04W 12/06H04W 12/0431H04W 12/0433H04W 12/041H04W 12/069
71
PatentIndex Score
3
Cited by
16
References
18
Claims

Abstract

Provided are a method, a corresponding apparatus and a computer program product for performing a group authentication and key agreement procedure. A method comprises initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; and performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure. With the claimed invention, the impact of the signaling overhead on a network can be significantly decreased without substantive modification to the existing architecture of the network.

Claims

exact text as granted — not AI-modified
The invention claimed is:  
     
       1. A method, comprising:
 initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; 
 performing mutual authentication between the master device and the authentication entity based upon the shared group key; 
 performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and 
 in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually. 
 
     
     
       2. The method as recited in  claim 1 , wherein the master device is selected by an owner of the group of devices, owner of the master device or a network operator. 
     
     
       3. The method as recited in  claim 1 , wherein a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs. 
     
     
       4. The method as recited in  claim 1 , wherein the performing mutual authentication is based upon a challenge-response authentication procedure. 
     
     
       5. The method as recited in  claim 1 , further comprising:
 sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure. 
 
     
     
       6. The method as recited in  claim 1 , further comprising:
 generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key. 
 
     
     
       7. The method as recited in  claim 6 , wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device. 
     
     
       8. The method as recited in  claim 7 , wherein the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key. 
     
     
       9. An apparatus, comprising:
 at least one processor, and 
 at least one memory including computer program code, 
 the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform: 
 initiating, by the apparatus in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; 
 performing mutual authentication between the apparatus and the authentication entity based upon the shared group key; 
 performing mutual authentication between the authenticated apparatus and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and 
 in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually. 
 
     
     
       10. The apparatus as recited in  claim 9 , wherein the apparatus is selected by an owner of the group of devices, owner of the apparatus or a network operator. 
     
     
       11. The apparatus as recited in  claim 9 , wherein a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs. 
     
     
       12. The apparatus as recited in  claim 9 , wherein the performing mutual authentication is based upon a challenge-response authentication procedure. 
     
     
       13. The apparatus as recited in  claim 9 , wherein the apparatus is further caused to perform:
 sending to the authentication entity a message regarding results of the group authentication and key agreement procedure. 
 
     
     
       14. The apparatus as recited in  claim 9 , wherein the apparatus is further caused to perform:
 generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key. 
 
     
     
       15. The apparatus as recited in  claim 14 , wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device. 
     
     
       16. The apparatus as recited in  claim 15 , wherein the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key. 
     
     
       17. The apparatus as recited in  claim 9 , wherein the apparatus is a master device for a group of devices. 
     
     
       18. A non-transitory computer readable medium storing a program of instructions, execution of which by at least one processor configures an apparatus to perform at least:
 initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; 
 performing mutual authentication between the master device and the authentication entity based upon the shared group key; 
 performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and 
 in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.