[go: up one dir, main page]

WO2018206139A1 - Authentication exchange for wireless networks using variable expected response lengths - Google Patents

Authentication exchange for wireless networks using variable expected response lengths Download PDF

Info

Publication number
WO2018206139A1
WO2018206139A1 PCT/EP2017/083440 EP2017083440W WO2018206139A1 WO 2018206139 A1 WO2018206139 A1 WO 2018206139A1 EP 2017083440 W EP2017083440 W EP 2017083440W WO 2018206139 A1 WO2018206139 A1 WO 2018206139A1
Authority
WO
WIPO (PCT)
Prior art keywords
response
variable
length
network node
expected response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2017/083440
Other languages
French (fr)
Inventor
Pasi SAARINEN
Prajwol Kumar NAKARMI
Christine Jost
John Mattson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Publication of WO2018206139A1 publication Critical patent/WO2018206139A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Definitions

  • the present disclosure relates to a method for authentication exchange, as well as a home network node, a visited network node, a wireless terminal, a computer program and a computer program product thereof.
  • a wireless terminal and a radio communication network engage in an authentication exchange to exchange information for authenticating the wireless terminal before the network.
  • the wireless terminal is challenged by the network to provide a response that matches or otherwise corresponds to a response that the network expects for authentication.
  • the expected response may be for instance based on a shared secret between the wireless terminal and the network. Challenges nonetheless exist, though, in guarding against a malicious wireless terminal or network being able to provide a response that corresponds to the expected response, even though the malicious terminal or network does not possess the shared secret.
  • the expected response that the network expects for authentication is made to be shorter in length than the response which a wireless terminal is to provide for such authentication. This may for example advantageously guard against an unauthentic wireless terminal or network being able to provide a response that corresponds to the expected response.
  • embodiments herein include a method for authentication exchange in a radio communication network.
  • the method is performed by a home network node of the radio communication network.
  • the method comprises determining a variable response that has a first length, and determining a variable expected response based on a one-way function that includes the determined variable response and a random number as inputs to the one-way function.
  • the variable expected response has a second length shorter than the first length.
  • the method further comprises receiving from a visited network node an authentication information request that requests information for verifying authentication of a wireless terminal.
  • the method may also comprise sending the determined variable expected response to the visited network node, in response to the received
  • the method may further comprise receiving a confirmation of verified authentication from the visited network node.
  • the confirmation includes a variable response based on which the visited network node verified authentication of a wireless terminal.
  • the method may further comprise verifying whether the variable response included in the confirmation corresponds to the determined variable response included as an input to the one-way function.
  • the second length is half the length of the first length.
  • the difference in length between the first length and the second length is at least 16 bits.
  • determining the variable response comprises determining an output of a function and truncating the output to have the first length.
  • the variable response is an output of another one-way function, wherein the output of the another one-way function has the first length.
  • determining the variable expected response comprises determining an output of the one-way function and truncating the output to have the second length. In other embodiments, the determined variable expected response is an output of the one-way function, wherein the output of the one-way function has the second length. In still other embodiments, determining the variable expected response comprises determining a first output of the one-way function and determining a second output of another one-way function, with the first output included as an input to the another one-way function, wherein the second output has the second length.
  • the determined variable response is determined based on a function that includes a response and a first random number as inputs to the function, wherein the one-way function includes the determined variable response and a second random number as inputs to the one-way function, the determined variable response is determined based on a function that includes a response and a first random number as inputs to the function, wherein the one-way function includes the determined variable response and a second random number as inputs to the one-way function.
  • the authentication exchange is for or based on Authentication and Key Agreement, AKA, wherein the variable response is a variable result RES * , wherein the response is a result RES, and wherein the variable expected response is a variable expected result HXRES * .
  • the KDF may include as inputs a cipher key, an integrity key, the response, a serving network name, and the first random number.
  • the function based on which the variable response is determined is a key derivation function, KDF.
  • the one-way function based on which the variable expected response is determined is a hashing function.
  • the method is performed by a visited network node of the radio communication network.
  • the method comprises receiving a variable expected response from a home network node.
  • the method also comprises receiving from a wireless terminal a variable response that has a first length.
  • the method also comprises determining an expected response, based on the received variable response, wherein the determined expected response has a second length that is shorter than the first length of the received variable response.
  • the method further comprises validating the determined expected response with the received variable expected response.
  • the method further comprises verifying or not verifying authentication of the wireless terminal depending on whether or not the determined expected response is validated.
  • the method further comprises, after verifying authentication of the wireless terminal, sending a confirmation of verified authentication from the visited network node to the home network node.
  • the confirmation may include the received variable response.
  • the method further comprises sending to the home network node an authentication information request that requests information for verifying authentication of the wireless terminal, and wherein the variable expected response is received from the home network node in response to the authentication information request.
  • the second length is half the length of the first length.
  • the difference in length between the first length and the second length is at least 16 bits.
  • determining the expected response comprises determining the expected response based on a one-way function that includes the received variable response and a random number as inputs to the one-way function.
  • determining the expected response comprises determining an output of the one-way function and truncating the output to have the second length. In other embodiments, the determined expected response is an output of the one-way function, wherein the output of the one-way function has the second length. In yet other embodiments, determining the expected response comprises determining a first output of the one-way function and determining a second output of another one-way function, with the first output included as an input to the another one-way function, wherein the second output has the second length.
  • the one-way function based on which the expected response is determined is a hashing function.
  • the authentication exchange is for Authentication and Key Agreement, AKA, wherein the variable response is a variable result RES * , wherein the variable expected response is a variable expected result HXRES * , and wherein the determined expected response is a determined expected result HRES * .
  • Embodiments herein further include a method for authentication exchange in a radio communication network.
  • the method is performed by a wireless terminal of the radio communication network.
  • the method comprises determining a variable response that has a first length.
  • the method also comprises sending the variable response to a visited network node for authentication of the wireless terminal based on an expected response that is determinable from the variable response, wherein the first length of the variable response is longer than a second length of the expected response.
  • the method further comprises sending an attach request to the visited network node and receiving a first random number in response to the attach request, and wherein determining the variable response comprises determining the variable response based on the first random number.
  • determining the variable response comprises determining the variable response based on a function that includes a response and a first random number as inputs to the function.
  • determining the variable response comprises determining an output of a function and truncating the output to have the first length.
  • Embodiments also include corresponding apparatus, computer programs, and computer readable mediums.
  • embodiments include a home network node for authentication exchange in a radio communication network.
  • the home network node is configured to determine a variable response that has a first length, and determine a variable expected response based on a oneway function that includes the determined variable response and a random number as inputs to the one-way function.
  • the variable expected response has a second length shorter than the first length.
  • Embodiments also include a visited network node configured for use in a radio communication network.
  • the visited network node is configured to receive a variable expected response from a home network node and receive from a wireless terminal a variable response that has a first length.
  • the visited network node is configured to determine an expected response, based on the received variable response, wherein the determined expected response has a second length that is shorter than the first length of the received variable response.
  • the visited network node is configured to validate the determined expected response with the received variable expected response.
  • Embodiments further include a wireless terminal for authentication exchange in a radio communication network.
  • the wireless terminal is configured to determine a variable response that has a first length, and send the variable response to a visited network node for
  • Fig. 1A is a schematic diagram illustrating an environment where embodiments presented herein can be applied;
  • Fig. 1 B is a block diagram of a wireless communication network that includes a home network node, a visited network node, and a wireless terminal according to some embodiments;
  • Fig. 1 C is a block diagram of processing performed by a home network node according to some embodiments.
  • Fig. 1 D is a block diagram of processing performed by a wireless terminal according to some embodiments.
  • Fig. 2A is a logic flow diagram of a method performed by a home network node according to some embodiments
  • Fig. 2B is a logic flow diagram of a method performed by a visited network node according to some embodiments.
  • Fig. 2C is a logic flow diagram of a method performed by a wireless terminal according to some embodiments.
  • Fig. 3A is a block diagram of a home network node according to some embodiments
  • Fig. 3B is a block diagram of a home network node according to other embodiments
  • Fig. 4A is a block diagram of a visited network node according to some embodiments
  • Fig 4B is a block diagram of a visited network node according to other embodiments
  • Fig 5A is a block diagram of a wireless terminal according to some embodiments
  • Fig 5B is a block diagram of a wireless terminal according to other embodiments.
  • Fig 6 is a schematic signalling scheme, which has been discussed during
  • Figs. 7a-7c are flow chars illustrating methods for embodiments presented herein;
  • Fig. 8 is a schematic diagram illustrating some components of a network node presented herein;
  • Fig. 9 is a schematic diagram illustrating some components of a wireless terminal presented herein;
  • Fig. 10 is a schematic diagram showing functional modules of a network node presented herein.
  • Fig. 1 1 is a schematic diagram showing functional modules of a wireless terminal presented herein. DETAILED DESCRIPTION
  • FIG. 1 A schematically illustrates a communication network 4 wherein embodiments presented herein may be applied.
  • a wireless terminal (WT) 1 is wirelessly connectable to a base station 2.
  • the BS 2 is connected to a core network (CN) 3, which may in turn connect the wireless terminal 1 to one or more other networks such as the Internet or the public switched telephone network.
  • CN core network
  • the wireless terminal 1 and the network 4 may engage in an
  • authentication exchange to exchange information for authenticating the wireless terminal 1 before the network 4.
  • an authentication exchange such as for Authentication and Key
  • the wireless terminal 1 is challenged by the network 4 to provide a variable response that matches or otherwise corresponds to the variable response that the network 4 expects for authentication.
  • the variable expected response may be for instance based on a shared secret (e.g., a key) that is shared between the wireless terminal 1 and the network 4.
  • variable expected response that the network 4 expects for authentication is made to be shorter in length than the variable response which corresponds to that variable expected response. This may for example advantageously guard against a malicious wireless terminal or network being able to provide a variable response that corresponds to the variable expected response, even though the malicious terminal or network does not possess the shared secret.
  • Fig. 1 B illustrates one or more of these embodiments in a context where the wireless terminal's home network dictates the variable expected response that is expected for authentication of the terminal 1 , even if the wireless terminal 1 is served and authenticated by a visited network different than the home network.
  • a home network node 5 determines a variable expected response 6 based on which authentication of the wireless terminal 1 is to be performed.
  • the home network node 5 may for instance determine this variable expected response 6 based on a function 7, e.g., a one-way function such as a hashing function.
  • This function 7 may include, as an input, a variable response 8 that is to correspond to the variable expected response 6.
  • the function 7 may also include a random number 9 as an input to the function 7.
  • the variable response 8 has a first length L1 and the variable expected response 6 has a second length L2 that is shorter than the first length L1. That is, the variable expected response 6 is shorter in length than the variable response 8 which is to correspond to the variable expected response 6. This may
  • variable response 8 advantageously protect against reverse engineering of the variable response 8 based on knowledge of the variable expected response 6.
  • the home network node 5 may itself perform authentication of the wireless terminal 1 based on that variable expected response 6 if the home network is the serving network. As shown in Fig. 1 B, though, the home network node 5 may send the variable expected response 6 to a visited network node 10 of a visited network that serves the wireless terminal 1. The home network node 6 may do so for instance in response to receiving from the visited network node 10 an authentication information request that requests information for verifying authentication of the wireless terminal 1 . In any event, the visited network node 10 may then perform authentication of the wireless terminal 1 based on the variable expected response 6 received from the home network node 5.
  • the visited network node 10 may receive a variable response 1 1 from the wireless terminal 1 , e.g., in response to challenging the wireless terminal 1 to provide such a response after the wireless terminal 1 sent an attach request to the visited network node 10.
  • the visited network node 10 may then verify or not verify authentication of the wireless terminal 1 by checking whether or not the variable response 1 1 received from the wireless terminal 1 corresponds to the variable expected response 6 received from the home network node 5.
  • the visited network node 10 may perform determination 12 to determine an expected response 13 based on the variable response 1 1 received from the terminal 1 .
  • the visited network node 10 may for instance perform this determination 12 in a way corresponding to how the home network node 5 determined the variable expected response 6 as a function 7 of the variable response 8 which is to correspond to that variable expected response 6.
  • the visited network node 10 determines the expected response 13 as a function (e.g., a one-way function such as a hashing function) that includes as an input the variable response 1 1 received from the wireless terminal 1.
  • the function may also include as an input a random number, such as the same random number 9 that the home network node 5 used as input to function 7.
  • the determined expected response 13 likewise has a second length L2 that is shorter than a first length L1 of the variable response 1 1 received from the wireless terminal 1.
  • the visited network node 10 then performs validation 14 to validate the expected response 13 with the variable expected response 6.
  • the visited network node 10 may do so for instance by comparing the expected response 13 with the variable expected response 6, and make a decision 15 regarding whether or not the expected response is validated depending on whether or not the comparison reveals that the expected response 13 matches or otherwise corresponds with the variable expected response 6.
  • the visited network node 10 may then verify or not verify authentication of the wireless terminal 1 depending on whether or not the expected response 13 is validated.
  • the visited network node 10 after verifying authentication of the wireless terminal 1 , sends a confirmation 21 of verified authentication to the home network node 5.
  • the confirmation 21 may include the variable response 1 1 that the visited network node 10 received from the wireless terminal 1.
  • the home network node 5 may in some embodiments verify whether the variable response 1 1 included in the confirmation 21 matches or corresponds to the variable response 8 included as an input to the function 7, e.g., to confirm that the visited network node 10 authenticates a wireless terminal that is actually present rather than maliciously spoofing authentication.
  • the second length L2 of the variable expected response 6 being shorter than the first length L1 of the variable response 8/1 1 , some embodiments better protect against a visited network node maliciously spoofing authentication.
  • the second length L2 being shorter than the first length L1 makes it less likely that the visited network node 10 would be able to reverse engineer the variable response which is to correspond to the variable expected response 6 that the home network node 5 sends to the visited network node 10, e.g., by searching the input space of function 7 for the input value that produces the variable expected response 6 or by breaking the function 7. This means that it is less likely that the visited network node 10 would be able to include a reverse engineered variable response in the confirmation 21 it sends to the home network node 5.
  • variable expected response 6 is shorter than the first length L1 of the variable response 8/1 1 .
  • some embodiments better protect against the wireless terminal 1 responding with a reverse engineered variable response, e.g., rather than a variable response authentically generated based on a shared secret.
  • the second length L2 of the variable expected response 6 may be shorter than the first length L1 of the variable response 8/1 1 to any extent, e.g., by a single bit or by multiple bits. In some embodiments, such as where first length L1 of the variable response 8/1 1 is 128 bits, the second length L2 is shorter than the first length L1 by at least 16 bits. In alternative or additional embodiments, the second length L2 is half the length of the first length L2. In general, though, the second length L2 may be shorter than the first length L1 to an extent that reduces the likelihood of reverse engineering to a desired likelihood.
  • the second length L2 may not be so much shorter than the first length L1 that it reduces the possible values of the variable response 8/1 1 below a threshold, e.g., so as to unacceptably increase the likelihood that a randomly selected value for the variable response 8/1 1 would pass authentication.
  • variable expected response 6 and the variable response 8/1 1 may be determined in any number of ways.
  • the home network node 5 determines the variable response 8 by determining the output 8' of a function 16.
  • the function 16 may be for instance a key derivation function, KDF, or a one-way function such as a hashing function.
  • the output 8' of the function 16 already has the first length L1.
  • the output 8' of the function 16 may itself be the variable response 8.
  • the output 8' of the function 16 has a length that is longer than the first length L1 .
  • the home network node 5 may truncate 17 the output 8' to have the first length L1 .
  • the output 8' of the function 16 may be referred to as a full-length or untruncated version of the variable response 8.
  • the home network node 5 may determine the variable expected response 6 by determining the output 6' of the function 7.
  • the output 6' of the function 7 already has the second length L2.
  • the output 6' of the function 7 may itself be the variable expected response 6.
  • the output 6' of the function 7 has a length that is longer than the second length L2.
  • the home network node 5 may truncate 18 the output 6' to have the second length L2.
  • the output 6' of the function 7 may be referred to as a full-length or untruncated version of the variable expected response 6.
  • the output 6' of the function 7 may be included as an input to another function (not shown), with the output of that other function being the variable expected response 6 with the second length L2.
  • the other function may be for instance another one-way function.
  • the visited network node 10 may determine the expected response 13 by determining the output of a function (not shown), e.g., a one-way function such as a hashing function.
  • This function may correspond to function 7.
  • the output of the function already has the second length L2.
  • the output of the function may itself be the expected response 13.
  • the output of the function has a length that is longer than the second length L2.
  • the visited network node 10 may truncate the output to have the second length L2. In this sense, then, the output of the function may be referred to as a full-length or untruncated version of the expected response.
  • the output of the function may be included as an input to another function (not shown), with the output of that other function being the expected response 13 with the second length L2.
  • the other function may be for instance another one-way function.
  • Fig. 1 C shows additional details for how the home network node 5 determines the variable response 8 and the variable expected response 6 according to some embodiments.
  • the home network node 5 determines the variable response 8 based on a function 16 that includes a response 19 and a first random number 20 as inputs to the function 16.
  • the output of the function 16 is the variable response 8 itself.
  • the output 8' of the function 16 is truncated 17 to produce the variable response 8.
  • the variable response 8 and a second random number 9 are included as inputs to the function 7 (e.g., a one-way function such as a hashing function).
  • the output of the function 7 is the variable expected response 6 itself.
  • the output 6' of the function 7 is truncated 18 to produce the variable expected response 6.
  • the first and second random numbers 19, 9 are the same random numbers, whereas in other embodiments they may be different random numbers.
  • Fig. 1 D shows corresponding processing at the wireless terminal 1 in these
  • the wireless terminal 1 determines the variable response 1 1 based on a function 16 that includes a response 19 and a first random number 20 as inputs to the function 16.
  • the output of the function 16 is the variable response 1 1 itself.
  • the output 1 1 ' of the function 16 is truncated 17 to produce the variable response 1 1 with the first length L1 .
  • the authentication exchange herein is for or based on
  • the response 19 in Figs. 1 C and 1 D may be a result RES, e.g., as defined by AKA and/or 3GPP.
  • the result RES may be determined based on a function f1 that includes as inputs a random number RAND and a shared key K.
  • the variable response 8/1 1 may be a variable result RES * , e.g., as defined by AKA and/or 3GPP.
  • variable result RES * may be determined based on a key derivation function, KDF, that includes as inputs a cipher key (CK), an integrity key (IK), the result RES, a serving network name (SNN), and the random number RAND.
  • KDF key derivation function
  • the output of the KDF may be truncated to produce the variable result RES * .
  • the variable expected response 6 may be a variable expected result HXRES * .
  • the variable expected result HXRES * may be determined based on a hashing function H that includes as inputs the variable result RES * and a random number (e.g., the same RAND used to calculate RES * ).
  • the output of the hashing function H may be truncated to produce the variable expected result HXRES * .
  • the expected response 13 in Fig. 1 B may be an expected result HRES * , e.g., as defined by AKA and/or 3GPP.
  • the expected result HRES * may be determined based on a hashing function H that includes as inputs the variable result RES * received from the wireless terminal 1 and a random number (e.g., the same RAND used to calculate RES * ).
  • the output of the hashing function H may be truncated to produce the expected result HXRES * .
  • the expected result HRES * may be computed as
  • HRES * H(RES *
  • result RES and variable result RES * are to be determined in the same way at the home network node 5 and the wireless terminal 1 .
  • the result RES and variable result RES * may in some embodiments be simply referred to with different notation depending on where the determination occurs, i.e., at the home network node 5 or the wireless terminal 1.
  • the result RES may instead be denoted as XRES and the variable result RES * may instead be denoted as XRES * .
  • variable response 8/1 1 may be the result RES itself, instead of a variable result RES * , e.g., as defined by AKA and/or 3GPP.
  • the result RES may for instance be determined based on a function f1 that includes as inputs a random number RAND and a shared key K. That is, some embodiments herein may use an exact copy of the legacy RES for the variable response 8/1 1 and nonetheless still enhance security as compared to existing approaches. Accordingly, the variable response 8/1 1 may be or have the same value as the response 19 as referred to in Figs. 1 C and 1 D.
  • variable response and “response” are simply terms used to distinguish the response 8/1 1 from the response 19 in embodiments where those responses are different from one another, much in the same way as “first response” and “second response” may distinguish the response.
  • the term “variable” is thus not intended to convey anything about the variability of the response 8/1 1 as compared to the response 19.
  • the visited network node 10 and the home network node 5 were illustrated in Fig. 1 B as different nodes, the visited network node 10 and the home network node 5 may in some embodiments be the same network node, particularly if the home network is the serving network.
  • Fig. 2A shows a method for authentication exchange in a radio communication network 4 according to some embodiments.
  • the method is performed by a home network node 5 of the radio communication network 4.
  • the method includes determining a variable response 8 that has a first length, and determining a variable expected response 6 based on a one-way function 7 that includes the determined variable response 8 and a random number 9 as inputs to the one-way function 7, wherein the variable expected response 6 has a second length shorter than the first length (Block S1 10).
  • the method may more particularly include receiving from a visited network node 10 an authentication information request that requests information for verifying
  • the method may comprise determining the variable expected response in response to receiving this request.
  • the method may therefore include sending the determined variable expected response 6 to the visited network node 10, in response to the received authentication information request (Block S120).
  • the method may also include receiving a confirmation of verified authentication from the visited network node 10 (Block S130).
  • Fig. 2B shows a method for authentication exchange in a radio communication network 4 according to other embodiments.
  • the method is performed by a visited network node 10 of the radio communication network 4.
  • the method includes obtaining a variable expected response 6 (Block S200). Where the visited network node 10 is the home network node 5, for instance, this may involve determining the variable expected response 6 as described above. In other embodiments where the visited network node 10 is different than the home network node 5, this may involve receiving the variable expected response 6 from the home network node 5.
  • the method also includes receiving from a wireless terminal 1 a variable response 1 1 that has a first length (Block S210).
  • the method further includes determining an expected response 13, based on the received variable response 1 1 , wherein the determined expected response 13 has a second length that is shorter than the first length of the received variable response 1 1 (Block S220).
  • the method also includes validating the determined expected response 13 with the variable expected response 6 (Block S230).
  • the method may further comprise verifying or not verifying authentication of the wireless terminal 1 depending on whether or not the determined expected response 13 is validated (Block S240). In one embodiment, the method may also comprise after verifying authentication of the wireless terminal 1 , sending a confirmation 21 of verified authentication from the visited network node 10 to the home network node 5 (Block S250).
  • Fig. 2C similarly shows a method for authentication exchange in a radio communication network 4 according to still other embodiments. The method is performed by a wireless terminal
  • the method includes determining a variable response
  • the method also includes sending the variable response 1 1 to a visited network node 10 for authentication of the wireless terminal 1 based on an expected response 13 that is determinable from the variable response 1 1 , wherein the first length of the variable response 1 1 is longer than a second length of the expected response 13 (Block S340).
  • the method may include sending an attach request to the visited network node 10 (Block S310).
  • the method may further includes receiving a first random number 20 in response to the attach request, e.g., as part of challenging the wireless terminal 1 to provide the variable response 1 1 (Block S320).
  • the wireless terminal 1 may determine the variable response 1 1 based on the first random number 20.
  • a network node herein is any type of node in the wireless communication network 4, e.g., in the access network or core network.
  • a network node 5, 10 herein may be any network node that manages or otherwise participates in authenticating a wireless terminal or user of a wireless terminal, such as an authentication center node or an AAA (authorization,
  • a wireless terminal is any type of node capable of communicating with a network node or another wireless terminal over radio signals.
  • a wireless terminal may therefore refer to a machine-to-machine (M2M) device, a machine-type communications (MTC) device, a narrowband internet of things (NB-loT) device, etc.
  • M2M machine-to-machine
  • MTC machine-type communications
  • NB-loT narrowband internet of things
  • the wireless terminal may also be a user equipment (UE), however it should be noted that the UE does not necessarily have a "user" in the sense of an individual person owning and/or operating the device.
  • a wireless terminal may also be referred to as a radio device, a radio communication device, or a wireless
  • M2M machine-to-machine
  • MTC machine-type communication
  • wireless sensor wireless sensor
  • sensor may also be used. It should be understood that these devices may be UEs, but are generally configured to transmit and/or receive data without direct human interaction.
  • a wireless terminal as described herein may be, or may be comprised in, a machine or device that performs monitoring or measurements, and transmits the results of such monitoring measurements to another device or a network.
  • machines are power meters, industrial machinery, or home or personal appliances, e.g. refrigerators, televisions, personal wearables such as watches etc.
  • a wireless terminal as described herein may be comprised in a vehicle and may perform monitoring and/or reporting of the vehicle's operational status or other functions associated with the vehicle.
  • a home network node 5 as described above may perform the method in Fig. 2A and any other processing herein by implementing any functional means or units.
  • the home network node 5 comprises respective circuits or circuitry configured to perform the steps shown in Fig. 2A.
  • the circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • memory which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.
  • Fig. 3A for example is a schematic diagram showing some components of the home network node 5.
  • a processor 30 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 34 stored in a memory.
  • the memory can thus be considered to be or form part of a computer program product 32.
  • the processor 30 may be configured to execute methods described herein, e.g., with reference to Fig. 2A.
  • the memory may be any combination of read and write memory, RAM, and read only memory, ROM.
  • the memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the home network node 5 may further comprise an input/output, I/O, interface 31.
  • the home network node 5 in this regard may comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated).
  • Other components of the home network node 5 are omitted in order not to obscure the concepts presented herein.
  • Fig. 3B is a schematic diagram showing functional blocks of the home network node 5.
  • the functional blocks may be implemented as only software instructions such as a computer program executing in the home network node 5 or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof.
  • some of the functional blocks may be implemented by software and other by hardware.
  • the functional blocks may be implemented for instance by the processor 30 of Fig. 3A when running the computer program 34.
  • the functional blocks e.g., for implementing the steps in Fig. 2A, include a
  • the determination manager unit 36 may be for determining a variable response 8 that has a first length, and determining a variable expected response 6 based on a one-way function 7 that includes the determined variable response 8 and a random number 9 as inputs to the one-way function 7, wherein the variable expected response 6 has a second length shorter than the first length.
  • the communication manager unit 38 may be for receiving an authentication information request from the visited network node 10 and for sending the determined variable expected response 6 to the visited network node 10, in response to the received authentication information request.
  • the communication manager unit 38 may also or alternatively be for receiving a confirmation of verified authentication from the visited network node 10.
  • a visited network node 10 as described above may perform the method in
  • the visited network node 10 comprises respective circuits or circuitry configured to perform the steps shown in Fig. 2B.
  • the circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • memory which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.
  • Fig. 4A is a schematic diagram showing some components of the visited network node
  • a processor 40 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 44 stored in a memory.
  • the memory can thus be considered to be or form part of a computer program product 42.
  • the processor 40 may be configured to execute methods described herein, e.g., with reference to Fig. 2B.
  • the memory may be any combination of read and write memory, RAM, and read only memory, ROM.
  • the memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the visited network node 10 may further comprise an input/output, I/O, interface 41.
  • the visited network node 10 in this regard may comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated).
  • Other components of the visited network node 10 are omitted in order not to obscure the concepts presented herein.
  • Fig. 4B is a schematic diagram showing functional blocks of the visited network node 10.
  • the functional blocks may be implemented as only software instructions such as a computer program executing in the visited network node 10 or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware. The functional blocks may be implemented for instance by the processor 40 of Fig. 4A when running the computer program 44.
  • the functional blocks e.g., for implementing the steps in Fig. 2B, include a
  • the communication manager unit 48 may be for receiving a variable expected response 6 from a home network node 5, and for receiving from a wireless terminal 1 a variable response 1 1 that has a first length.
  • the determination manager unit 46 may be for determining an expected response 13, based on the received variable response 1 1 , wherein the determined expected response 13 has a second length that is shorter than the first length of the received variable response 1 1.
  • the determination manager unit 46 may also be for validating the determined expected response 13 with the received variable expected response 6.
  • the communication manager unit 46 may also or alternatively be for transmitting a confirmation of verified authentication to the home network node 5.
  • a wireless terminal 1 as described above may perform the method in Fig. 2C and any other processing herein by implementing any functional means or units.
  • the wireless terminal 1 comprises respective circuits or circuitry configured to perform the steps shown in Fig. 2C.
  • the circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory.
  • memory which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc.
  • the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.
  • Fig. 5A is a schematic diagram showing some components of the wireless terminal 1 .
  • a processor 50 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 54 stored in a memory.
  • the memory can thus be considered to be or form part of a computer program product 52.
  • the processor 10 may be configured to execute methods described herein, e.g., with reference to Fig. 2C.
  • the memory may be any combination of read and write memory, RAM, and read only memory, ROM.
  • the memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the wireless terminal 1 may further comprise an input/output, I/O, interface 51 including e.g. a user interface.
  • the wireless terminal 1 may further comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated).
  • Other components of the wireless terminal 1 are omitted in order not to obscure the concepts presented herein.
  • Fig. 5B is a schematic diagram showing functional blocks of the wireless terminal 1 .
  • the functional blocks may be implemented as only software instructions such as a computer program executing in the wireless terminal 1 or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof.
  • some of the functional blocks may be implemented by software and other by hardware.
  • the functional blocks may be implemented for instance by the processor 50 of Fig. 5A when running the computer program 54.
  • the functional blocks e.g., for implementing the steps in Fig. 2C, include a
  • the determination manager unit 56 may be for determining a variable response 1 1 that has a first length.
  • the communication manager unit 58 may be for sending the variable response 1 1 to a visited network node 10 for authentication of the wireless terminal 1 based on an expected response 13 that is determinable from the variable response 1 1 , wherein the first length of the variable response 1 1 is longer than a second length of the expected response 13.
  • a computer program comprises instructions which, when executed on at least one processor of a node (e.g., network node 5, 10 or wireless terminal 1 ), cause the node to carry out any of the respective processing described above.
  • a computer program in this regard may comprise one or more code modules corresponding to the means or units described above.
  • Embodiments further include a carrier containing such a computer program. This carrier may comprise one of an electronic signal, optical signal, radio signal, or computer readable storage medium.
  • the response 19 is a result RES
  • the variable expected response 6 is a variable expected result
  • HXRES * H(RES *
  • the expected response 13 is an expected result
  • HRES * H(RES *
  • the response 19 may be a result RES
  • HXRES H(RES
  • RAND) truncated to a number of bits less than n bits, and the expected response 13 being an expected result HRES H(RES
  • the result (RES) of the original AKA (e.g., as generated as a function f1 including a random number RAND and a key K as inputs) has been extended using a key derivation function (KDF) and is called RES * . Furthermore, a new value HXRES * is computed.
  • KDF key derivation function
  • the Serving Network can verify the HXRES * while the Home Network verifies the RES * and in this way gets a verification that the UE is actually present.
  • HXRES * or (2) break the one-way hash function H and easily find a input value that produces the correct HXRES * . In either case, this input value is with high probability the RES * .
  • This RES * can then be used by the Serving Network in step 9 without having a connection to a UE executing steps 5, 6 and 7.
  • RES * determined variable result
  • HXRES * determined variable expected response
  • the variable HXRES * may e.g. have a length of n/2, in which case a visited network searching for a valid RES will find approximately 2 (n/2) valid values that generate the correct variable HXRES * , but it cannot distinguish which of these 2 (n/2) values correspond to the correct variable RES * and therefore has a low probability of making the Home Network believe that it is connected to a valid wireless terminal.
  • the presented embodiment can be implemented in 3rd Generation Partnership Project (3GPP) without requiring major modifications to the specific protocol.
  • Inputs to the KDF may however vary. Use of e.g. parameter CK, IK and RES as inputs to the KDF will allow old sim- cards to function as they can provide these.
  • the inputs to the KDF may be anything, but some part must be known secretly between the wireless terminal and the home network.
  • the KDF may be a one-way function too. It may be possible to add e.g. International Mobile Subscriber Identity (IMSI) into the function determining RES * .
  • IMSI International Mobile Subscriber Identity
  • variable result would then be 32 bits and with the variable expected result having a shorter length of e.g. n/2, which would be 16 bits, which may be considered to be very short and a longer variable result is preferred.
  • a longer variable result may e.g. be achieved by use of inputs to KDF such as (CK
  • WT wireless terminal
  • VN Visited Network node
  • HN Home Network node
  • step 3 in Fig. 6 the output of the KDF is truncated from 256 bits to 128 bits, which will require less data to transfer than non-truncated data. If e.g. the output of KDF is not truncated at all, the RES * will then have a longer length than that of the truncated HXRES * , which will protect the home network from a malicious visited network if the hashing one-way function H is broken and it is easy for the VN to find collisions.
  • variable RES * and HXRES * may vary depending on which level of security is preferred. If the first length of the variable RES * and the second length of variable HXRES * are almost the same, then an input that causes a collision in HXRES * has a high probability of being the correct variable RES * . If the second length of variable HXRES * is much shorter than the first length of the variable RES * then there is a large chance that the WT can pass the check in the visited network by sending a random RES * .
  • variable HXRES * One variant to provide a short variable HXRES * , shorter than the variable RES * , is to keep the truncation of the variable RES * to 128 bits, but truncate the variable HXRES * to less than 128 bits. Another variant is to truncate the variable RES * to a length of more than 128 bits and keep the truncation of the variable HXRES * to a length of 128 bits.
  • another one-way function may be used to determine the variable HXRES * , as long as the output is shorter in bit length compare to the variable RES * .
  • the method is performed by a wireless terminal, WT, 1 of the radio communication network 4 and comprises determining S410 a variable response 1 1 based on a function 16 including a response 19 and a first random number 20, wherein the variable response 1 1 has a length determined by a one-way function.
  • the method may further include receiving S400 the first random number 20 (e.g., in a message) and/or sending S420 the variable response 1 1 to a visited network node 10 (e.g., in a message).
  • the method is performed by a WT 1 of a communication network 4.
  • the method comprises determining S410 a variable response RES * based on a KDF including a first random number, wherein the RES * has a length determined by a one-way function.
  • the method may further include receiving S400 the first random number (e.g., in a message) and/or sending S420 the variable response RES * to a visited network node 10 (e.g., in a message).
  • FIG. 7b An embodiment of a method for authentication exchange in a radio communication network is presented with reference to Fig. 7b.
  • the method is performed by a home network node 5 of the radio communication network 4 and comprises determining S510 a variable response 8, based on a function 16 including a response 19 and a first random number 20, wherein the variable response 8 has a first length, and determining a variable expected response 6 based on a one-way function 7 including the determined variable response 8 and a second random number 9, wherein the variable expected response 6 has a second length shorter than the first length.
  • the method is performed by a home network node 5 of a communication network 4.
  • the method comprises determining S510 a variable response, RES * , based on a function including a response, RES, and a first random number, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second random number as inputs, wherein the HXRES * has a second length shorter than the first length.
  • the method may further comprise receiving S500 an authentication request from a visited network node (e.g., in a message), and sending S520 the determined HXRES * to the visited network node (e.g., in a message), in response to the received authentication request.
  • the method may further comprise receiving S530 a confirmation of verified
  • the second length may be half the length of the first length.
  • the function to determine RES * may be a key derivation function, KDF.
  • the function to determine RES * may be a one-way function.
  • the difference in length between the first length and the second length may be at least
  • the one-way function may be a hashing function.
  • the first length may be determined by truncation of the RES * .
  • the first length may be determined by a second one-way function of the RES * .
  • the second length may be determined by truncation of the HXRES.
  • the second length may be determined by a third one-way function of the HXRES * .
  • the RES * may be determined by the KDF with CK, IK, RES, SNN, RAND included as inputs.
  • the HXRES * may be determined by a one-way function H with the variable RES * and the second RAND included as inputs.
  • a visited network node 10 of the radio communication network 4 comprises receiving S600 a variable expected response from a home network node, receiving S610 a variable response from a wireless terminal, WT, determining S620 an expected response, based on the received variable response, and validating S630 the determined expected response with the received variable expected response, wherein the determined expected response has a shorter length than the received variable response.
  • the method is performed by a visited network node 10 of a radio communication network 4.
  • the method comprises receiving S600 a HXRES * from a home network node 5, receiving S610 a RES * from a WT 1 , determining S620 a HRES * (calculated with the same parameters as when determining HXRES * ) based on the received variable RES * , and validating S630 the determined HRES * with the received variable HXRES * , wherein the determined HRES * has a shorter length than the received variable RES * .
  • the home network node comprises a processor 60 and a computer program product 62, 63.
  • the computer program product stores instructions that, when executed by the processor 60, causes the home network node to determine S510 a variable response, based on a function including a response and a first random number, wherein the variable response has a first length, and determine a variable expected response based on a one-way function including the determined variable response and a second random number, wherein the variable expected response has a second length shorter than the first length.
  • the home network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented also with reference to Fig. 8.
  • the home network node comprises a processor 60 and a computer program product 62, 63.
  • the computer program product stores instructions that, when executed by the processor, causes the home network node to determine S510 a variable response, RES * , based on a function including a response, RES, and a first random number, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second random number as inputs, wherein the HXRES * has a second length shorter than the first length.
  • the home network node may further be caused to receive S500 an authentication request from a visited network node, and to send S520 the determined HXRES * to the visited network node, in response to the received authentication request.
  • the home network node may further be caused to receive S530 a confirmation of verified authentication from the visited network node.
  • the second length may be half the length of the first length.
  • the function to determine RES * may be a key derivation function, KDF.
  • the function to determine RES * may be a one-way function.
  • the difference in length between the first length and the second length may be at least
  • the one-way function may be a hashing function.
  • the first length may be determined by truncation of the RES * .
  • the first length may be determined by a second one-way function of the RES * .
  • the second length may be determined by truncation of the HXRES * .
  • the second length may be determined by a third one-way function of the HXRES * .
  • the RES * may be determined by the KDF with CK, IK, RES, SNN, RAND included as inputs.
  • the HXRES * may be determined by a one-way function H with the variable RES * and the second RAND included as inputs.
  • the visited network node comprises processor 60 and a computer program product 62, 63.
  • the computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response from a home network node receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the determined expected response with the received variable expected response,, wherein the determined expected response has a shorter length than the received variable response.
  • WT wireless terminal
  • the visited network node comprises a processor 60 and a computer program product 62, 63.
  • the computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response, HXRES * , from a home network node, receive a variable response, RES * , from a wireless terminal (WT), determine an expected response, HRES * , based on the received variable RES * , and to validate the determined HRES * with the received variable HXRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • the wireless terminal (WT) 1 comprises processor 70 and a computer program product 72, 73.
  • the computer program product stores instructions that, when executed by the processor, causes the WT to determine S410 a variable response based on a function including a response and a first random number, wherein the variable response has a length determined by a one-way function.
  • the WT comprises processor 70 and a computer program product 72, 73.
  • the computer program product stores instructions that, when executed by the processor, causes the WT to determine S410 a variable response, RES * , based on a key derivation function, KDF, including a first random number, wherein the variable RES * has a length determined by a one-way function.
  • the home network node comprises a determination manager 80 for determining S510 a variable response, based on a function including a response and a first random number, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second random number, wherein the variable expected response has a second length shorter than the first length.
  • the home network node comprises a determination manager 80 for determining S510 a variable response, RES * , based on a function including a response, RES, and a first random number, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second random number as inputs, wherein the HXRES * has a second length shorter than the first length.
  • the visited network node comprises a communication manager 81 and a determination manager 80.
  • the communication manager is for receiving a variable expected response from a home network node, and for receiving a variable response from a wireless terminal (WT).
  • the determination manager is for determining an expected response, based on the received variable response, and for validating the determined expected response with the received variable expected response, wherein the determined expected response has a shorter length than the received variable response.
  • the visited network node comprises a communication manager 81 and a determination manager 80.
  • the communication manager is for receiving a variable expected response, HXRES * , from a home network node, and for receiving a variable response, RES * , from a wireless terminal (WT).
  • the determination manager is for determining an expected response, HRES * , based on the received variable RES * , and for validating the determined HRES * with the received HXRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • the wireless terminal comprises determination manager 90 for determining a variable response based on a function including a response and a first random number, wherein the variable response has a length determined by a one-way function.
  • the wireless terminal comprises a determination manager 90 for determining a variable response, RES * , based on a key derivation function, KDF, including a first random number, wherein the variable RES * has a length determined by a one-way function.
  • the computer program comprises computer program code which, when run on a home network node 5, causes the home network node to determine a variable response, based on a function including a response and a first random number, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second random number, wherein the variable expected response has a second length shorter than the first length.
  • the computer program comprises computer program code which, when run on a home network node 5, causes the home network node to determine a variable response, RES * , based on a function including a response, RES, and a first random number, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second random number as inputs, wherein the HXRES * has a second length shorter than the first length.
  • An embodiment of a computer program 74, 75 for authentication exchange in a radio communication network the computer program comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response based on a function including a response and a first random number, wherein the variable response has a length determined by a one-way function.
  • WT wireless terminal
  • the computer program comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response, RES * , based on a key derivation function, KDF, including a first random number, wherein the variable RES * has a length determined by a one-way function.
  • WT wireless terminal
  • KDF key derivation function
  • the computer program comprises computer program code which, when run on a visited network node 10, causes the visited network node to receive a variable expected response from a home network node, receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the determined expected response with the received variable expected response, wherein the determined expected response has a shorter length than the received variable response.
  • WT wireless terminal
  • the computer program comprises computer program code which, when run on a visited network node 20, causes the visited network node to receive a variable expected response, HXRES * , from a home network node, receive a variable response, RES * , from a wireless terminal (WT), determine an expected response, HRES * , based on the received variable RES * , and to validate the determined HRES * with the received HXRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • a computer program product 62, 63; 72, 73 comprising a computer program 64,65; 74, 75 and a computer readable storage means on which the computer program is stored is also presented.
  • Fig. 8 is a schematic diagram showing some components of a network device, i.e. the visited network node or the home network node.
  • a processor 60 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 64 stored in a memory.
  • the memory can thus be considered to be or form part of the computer program product 62.
  • the processor 60 may be configured to execute methods described herein with reference to Fig. 7b.
  • the memory may be any combination of read and write memory, RAM, and read only memory, ROM.
  • the memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • a second computer program product 63 in the form of a data memory may also be provided, e.g. for reading and/or storing data during execution of software instructions in the processor 60.
  • the data memory can be any combination of read and write memory, RAM, and read only memory, ROM, and may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the data memory may e.g. hold other software instructions 65, to improve functionality for the network device.
  • the network device may further comprise an input/output, I/O, interface 61 including e.g. a user interface.
  • the network device may further comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated).
  • Other components of the network device are omitted in order not to obscure the concepts presented herein.
  • Fig. 10 is a schematic diagram showing functional blocks of the network device, i.e. the home network node or the visited network node.
  • the modules may be implemented as only software instructions such as a computer program executing in the cache server or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware.
  • the modules correspond to the steps in the methods illustrated in Fig. 7b, comprising a determination manager unit 80 and communication manager unit 81 . In the embodiments where one or more of the modules are implemented by a computer program, it shall be understood that these modules do not necessarily correspond to process modules, but can be written as instructions according to a programming language in which they would be
  • the determination manager 80 is for authentication exchange in a radio communication network, e.g. for EPS AKA.
  • This module corresponds to the determine step S510 of Fig. 7b.
  • This module can e.g. be implemented by the processor 60 of Fig. 8, when running the computer program.
  • the communication manager 81 is for authentication exchange in a radio
  • This module corresponds to the receive step S500, the send step S520 and the receive step S530 of Fig. 7b.
  • This module can e.g. be implemented by the processor 60 of Fig. 8, when running the computer program.
  • Fig. 9 is a schematic diagram showing some components of the WT 1 .
  • a processor 70 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 74 stored in a memory.
  • the memory can thus be considered to be or form part of the computer program product 72.
  • the processor 70 may be configured to execute methods described herein with reference to Fig. 7a.
  • the memory may be any combination of read and write memory, RAM, and read only memory, ROM.
  • the memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • a second computer program product 73 in the form of a data memory may also be provided, e.g. for reading and/or storing data during execution of software instructions in the processor 70.
  • the data memory can be any combination of read and write memory, RAM, and read only memory, ROM, and may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the data memory may e.g. hold other software instructions 75, to improve functionality for the WT 1.
  • the WT 1 may further comprise an input/output, I/O, interface 71 including e.g. a user interface.
  • the WT 1 may further comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated).
  • Other components of the WT are omitted in order not to obscure the concepts presented herein.
  • Fig. 1 1 is a schematic diagram showing functional blocks of the WT 1.
  • the modules may be implemented as only software instructions such as a computer program executing in the cache server or only hardware, such as application specific integrated circuits, field
  • programmable gate arrays discrete logical components, transceivers, etc. or as a combination thereof.
  • some of the functional blocks may be implemented by software and other by hardware.
  • the modules correspond to the steps in the methods illustrated in Fig. 7a, comprising a determination manager unit 90 and communication manager unit 91.
  • a determination manager unit 90 and communication manager unit 91.
  • these modules do not necessarily correspond to process modules, but can be written as instructions according to a programming language in which they would be implemented, since some programming languages do not typically contain process modules.
  • the determination manager 90 is for authentication exchange in a radio communication network, e.g. for EPS AKA. This module corresponds to the determine step S410 of Fig. 7a.
  • This module can e.g. be implemented by the processor 70 of Fig. 9, when running the computer program.
  • the communication manager 91 is for authentication exchange in a radio
  • This module corresponds to the receive step S400 and the send step S420 of Fig. 7a.
  • This module can e.g. be implemented by the processor 70 of Fig. 9, when running the computer program.
  • the method is performed by a home network node of the radio communication network and comprises determining a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length.
  • a method for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA is presented.
  • the method is performed by a home network node of a radio communication network and comprises determining a variable response, RES * , based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second RAND as inputs, wherein the HXRES * has a second length shorter than the first length.
  • the method may further comprise receiving an authentication request from a visited network node, and sending the determined HXRES * to the visited network node, in response to the received authentication request.
  • the method may further comprise receiving a confirmation of verified authentication from the visited network node.
  • the second length may be half the length of the first length.
  • the function to determine RES * may be a key derivation function, KDF.
  • the function to determine RES * may be a one-way function.
  • the difference in length between the first length and the second length may be at least
  • the one-way function may be a hashing function.
  • the first length may be determined by truncation of the RES * .
  • the first length may be determined by a second one-way function of the RES * .
  • the second length may be determined by truncation of the HXRES * .
  • the second length may be determined by a third one-way function of the HXRES * .
  • the RES * may be determined by the KDF with CK, IK, RES, SNN, RAND included as inputs.
  • the HXRES * may be determined by a one-way function H with the variable RES * and the second RAND included as inputs.
  • the method is performed by a wireless terminal, WT, of the radio communication network comprises determining a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a one-way function.
  • a method for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA is presented.
  • the method is performed by a wireless terminal, WT, of a radio communication network comprises determining a variable response, RES * , based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES * has a length determined by a one-way function.
  • the method is performed by a visited network node of the radio communication network comprises receiving a variable expected response from a home network node, receiving a variable response from a wireless terminal, determining an expected response, based on the received variable response, and validating the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
  • the method is performed by a visited network node of a radio communication network and comprises receiving a variable expected response, HXRES * , from a home network node, receiving a variable response, RES * , from a wireless terminal, WT, determining an expected response, HRES * , based on the received variable RES * , and validating the received HXRES * with the determined HRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • a home network node for authentication exchange in a radio communication network comprises processor and computer program product.
  • the computer program product stores instructions that, when executed by the processor, causes the home network node to determine a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length.
  • the home network node comprises a processor and a computer program product.
  • the computer program product stores instructions that, when executed by the processor, causes the home network node to determine a variable response, RES * , based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second RAND as inputs, wherein the HXRES * has a second length shorter than the first length.
  • a wireless terminal for authentication exchange in a radio communication network comprises a processor and a computer program product.
  • the computer program product stores instructions that, when executed by the processor, causes the WT to determine a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a one-way function.
  • a wireless terminal for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
  • the WT comprises a processor and a computer program product.
  • the computer program product stores instructions that, when executed by the processor, causes the WT to determine (S1 10) a variable response, RES * , based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES * has a length determined by a one-way function.
  • a visited network node in a radio communication network comprises a processor and a computer program product.
  • the computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response from a home network node, receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
  • WT wireless terminal
  • the visited network node comprises a processor and a computer program product.
  • the computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response, HXRES * , from a home network node, receive a variable response, RES * , from a wireless terminal (WT), determine an expected response, HRES * , based on the received variable RES * , and to validate the received HXRES * with the determined HRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • a home network node for authentication exchange in a radio communication network comprises a determination manager for determining a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length.
  • the home network node comprises a determination manager for determining a variable response, RES * , based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second RAND as inputs, wherein the HXRES * has a second length shorter than the first length.
  • a wireless terminal for authentication exchange in a radio communication network comprising determination manager for determining a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a oneway function.
  • the wireless terminal comprises a determination manager for determining (S1 10) a variable response, RES * , based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES * has a length determined by a one-way function.
  • a visited network node for authentication exchange in a radio communication network comprises a communication manager and a determination manager.
  • the communication manager is for receiving a variable expected response from a home network node, and for receiving a variable response from a wireless terminal (WT).
  • WT wireless terminal
  • the determination manager is for determining an expected response, based on the received variable response, and for validating the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
  • a visited network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network.
  • the visited network node comprises a communication manager and a determination manager.
  • the communication manager is for receiving a variable expected response, HXRES * , from a home network node, and for receiving a variable response, RES * , from a wireless terminal (WT).
  • the determination manager is for determining an expected response, HRES * , based on the received variable RES * , and for validating the received HXRES * with the determined HRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • a computer program for authentication exchange in a communication network comprises computer program code which, when run on a home network node, causes the home network node to determine a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length.
  • a computer program for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA in a radio
  • the computer program comprises computer program code which, when run on a home network node, causes the home network node to determine a variable response, RES * , based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES * has a first length, and determining a variable expected response, HXRES * , based on a one-way function including the determined RES * and a second RAND as inputs, wherein the HXRES * has a second length shorter than the first length.
  • a computer program for authentication exchange in a radio communication network comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a one-way function.
  • WT wireless terminal
  • RAND first random number
  • a computer program for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response, RES * , based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES * has a length determined by a one-way function.
  • WT wireless terminal
  • KDF key derivation function
  • a computer program for authentication exchange in a radio communication network comprises computer program code which, when run on a visited network node, causes the visited network node to receive a variable expected response from a home network node, receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
  • WT wireless terminal
  • the computer program comprises computer program code which, when run on a visited network node, causes the visited network node to receive a variable expected response, HXRES * , from a home network node, receive a variable response, RES * , from a wireless terminal (WT), determine an expected response, HRES * , based on the received variable RES * , and to validate the received HXRES * with the determined HRES * , wherein the determined HRES * has a shorter length than the received RES * .
  • a computer program product comprising a computer program and a computer readable storage means on which the computer program is stored is also presented.
  • all terms used in the itemized list of embodiments are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein.
  • All references to "a/an/the element, apparatus, component, means, step, etc.” are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise.
  • the steps of any method disclosed herein do not have to be performed by the exact order disclosed, unless explicitly stated.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A home network node (5) is configured for authentication exchange in a radio communication network. The home network node (5) is configured to determine a variable response (8) that has a first length. The home network node (5) is also configured to determine a variable expected response (6) based on a one-way function (7) that includes the determined variable response (8) and a random number (9) as inputs to the one-way function (7). The variable expected response (6) has a second length shorter than the first length.

Description

AUTHENTICATION EXCHANGE FOR WIRELESS NETWORKS USING
VARIABLE EXPECTED RESPONSE LENGTHS
TECHNICAL FIELD
The present disclosure relates to a method for authentication exchange, as well as a home network node, a visited network node, a wireless terminal, a computer program and a computer program product thereof.
BACKGROUND
A wireless terminal and a radio communication network engage in an authentication exchange to exchange information for authenticating the wireless terminal before the network. In an authentication exchange, the wireless terminal is challenged by the network to provide a response that matches or otherwise corresponds to a response that the network expects for authentication. The expected response may be for instance based on a shared secret between the wireless terminal and the network. Challenges nonetheless exist, though, in guarding against a malicious wireless terminal or network being able to provide a response that corresponds to the expected response, even though the malicious terminal or network does not possess the shared secret.
SUMMARY
According to some embodiments herein for an authentication exchange, the expected response that the network expects for authentication is made to be shorter in length than the response which a wireless terminal is to provide for such authentication. This may for example advantageously guard against an unauthentic wireless terminal or network being able to provide a response that corresponds to the expected response.
More particularly, embodiments herein include a method for authentication exchange in a radio communication network. The method is performed by a home network node of the radio communication network. The method comprises determining a variable response that has a first length, and determining a variable expected response based on a one-way function that includes the determined variable response and a random number as inputs to the one-way function. The variable expected response has a second length shorter than the first length.
In some embodiments, the method further comprises receiving from a visited network node an authentication information request that requests information for verifying authentication of a wireless terminal. In this case, the method may also comprise sending the determined variable expected response to the visited network node, in response to the received
authentication information request.
In some embodiments, the method may further comprise receiving a confirmation of verified authentication from the visited network node. For example, in some embodiments, the confirmation includes a variable response based on which the visited network node verified authentication of a wireless terminal. In this case, the method may further comprise verifying whether the variable response included in the confirmation corresponds to the determined variable response included as an input to the one-way function.
In some embodiments, the second length is half the length of the first length.
In some embodiments, the difference in length between the first length and the second length is at least 16 bits.
In some embodiments, determining the variable response comprises determining an output of a function and truncating the output to have the first length. In other embodiments, the variable response is an output of another one-way function, wherein the output of the another one-way function has the first length.
In some embodiments, determining the variable expected response comprises determining an output of the one-way function and truncating the output to have the second length. In other embodiments, the determined variable expected response is an output of the one-way function, wherein the output of the one-way function has the second length. In still other embodiments, determining the variable expected response comprises determining a first output of the one-way function and determining a second output of another one-way function, with the first output included as an input to the another one-way function, wherein the second output has the second length.
In some embodiments, the determined variable response is determined based on a function that includes a response and a first random number as inputs to the function, wherein the one-way function includes the determined variable response and a second random number as inputs to the one-way function, the determined variable response is determined based on a function that includes a response and a first random number as inputs to the function, wherein the one-way function includes the determined variable response and a second random number as inputs to the one-way function. In one embodiment, for example, the authentication exchange is for or based on Authentication and Key Agreement, AKA, wherein the variable response is a variable result RES*, wherein the response is a result RES, and wherein the variable expected response is a variable expected result HXRES*. In this case, the KDF may include as inputs a cipher key, an integrity key, the response, a serving network name, and the first random number. In some embodiments, the function based on which the variable response is determined is a key derivation function, KDF.
In some embodiments, the one-way function based on which the variable expected response is determined is a hashing function.
Embodiments herein also include a method for authentication exchange in a radio
communication network. The method is performed by a visited network node of the radio communication network. The method comprises receiving a variable expected response from a home network node. The method also comprises receiving from a wireless terminal a variable response that has a first length. The method also comprises determining an expected response, based on the received variable response, wherein the determined expected response has a second length that is shorter than the first length of the received variable response. The method further comprises validating the determined expected response with the received variable expected response.
In some embodiments, the method further comprises verifying or not verifying authentication of the wireless terminal depending on whether or not the determined expected response is validated.
In some embodiments, the method further comprises, after verifying authentication of the wireless terminal, sending a confirmation of verified authentication from the visited network node to the home network node. For example, the confirmation may include the received variable response.
In some embodiments, the method further comprises sending to the home network node an authentication information request that requests information for verifying authentication of the wireless terminal, and wherein the variable expected response is received from the home network node in response to the authentication information request.
In some embodiments, the second length is half the length of the first length.
In some embodiments, the difference in length between the first length and the second length is at least 16 bits.
In some embodiments, determining the expected response comprises determining the expected response based on a one-way function that includes the received variable response and a random number as inputs to the one-way function.
In some embodiments, determining the expected response comprises determining an output of the one-way function and truncating the output to have the second length. In other embodiments, the determined expected response is an output of the one-way function, wherein the output of the one-way function has the second length. In yet other embodiments, determining the expected response comprises determining a first output of the one-way function and determining a second output of another one-way function, with the first output included as an input to the another one-way function, wherein the second output has the second length.
In some embodiments, the one-way function based on which the expected response is determined is a hashing function.
In some embodiments, the authentication exchange is for Authentication and Key Agreement, AKA, wherein the variable response is a variable result RES*, wherein the variable expected response is a variable expected result HXRES*, and wherein the determined expected response is a determined expected result HRES*.
Embodiments herein further include a method for authentication exchange in a radio communication network. The method is performed by a wireless terminal of the radio communication network. The method comprises determining a variable response that has a first length. The method also comprises sending the variable response to a visited network node for authentication of the wireless terminal based on an expected response that is determinable from the variable response, wherein the first length of the variable response is longer than a second length of the expected response.
In some embodiments, the method further comprises sending an attach request to the visited network node and receiving a first random number in response to the attach request, and wherein determining the variable response comprises determining the variable response based on the first random number.
In some embodiments, determining the variable response comprises determining the variable response based on a function that includes a response and a first random number as inputs to the function.
In some embodiments, determining the variable response comprises determining an output of a function and truncating the output to have the first length.
Embodiments also include corresponding apparatus, computer programs, and computer readable mediums.
For example, embodiments include a home network node for authentication exchange in a radio communication network. The home network node is configured to determine a variable response that has a first length, and determine a variable expected response based on a oneway function that includes the determined variable response and a random number as inputs to the one-way function. The variable expected response has a second length shorter than the first length.
Embodiments also include a visited network node configured for use in a radio communication network. The visited network node is configured to receive a variable expected response from a home network node and receive from a wireless terminal a variable response that has a first length. The visited network node is configured to determine an expected response, based on the received variable response, wherein the determined expected response has a second length that is shorter than the first length of the received variable response. The visited network node is configured to validate the determined expected response with the received variable expected response.
Embodiments further include a wireless terminal for authentication exchange in a radio communication network. The wireless terminal is configured to determine a variable response that has a first length, and send the variable response to a visited network node for
authentication of the wireless terminal based on an expected response that is determinable from the variable response, wherein the first length of the variable response is longer than a second length of the expected response. BRIEF DESCRIPTION OF THE DRAWINGS
The example embodiments are now described with reference to the accompanying drawings, in which:
Fig. 1A is a schematic diagram illustrating an environment where embodiments presented herein can be applied;
Fig. 1 B is a block diagram of a wireless communication network that includes a home network node, a visited network node, and a wireless terminal according to some embodiments;
Fig. 1 C is a block diagram of processing performed by a home network node according to some embodiments;
Fig. 1 D is a block diagram of processing performed by a wireless terminal according to some embodiments;
Fig. 2A is a logic flow diagram of a method performed by a home network node according to some embodiments;
Fig. 2B is a logic flow diagram of a method performed by a visited network node according to some embodiments;
Fig. 2C is a logic flow diagram of a method performed by a wireless terminal according to some embodiments;
Fig. 3A is a block diagram of a home network node according to some embodiments; Fig. 3B is a block diagram of a home network node according to other embodiments; Fig. 4A is a block diagram of a visited network node according to some embodiments;
Fig 4B is a block diagram of a visited network node according to other embodiments; Fig 5A is a block diagram of a wireless terminal according to some embodiments;
Fig 5B is a block diagram of a wireless terminal according to other embodiments;
Fig 6 is a schematic signalling scheme, which has been discussed during
standardization proceedings;
Figs. 7a-7c are flow chars illustrating methods for embodiments presented herein;
Fig. 8 is a schematic diagram illustrating some components of a network node presented herein;
Fig. 9 is a schematic diagram illustrating some components of a wireless terminal presented herein;
Fig. 10 is a schematic diagram showing functional modules of a network node presented herein; and
Fig. 1 1 is a schematic diagram showing functional modules of a wireless terminal presented herein. DETAILED DESCRIPTION
Fig. 1 A schematically illustrates a communication network 4 wherein embodiments presented herein may be applied. A wireless terminal (WT) 1 is wirelessly connectable to a base station 2. The BS 2 is connected to a core network (CN) 3, which may in turn connect the wireless terminal 1 to one or more other networks such as the Internet or the public switched telephone network.
In this context, the wireless terminal 1 and the network 4 may engage in an
authentication exchange to exchange information for authenticating the wireless terminal 1 before the network 4. In an authentication exchange, such as for Authentication and Key
Agreement (AKA), the wireless terminal 1 is challenged by the network 4 to provide a variable response that matches or otherwise corresponds to the variable response that the network 4 expects for authentication. The variable expected response may be for instance based on a shared secret (e.g., a key) that is shared between the wireless terminal 1 and the network 4.
Regardless, according to some embodiments herein, the variable expected response that the network 4 expects for authentication is made to be shorter in length than the variable response which corresponds to that variable expected response. This may for example advantageously guard against a malicious wireless terminal or network being able to provide a variable response that corresponds to the variable expected response, even though the malicious terminal or network does not possess the shared secret.
Fig. 1 B illustrates one or more of these embodiments in a context where the wireless terminal's home network dictates the variable expected response that is expected for authentication of the terminal 1 , even if the wireless terminal 1 is served and authenticated by a visited network different than the home network. As shown in this regard, a home network node 5 determines a variable expected response 6 based on which authentication of the wireless terminal 1 is to be performed. The home network node 5 may for instance determine this variable expected response 6 based on a function 7, e.g., a one-way function such as a hashing function. This function 7 may include, as an input, a variable response 8 that is to correspond to the variable expected response 6. In some embodiments, the function 7 may also include a random number 9 as an input to the function 7. Regardless, the variable response 8 has a first length L1 and the variable expected response 6 has a second length L2 that is shorter than the first length L1. That is, the variable expected response 6 is shorter in length than the variable response 8 which is to correspond to the variable expected response 6. This may
advantageously protect against reverse engineering of the variable response 8 based on knowledge of the variable expected response 6.
Having determined the variable expected response 6 in this way, the home network node 5 may itself perform authentication of the wireless terminal 1 based on that variable expected response 6 if the home network is the serving network. As shown in Fig. 1 B, though, the home network node 5 may send the variable expected response 6 to a visited network node 10 of a visited network that serves the wireless terminal 1. The home network node 6 may do so for instance in response to receiving from the visited network node 10 an authentication information request that requests information for verifying authentication of the wireless terminal 1 . In any event, the visited network node 10 may then perform authentication of the wireless terminal 1 based on the variable expected response 6 received from the home network node 5.
In particular, as shown in Fig.l B, the visited network node 10 may receive a variable response 1 1 from the wireless terminal 1 , e.g., in response to challenging the wireless terminal 1 to provide such a response after the wireless terminal 1 sent an attach request to the visited network node 10. The visited network node 10 may then verify or not verify authentication of the wireless terminal 1 by checking whether or not the variable response 1 1 received from the wireless terminal 1 corresponds to the variable expected response 6 received from the home network node 5.
To do so, the visited network node 10 may perform determination 12 to determine an expected response 13 based on the variable response 1 1 received from the terminal 1 . The visited network node 10 may for instance perform this determination 12 in a way corresponding to how the home network node 5 determined the variable expected response 6 as a function 7 of the variable response 8 which is to correspond to that variable expected response 6. In this case, for example, the visited network node 10 determines the expected response 13 as a function (e.g., a one-way function such as a hashing function) that includes as an input the variable response 1 1 received from the wireless terminal 1. The function may also include as an input a random number, such as the same random number 9 that the home network node 5 used as input to function 7. Regardless, the determined expected response 13 likewise has a second length L2 that is shorter than a first length L1 of the variable response 1 1 received from the wireless terminal 1. The visited network node 10 then performs validation 14 to validate the expected response 13 with the variable expected response 6. The visited network node 10 may do so for instance by comparing the expected response 13 with the variable expected response 6, and make a decision 15 regarding whether or not the expected response is validated depending on whether or not the comparison reveals that the expected response 13 matches or otherwise corresponds with the variable expected response 6. The visited network node 10 may then verify or not verify authentication of the wireless terminal 1 depending on whether or not the expected response 13 is validated.
In some embodiments, after verifying authentication of the wireless terminal 1 , the visited network node 10 sends a confirmation 21 of verified authentication to the home network node 5. The confirmation 21 may include the variable response 1 1 that the visited network node 10 received from the wireless terminal 1. The home network node 5 may in some embodiments verify whether the variable response 1 1 included in the confirmation 21 matches or corresponds to the variable response 8 included as an input to the function 7, e.g., to confirm that the visited network node 10 authenticates a wireless terminal that is actually present rather than maliciously spoofing authentication.
Notably, with the second length L2 of the variable expected response 6 being shorter than the first length L1 of the variable response 8/1 1 , some embodiments better protect against a visited network node maliciously spoofing authentication. Indeed, the second length L2 being shorter than the first length L1 makes it less likely that the visited network node 10 would be able to reverse engineer the variable response which is to correspond to the variable expected response 6 that the home network node 5 sends to the visited network node 10, e.g., by searching the input space of function 7 for the input value that produces the variable expected response 6 or by breaking the function 7. This means that it is less likely that the visited network node 10 would be able to include a reverse engineered variable response in the confirmation 21 it sends to the home network node 5.
Similarly, with the second length L2 of the variable expected response 6 being shorter than the first length L1 of the variable response 8/1 1 , some embodiments better protect against the wireless terminal 1 responding with a reverse engineered variable response, e.g., rather than a variable response authentically generated based on a shared secret.
Note that the second length L2 of the variable expected response 6 may be shorter than the first length L1 of the variable response 8/1 1 to any extent, e.g., by a single bit or by multiple bits. In some embodiments, such as where first length L1 of the variable response 8/1 1 is 128 bits, the second length L2 is shorter than the first length L1 by at least 16 bits. In alternative or additional embodiments, the second length L2 is half the length of the first length L2. In general, though, the second length L2 may be shorter than the first length L1 to an extent that reduces the likelihood of reverse engineering to a desired likelihood. Alternatively or additionally, however, the second length L2 may not be so much shorter than the first length L1 that it reduces the possible values of the variable response 8/1 1 below a threshold, e.g., so as to unacceptably increase the likelihood that a randomly selected value for the variable response 8/1 1 would pass authentication.
In any event, the variable expected response 6 and the variable response 8/1 1 , and thereby the first and second lengths, may be determined in any number of ways. In some embodiments, for example, the home network node 5 determines the variable response 8 by determining the output 8' of a function 16. The function 16 may be for instance a key derivation function, KDF, or a one-way function such as a hashing function. In one embodiment, the output 8' of the function 16 already has the first length L1. In this case, the output 8' of the function 16 may itself be the variable response 8. In another embodiment, though, the output 8' of the function 16 has a length that is longer than the first length L1 . In this case, the home network node 5 may truncate 17 the output 8' to have the first length L1 . In this sense, then, the output 8' of the function 16 may be referred to as a full-length or untruncated version of the variable response 8. Similarly, the home network node 5 may determine the variable expected response 6 by determining the output 6' of the function 7. In one embodiment, the output 6' of the function 7 already has the second length L2. In this case, the output 6' of the function 7 may itself be the variable expected response 6. In another embodiment, though, the output 6' of the function 7 has a length that is longer than the second length L2. In this case, the home network node 5 may truncate 18 the output 6' to have the second length L2. In this sense, then, the output 6' of the function 7 may be referred to as a full-length or untruncated version of the variable expected response 6. In other embodiments, though, the output 6' of the function 7 may be included as an input to another function (not shown), with the output of that other function being the variable expected response 6 with the second length L2. The other function may be for instance another one-way function.
Similarly, the visited network node 10 may determine the expected response 13 by determining the output of a function (not shown), e.g., a one-way function such as a hashing function. This function may correspond to function 7. In one embodiment, the output of the function already has the second length L2. In this case, the output of the function may itself be the expected response 13. In another embodiment, though, the output of the function has a length that is longer than the second length L2. In this case, the visited network node 10 may truncate the output to have the second length L2. In this sense, then, the output of the function may be referred to as a full-length or untruncated version of the expected response. In other embodiments, though, the output of the function may be included as an input to another function (not shown), with the output of that other function being the expected response 13 with the second length L2. The other function may be for instance another one-way function.
Fig. 1 C shows additional details for how the home network node 5 determines the variable response 8 and the variable expected response 6 according to some embodiments. As shown, the home network node 5 determines the variable response 8 based on a function 16 that includes a response 19 and a first random number 20 as inputs to the function 16. In some embodiments, the output of the function 16 is the variable response 8 itself. In other
embodiments, though, the output 8' of the function 16 is truncated 17 to produce the variable response 8. Regardless, the variable response 8 and a second random number 9 are included as inputs to the function 7 (e.g., a one-way function such as a hashing function). In some embodiments, the output of the function 7 is the variable expected response 6 itself. In other embodiments, though, the output 6' of the function 7 is truncated 18 to produce the variable expected response 6. Note that in some embodiments the first and second random numbers 19, 9 are the same random numbers, whereas in other embodiments they may be different random numbers.
Fig. 1 D shows corresponding processing at the wireless terminal 1 in these
embodiments for determining the variable response 1 1 it sends to the visited network node 10. As shown, the wireless terminal 1 determines the variable response 1 1 based on a function 16 that includes a response 19 and a first random number 20 as inputs to the function 16. In some embodiments, the output of the function 16 is the variable response 1 1 itself. In other embodiments, though, the output 1 1 ' of the function 16 is truncated 17 to produce the variable response 1 1 with the first length L1 .
In some embodiments, the authentication exchange herein is for or based on
Authentication and Key Agreement, AKA. In this case, then, the response 19 in Figs. 1 C and 1 D may be a result RES, e.g., as defined by AKA and/or 3GPP. For instance, the result RES may be determined based on a function f1 that includes as inputs a random number RAND and a shared key K. Also in this case, the variable response 8/1 1 may be a variable result RES*, e.g., as defined by AKA and/or 3GPP. For instance, the variable result RES* may be determined based on a key derivation function, KDF, that includes as inputs a cipher key (CK), an integrity key (IK), the result RES, a serving network name (SNN), and the random number RAND.
Furthermore, the output of the KDF may be truncated to produce the variable result RES*. For instance, the variable result RES* may be computed as RES*=KDF (CK, IK, RES, SNN, RAND) truncated to n bits. Further in this case, the variable expected response 6 may be a variable expected result HXRES*. For instance, the variable expected result HXRES* may be determined based on a hashing function H that includes as inputs the variable result RES* and a random number (e.g., the same RAND used to calculate RES*). Furthermore, the output of the hashing function H may be truncated to produce the variable expected result HXRES*. For example, the variable expected result HXRES* may be computed as HXRES*=H(RES*||RAND) truncated to a length less than the length of the variable result RES* (e.g., truncated to less than n bits). Similarly, the expected response 13 in Fig. 1 B may be an expected result HRES*, e.g., as defined by AKA and/or 3GPP. For instance, the expected result HRES* may be determined based on a hashing function H that includes as inputs the variable result RES* received from the wireless terminal 1 and a random number (e.g., the same RAND used to calculate RES*). Similarly, the output of the hashing function H may be truncated to produce the expected result HXRES*. For example, the expected result HRES* may be computed as
HRES*=H(RES*||RAND) truncated to a length less than the length of the variable result RES* (e.g., truncated to less than n bits).
Note that the result RES and variable result RES* are to be determined in the same way at the home network node 5 and the wireless terminal 1 . Despite that, the result RES and variable result RES* may in some embodiments be simply referred to with different notation depending on where the determination occurs, i.e., at the home network node 5 or the wireless terminal 1. For determination at the wireless terminal 1 for instance the result RES may instead be denoted as XRES and the variable result RES* may instead be denoted as XRES*.
Note further that in other embodiments the variable response 8/1 1 may be the result RES itself, instead of a variable result RES*, e.g., as defined by AKA and/or 3GPP. In this case, then, the result RES may for instance be determined based on a function f1 that includes as inputs a random number RAND and a shared key K. That is, some embodiments herein may use an exact copy of the legacy RES for the variable response 8/1 1 and nonetheless still enhance security as compared to existing approaches. Accordingly, the variable response 8/1 1 may be or have the same value as the response 19 as referred to in Figs. 1 C and 1 D. This embodiment demonstrates therefore that "variable response" and "response" are simply terms used to distinguish the response 8/1 1 from the response 19 in embodiments where those responses are different from one another, much in the same way as "first response" and "second response" may distinguish the response. The term "variable" is thus not intended to convey anything about the variability of the response 8/1 1 as compared to the response 19.
Note also that although the visited network node 10 and the home network node 5 were illustrated in Fig. 1 B as different nodes, the visited network node 10 and the home network node 5 may in some embodiments be the same network node, particularly if the home network is the serving network.
In view of the above modifications and variations, Fig. 2A shows a method for authentication exchange in a radio communication network 4 according to some embodiments. The method is performed by a home network node 5 of the radio communication network 4. The method includes determining a variable response 8 that has a first length, and determining a variable expected response 6 based on a one-way function 7 that includes the determined variable response 8 and a random number 9 as inputs to the one-way function 7, wherein the variable expected response 6 has a second length shorter than the first length (Block S1 10). In some embodiments, the method may more particularly include receiving from a visited network node 10 an authentication information request that requests information for verifying
authentication of a wireless terminal 1 (Block S100). The method may comprise determining the variable expected response in response to receiving this request. The method may therefore include sending the determined variable expected response 6 to the visited network node 10, in response to the received authentication information request (Block S120). In some
embodiments, the method may also include receiving a confirmation of verified authentication from the visited network node 10 (Block S130).
Fig. 2B shows a method for authentication exchange in a radio communication network 4 according to other embodiments. The method is performed by a visited network node 10 of the radio communication network 4. The method includes obtaining a variable expected response 6 (Block S200). Where the visited network node 10 is the home network node 5, for instance, this may involve determining the variable expected response 6 as described above. In other embodiments where the visited network node 10 is different than the home network node 5, this may involve receiving the variable expected response 6 from the home network node 5. Regardless, the method also includes receiving from a wireless terminal 1 a variable response 1 1 that has a first length (Block S210). The method further includes determining an expected response 13, based on the received variable response 1 1 , wherein the determined expected response 13 has a second length that is shorter than the first length of the received variable response 1 1 (Block S220). The method also includes validating the determined expected response 13 with the variable expected response 6 (Block S230).
In some embodiments, the method may further comprise verifying or not verifying authentication of the wireless terminal 1 depending on whether or not the determined expected response 13 is validated (Block S240). In one embodiment, the method may also comprise after verifying authentication of the wireless terminal 1 , sending a confirmation 21 of verified authentication from the visited network node 10 to the home network node 5 (Block S250).
Fig. 2C similarly shows a method for authentication exchange in a radio communication network 4 according to still other embodiments. The method is performed by a wireless terminal
I of the radio communication network 4. The method includes determining a variable response
I I that has a first length (Block S330). The method also includes sending the variable response 1 1 to a visited network node 10 for authentication of the wireless terminal 1 based on an expected response 13 that is determinable from the variable response 1 1 , wherein the first length of the variable response 1 1 is longer than a second length of the expected response 13 (Block S340).
More particularly in some embodiments the method may include sending an attach request to the visited network node 10 (Block S310). The method may further includes receiving a first random number 20 in response to the attach request, e.g., as part of challenging the wireless terminal 1 to provide the variable response 1 1 (Block S320). In this case, the wireless terminal 1 may determine the variable response 1 1 based on the first random number 20.
A network node herein is any type of node in the wireless communication network 4, e.g., in the access network or core network. A network node 5, 10 herein may be any network node that manages or otherwise participates in authenticating a wireless terminal or user of a wireless terminal, such as an authentication center node or an AAA (authorization,
authentication, and accounting) server.
A wireless terminal is any type of node capable of communicating with a network node or another wireless terminal over radio signals. A wireless terminal may therefore refer to a machine-to-machine (M2M) device, a machine-type communications (MTC) device, a narrowband internet of things (NB-loT) device, etc. The wireless terminal may also be a user equipment (UE), however it should be noted that the UE does not necessarily have a "user" in the sense of an individual person owning and/or operating the device. A wireless terminal may also be referred to as a radio device, a radio communication device, or a wireless
communication device - unless the context indicates otherwise, the use of any of these terms is intended to include device-to-device UEs or devices, machine-type devices or devices capable of machine-to-machine communication, sensors equipped with a wireless device, wireless- enabled table computers, mobile terminals, smart phones, laptop-embedded equipped (LEE), laptop-mounted equipment (LME), USB dongles, wireless customer-premises equipment (CPE), etc. In the discussion herein, the terms machine-to-machine (M2M) device, machine-type communication (MTC) device, wireless sensor, and sensor may also be used. It should be understood that these devices may be UEs, but are generally configured to transmit and/or receive data without direct human interaction.
In an IOT scenario, a wireless terminal as described herein may be, or may be comprised in, a machine or device that performs monitoring or measurements, and transmits the results of such monitoring measurements to another device or a network. Particular examples of such machines are power meters, industrial machinery, or home or personal appliances, e.g. refrigerators, televisions, personal wearables such as watches etc. In other scenarios, a wireless terminal as described herein may be comprised in a vehicle and may perform monitoring and/or reporting of the vehicle's operational status or other functions associated with the vehicle.
Note that a home network node 5 as described above may perform the method in Fig. 2A and any other processing herein by implementing any functional means or units. In one embodiment, for example, the home network node 5 comprises respective circuits or circuitry configured to perform the steps shown in Fig. 2A. The circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.
Fig. 3A for example is a schematic diagram showing some components of the home network node 5. A processor 30 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 34 stored in a memory. The memory can thus be considered to be or form part of a computer program product 32. The processor 30 may be configured to execute methods described herein, e.g., with reference to Fig. 2A. The memory may be any combination of read and write memory, RAM, and read only memory, ROM. The memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
The home network node 5 may further comprise an input/output, I/O, interface 31. The home network node 5 in this regard may comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated). Other components of the home network node 5 are omitted in order not to obscure the concepts presented herein. Fig. 3B is a schematic diagram showing functional blocks of the home network node 5. The functional blocks may be implemented as only software instructions such as a computer program executing in the home network node 5 or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware. The functional blocks may be implemented for instance by the processor 30 of Fig. 3A when running the computer program 34.
The functional blocks, e.g., for implementing the steps in Fig. 2A, include a
determination manager unit 36 and communication manager unit 38. The determination manager unit 36 may be for determining a variable response 8 that has a first length, and determining a variable expected response 6 based on a one-way function 7 that includes the determined variable response 8 and a random number 9 as inputs to the one-way function 7, wherein the variable expected response 6 has a second length shorter than the first length. The communication manager unit 38 may be for receiving an authentication information request from the visited network node 10 and for sending the determined variable expected response 6 to the visited network node 10, in response to the received authentication information request. The communication manager unit 38 may also or alternatively be for receiving a confirmation of verified authentication from the visited network node 10.
Note also that a visited network node 10 as described above may perform the method in
Fig. 2B and any other processing herein by implementing any functional means or units. In one embodiment, for example, the visited network node 10 comprises respective circuits or circuitry configured to perform the steps shown in Fig. 2B. The circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein.
Fig. 4A is a schematic diagram showing some components of the visited network node
10. A processor 40 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 44 stored in a memory. The memory can thus be considered to be or form part of a computer program product 42. The processor 40 may be configured to execute methods described herein, e.g., with reference to Fig. 2B. The memory may be any combination of read and write memory, RAM, and read only memory, ROM. The memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
The visited network node 10 may further comprise an input/output, I/O, interface 41. The visited network node 10 in this regard may comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated). Other components of the visited network node 10 are omitted in order not to obscure the concepts presented herein.
Fig. 4B is a schematic diagram showing functional blocks of the visited network node 10.
The functional blocks may be implemented as only software instructions such as a computer program executing in the visited network node 10 or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware. The functional blocks may be implemented for instance by the processor 40 of Fig. 4A when running the computer program 44.
The functional blocks, e.g., for implementing the steps in Fig. 2B, include a
determination manager unit 46 and communication manager unit 48. The communication manager unit 48 may be for receiving a variable expected response 6 from a home network node 5, and for receiving from a wireless terminal 1 a variable response 1 1 that has a first length. The determination manager unit 46 may be for determining an expected response 13, based on the received variable response 1 1 , wherein the determined expected response 13 has a second length that is shorter than the first length of the received variable response 1 1. The determination manager unit 46 may also be for validating the determined expected response 13 with the received variable expected response 6. The communication manager unit 46 may also or alternatively be for transmitting a confirmation of verified authentication to the home network node 5.
Note further that a wireless terminal 1 as described above may perform the method in Fig. 2C and any other processing herein by implementing any functional means or units. In one embodiment, for example, the wireless terminal 1 comprises respective circuits or circuitry configured to perform the steps shown in Fig. 2C. The circuits or circuitry in this regard may comprise circuits dedicated to performing certain functional processing and/or one or more microprocessors in conjunction with memory. In embodiments that employ memory, which may comprise one or several types of memory such as read-only memory (ROM), random-access memory, cache memory, flash memory devices, optical storage devices, etc., the memory stores program code that, when executed by the one or more processors, carries out the techniques described herein. Fig. 5A is a schematic diagram showing some components of the wireless terminal 1 . A processor 50 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 54 stored in a memory. The memory can thus be considered to be or form part of a computer program product 52. The processor 10 may be configured to execute methods described herein, e.g., with reference to Fig. 2C. The memory may be any combination of read and write memory, RAM, and read only memory, ROM. The memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
The wireless terminal 1 may further comprise an input/output, I/O, interface 51 including e.g. a user interface. The wireless terminal 1 may further comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated). Other components of the wireless terminal 1 are omitted in order not to obscure the concepts presented herein.
Fig. 5B is a schematic diagram showing functional blocks of the wireless terminal 1 . The functional blocks may be implemented as only software instructions such as a computer program executing in the wireless terminal 1 or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware. The functional blocks may be implemented for instance by the processor 50 of Fig. 5A when running the computer program 54.
The functional blocks, e.g., for implementing the steps in Fig. 2C, include a
determination manager unit 56 and communication manager unit 58. The determination manager unit 56 may be for determining a variable response 1 1 that has a first length. The communication manager unit 58 may be for sending the variable response 1 1 to a visited network node 10 for authentication of the wireless terminal 1 based on an expected response 13 that is determinable from the variable response 1 1 , wherein the first length of the variable response 1 1 is longer than a second length of the expected response 13.
Those skilled in the art will also appreciate that embodiments herein further include corresponding computer programs.
A computer program comprises instructions which, when executed on at least one processor of a node (e.g., network node 5, 10 or wireless terminal 1 ), cause the node to carry out any of the respective processing described above. A computer program in this regard may comprise one or more code modules corresponding to the means or units described above. Embodiments further include a carrier containing such a computer program. This carrier may comprise one of an electronic signal, optical signal, radio signal, or computer readable storage medium.
Some embodiments will now be described in more detail, at times with reference to a context where the authentication exchange is for AKA. These embodiments may expound upon and/or be combinable with embodiments described above. For example, in some of the embodiments below, the response 19 is a result RES, the variable response 8/1 1 is a variable result RES*=KDF(CK, IK, RES, SNN, RAND) truncated to n bits (e.g., truncated from 256 bits to 128 bits), the variable expected response 6 is a variable expected result
HXRES*=H(RES*||RAND) truncated to a number of bits less than n bits, and the expected response 13 is an expected result HRES*=H(RES*||RAND) truncated to a number of bits less than n bits. Alternatively, the response 19 may be a result RES, the variable response 8/1 1 may be a variable result RES*=KDF (CK, IK, RES, SNN, RAND) itself that is not truncated (e.g., so as to have a length of 256 bits), the variable expected response 6 may be a variable expected result HXRES*=H(RES*||RAND) truncated to a number of bits less than RES*, and the expected response 13 is an expected result HRES*=H(RES*||RAND) truncated to a number of bits less than RES*. Despite exemplifying these embodiments in the Figures, though, other embodiments contemplated by the below include the variable response 8/1 1 being the result RES itself having a first length n, the variable expected response 6 being
HXRES=H(RES||RAND) truncated to a number of bits less than n bits, and the expected response 13 being an expected result HRES=H(RES||RAND) truncated to a number of bits less than n bits.
An authentication exchange protocol is described in US patent 7,194,765. The authentication exchange protocol for Evolved Packet System (EPS) Authentication and Key Agreement (AKA) for 3rd Generation Partnership Project (3GPP) technical specification (TS)
33.501 is under change and a version for the change is called EPS AKA*. Different variants have been discussed, and one version is illustrated in Fig. 6.
In this version, the result (RES) of the original AKA (e.g., as generated as a function f1 including a random number RAND and a key K as inputs) has been extended using a key derivation function (KDF) and is called RES*. Furthermore, a new value HXRES* is computed.
The Serving Network can verify the HXRES* while the Home Network verifies the RES* and in this way gets a verification that the UE is actually present.
A problem with the authentication exchange presented in Fig. ,6 is that the RES* input to the hash function H in step 3 is of the same size as the output of H, HXRES*. Hence there is a high probability of an output uniquely identifying the input, which in turns allows an attacker to either (1 ) search the whole input space until they find a input value that produces the correct
HXRES* or (2) break the one-way hash function H and easily find a input value that produces the correct HXRES*. In either case, this input value is with high probability the RES*. This RES* can then be used by the Serving Network in step 9 without having a connection to a UE executing steps 5, 6 and 7.
An embodiment for an authentication procedure is presented, wherein a determined variable result (RES*) (corresponding to the, in step 3 in Fig. 6, firstly calculated RES*) has a first length n. A determined variable expected response (HXRES*), (corresponding to the, in step 3 in Fig. 6, firstly calculated HXRES*) has a second length <n, i.e. shorter than the length of RES*.
The variable HXRES* may e.g. have a length of n/2, in which case a visited network searching for a valid RES will find approximately 2(n/2) valid values that generate the correct variable HXRES*, but it cannot distinguish which of these 2(n/2) values correspond to the correct variable RES* and therefore has a low probability of making the Home Network believe that it is connected to a valid wireless terminal.
The presented embodiment can be implemented in 3rd Generation Partnership Project (3GPP) without requiring major modifications to the specific protocol. Inputs to the KDF may however vary. Use of e.g. parameter CK, IK and RES as inputs to the KDF will allow old sim- cards to function as they can provide these. The inputs to the KDF may be anything, but some part must be known secretly between the wireless terminal and the home network. The KDF may be a one-way function too. It may be possible to add e.g. International Mobile Subscriber Identity (IMSI) into the function determining RES*.
The presented method will however further also improve the security even if an exact copy of the legacy RES is used. The variable result would then be 32 bits and with the variable expected result having a shorter length of e.g. n/2, which would be 16 bits, which may be considered to be very short and a longer variable result is preferred. A longer variable result may e.g. be achieved by use of inputs to KDF such as (CK||IK||RES||...).
Similarly, additional parameters to the one-way function H may also vary (although RES* is required in the one-way-function H)
The standards for 5G are not yet set. As node names and configurations can differ in the future only three entities are presented, the wireless terminal (WT), Visited Network node (VN) and Home Network node (HN). These may comprise multiple entities that communicate internally with each other. These entities may for example be separate chips on a circuit board, separate computers or one computer with multiple programs.
Acronyms of the function KDF (CK, IK, RES, SNN, RAND) are as follows:
KDF - key derivation function
CK - cipher key
IK - integrity key
RES - result
SNN - serving network name RAND - random number
In step 3 in Fig. 6, the output of the KDF is truncated from 256 bits to 128 bits, which will require less data to transfer than non-truncated data. If e.g. the output of KDF is not truncated at all, the RES* will then have a longer length than that of the truncated HXRES*, which will protect the home network from a malicious visited network if the hashing one-way function H is broken and it is easy for the VN to find collisions.
The size relation between the variable RES* and the variable HXRES* may vary depending on which level of security is preferred. If the first length of the variable RES* and the second length of variable HXRES* are almost the same, then an input that causes a collision in HXRES* has a high probability of being the correct variable RES*. If the second length of variable HXRES* is much shorter than the first length of the variable RES* then there is a large chance that the WT can pass the check in the visited network by sending a random RES*.
One variant to provide a short variable HXRES*, shorter than the variable RES*, is to keep the truncation of the variable RES* to 128 bits, but truncate the variable HXRES* to less than 128 bits. Another variant is to truncate the variable RES* to a length of more than 128 bits and keep the truncation of the variable HXRES* to a length of 128 bits. As yet another variant, instead of truncating the output of H, i.e. the variable HXRES*, another one-way function may be used to determine the variable HXRES*, as long as the output is shorter in bit length compare to the variable RES*.
An embodiment of a method for authentication exchange in a radio communication network is presented with reference to Fig. 7a. The method is performed by a wireless terminal, WT, 1 of the radio communication network 4 and comprises determining S410 a variable response 1 1 based on a function 16 including a response 19 and a first random number 20, wherein the variable response 1 1 has a length determined by a one-way function. In some embodiments, the method may further include receiving S400 the first random number 20 (e.g., in a message) and/or sending S420 the variable response 1 1 to a visited network node 10 (e.g., in a message).
An embodiment of a method for authentication exchange for EPS AKA is presented also with reference to Fig. 7a. The method is performed by a WT 1 of a communication network 4. The method comprises determining S410 a variable response RES* based on a KDF including a first random number, wherein the RES* has a length determined by a one-way function. In some embodiments, the method may further include receiving S400 the first random number (e.g., in a message) and/or sending S420 the variable response RES* to a visited network node 10 (e.g., in a message).
An embodiment of a method for authentication exchange in a radio communication network is presented with reference to Fig. 7b. The method is performed by a home network node 5 of the radio communication network 4 and comprises determining S510 a variable response 8, based on a function 16 including a response 19 and a first random number 20, wherein the variable response 8 has a first length, and determining a variable expected response 6 based on a one-way function 7 including the determined variable response 8 and a second random number 9, wherein the variable expected response 6 has a second length shorter than the first length.
An embodiment of a method for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA is also presented with reference to Fig. 7b. The method is performed by a home network node 5 of a communication network 4. The method comprises determining S510 a variable response, RES*, based on a function including a response, RES, and a first random number, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second random number as inputs, wherein the HXRES* has a second length shorter than the first length.
The method may further comprise receiving S500 an authentication request from a visited network node (e.g., in a message), and sending S520 the determined HXRES* to the visited network node (e.g., in a message), in response to the received authentication request.
The method may further comprise receiving S530 a confirmation of verified
authentication from the visited network node.
The second length may be half the length of the first length.
The function to determine RES* may be a key derivation function, KDF.
The function to determine RES* may be a one-way function.
The difference in length between the first length and the second length may be at least
16 bits.
The one-way function may be a hashing function.
The first length may be determined by truncation of the RES*.
The first length may be determined by a second one-way function of the RES*.
The second length may be determined by truncation of the HXRES.
The second length may be determined by a third one-way function of the HXRES*. The RES* may be determined by the KDF with CK, IK, RES, SNN, RAND included as inputs.
The HXRES* may be determined by a one-way function H with the variable RES* and the second RAND included as inputs.
An embodiment of a method for authentication exchange in a radio communication network 4 is presented with reference to Fig. 7c. The method is performed by a visited network node 10 of the radio communication network 4 and comprises receiving S600 a variable expected response from a home network node, receiving S610 a variable response from a wireless terminal, WT, determining S620 an expected response, based on the received variable response, and validating S630 the determined expected response with the received variable expected response, wherein the determined expected response has a shorter length than the received variable response.
An embodiment of a method for authentication exchange for EPS AKA is presented is presented also with reference to Fig. 4c. The method is performed by a visited network node 10 of a radio communication network 4. The method comprises receiving S600 a HXRES* from a home network node 5, receiving S610 a RES* from a WT 1 , determining S620 a HRES* (calculated with the same parameters as when determining HXRES*) based on the received variable RES*, and validating S630 the determined HRES* with the received variable HXRES*, wherein the determined HRES* has a shorter length than the received variable RES*.
An embodiment of a home network node 5 for authentication exchange in a radio communication network 4 is presented with reference to Fig. 8. The home network node comprises a processor 60 and a computer program product 62, 63. The computer program product stores instructions that, when executed by the processor 60, causes the home network node to determine S510 a variable response, based on a function including a response and a first random number, wherein the variable response has a first length, and determine a variable expected response based on a one-way function including the determined variable response and a second random number, wherein the variable expected response has a second length shorter than the first length.
An embodiment of a home network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented also with reference to Fig. 8. The home network node comprises a processor 60 and a computer program product 62, 63. The computer program product stores instructions that, when executed by the processor, causes the home network node to determine S510 a variable response, RES*, based on a function including a response, RES, and a first random number, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second random number as inputs, wherein the HXRES* has a second length shorter than the first length.
The home network node may further be caused to receive S500 an authentication request from a visited network node, and to send S520 the determined HXRES* to the visited network node, in response to the received authentication request.
The home network node may further be caused to receive S530 a confirmation of verified authentication from the visited network node.
The second length may be half the length of the first length.
The function to determine RES* may be a key derivation function, KDF.
The function to determine RES* may be a one-way function.
The difference in length between the first length and the second length may be at least
16 bits. The one-way function may be a hashing function.
The first length may be determined by truncation of the RES*.
The first length may be determined by a second one-way function of the RES*.
The second length may be determined by truncation of the HXRES*.
The second length may be determined by a third one-way function of the HXRES*.
The RES* may be determined by the KDF with CK, IK, RES, SNN, RAND included as inputs.
The HXRES* may be determined by a one-way function H with the variable RES* and the second RAND included as inputs.
An embodiment of a visited network node in a radio communication network is presented also with reference to Fig. 8. The visited network node comprises processor 60 and a computer program product 62, 63. The computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response from a home network node receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the determined expected response with the received variable expected response,, wherein the determined expected response has a shorter length than the received variable response.
An embodiment of a visited network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented also with reference to Fig. 8. The visited network node comprises a processor 60 and a computer program product 62, 63. The computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response, HXRES*, from a home network node, receive a variable response, RES*, from a wireless terminal (WT), determine an expected response, HRES*, based on the received variable RES*, and to validate the determined HRES* with the received variable HXRES*, wherein the determined HRES* has a shorter length than the received RES*.
An embodiment of a wireless terminal 1 for authentication exchange in a radio communication network is presented with reference to Fig. 9. The wireless terminal (WT) 1 comprises processor 70 and a computer program product 72, 73. The computer program product stores instructions that, when executed by the processor, causes the WT to determine S410 a variable response based on a function including a response and a first random number, wherein the variable response has a length determined by a one-way function.
An embodiment of a wireless terminal, WT, 1 for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented also with reference to Fig. 9. The WT comprises processor 70 and a computer program product 72, 73. The computer program product stores instructions that, when executed by the processor, causes the WT to determine S410 a variable response, RES*, based on a key derivation function, KDF, including a first random number, wherein the variable RES* has a length determined by a one-way function.
An embodiment of a home network node for authentication exchange in a radio communication network is presented with reference to Fig. 10. The home network node comprises a determination manager 80 for determining S510 a variable response, based on a function including a response and a first random number, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second random number, wherein the variable expected response has a second length shorter than the first length.
An embodiment of a home network node for authentication exchange for Evolved Packet
System, EPS, Authentication and Key Agreement, AKA in a radio communication network is presented also with reference to Fig. 10. The home network node comprises a determination manager 80 for determining S510 a variable response, RES*, based on a function including a response, RES, and a first random number, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second random number as inputs, wherein the HXRES* has a second length shorter than the first length.
An embodiment of a visited network node for authentication exchange in a radio communication network is presented also with reference to Fig. 10. The visited network node comprises a communication manager 81 and a determination manager 80. The communication manager is for receiving a variable expected response from a home network node, and for receiving a variable response from a wireless terminal (WT). The determination manager is for determining an expected response, based on the received variable response, and for validating the determined expected response with the received variable expected response, wherein the determined expected response has a shorter length than the received variable response.
An embodiment of a visited network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented further with reference to Fig. 10. The visited network node comprises a communication manager 81 and a determination manager 80. The communication manager is for receiving a variable expected response, HXRES*, from a home network node, and for receiving a variable response, RES*, from a wireless terminal (WT). The determination manager is for determining an expected response, HRES*, based on the received variable RES*, and for validating the determined HRES* with the received HXRES*, wherein the determined HRES* has a shorter length than the received RES*.
An embodiment of a wireless terminal for authentication exchange in a radio
communication network is presented with reference to Fig. 1 1 . The wireless terminal (WT) comprises determination manager 90 for determining a variable response based on a function including a response and a first random number, wherein the variable response has a length determined by a one-way function.
An embodiment of a wireless terminal for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented also with reference to Fig. 1 1 . The wireless terminal (WT) comprises a determination manager 90 for determining a variable response, RES*, based on a key derivation function, KDF, including a first random number, wherein the variable RES* has a length determined by a one-way function.
An embodiment of a computer program 64, 65 for authentication exchange in a communication network is presented. The computer program comprises computer program code which, when run on a home network node 5, causes the home network node to determine a variable response, based on a function including a response and a first random number, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second random number, wherein the variable expected response has a second length shorter than the first length.
An embodiment of a computer program 64, 65 for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented. The computer program comprises computer program code which, when run on a home network node 5, causes the home network node to determine a variable response, RES*, based on a function including a response, RES, and a first random number, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second random number as inputs, wherein the HXRES* has a second length shorter than the first length.
An embodiment of a computer program 74, 75 for authentication exchange in a radio communication network, the computer program comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response based on a function including a response and a first random number, wherein the variable response has a length determined by a one-way function.
An embodiment of a computer program 74, 75 for authentication exchange for Evolved
Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented. The computer program comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response, RES*, based on a key derivation function, KDF, including a first random number, wherein the variable RES* has a length determined by a one-way function.
An embodiment of a computer program for authentication exchange in a radio communication network is presented. The computer program comprises computer program code which, when run on a visited network node 10, causes the visited network node to receive a variable expected response from a home network node, receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the determined expected response with the received variable expected response, wherein the determined expected response has a shorter length than the received variable response.
An embodiment of a computer program for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented. The computer program comprises computer program code which, when run on a visited network node 20, causes the visited network node to receive a variable expected response, HXRES*, from a home network node, receive a variable response, RES*, from a wireless terminal (WT), determine an expected response, HRES*, based on the received variable RES*, and to validate the determined HRES* with the received HXRES*, wherein the determined HRES* has a shorter length than the received RES*.
A computer program product 62, 63; 72, 73 comprising a computer program 64,65; 74, 75 and a computer readable storage means on which the computer program is stored is also presented.
Fig. 8 is a schematic diagram showing some components of a network device, i.e. the visited network node or the home network node. A processor 60 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 64 stored in a memory. The memory can thus be considered to be or form part of the computer program product 62. The processor 60 may be configured to execute methods described herein with reference to Fig. 7b.
The memory may be any combination of read and write memory, RAM, and read only memory, ROM. The memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
A second computer program product 63 in the form of a data memory may also be provided, e.g. for reading and/or storing data during execution of software instructions in the processor 60. The data memory can be any combination of read and write memory, RAM, and read only memory, ROM, and may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory. The data memory may e.g. hold other software instructions 65, to improve functionality for the network device.
The network device may further comprise an input/output, I/O, interface 61 including e.g. a user interface. The network device may further comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated). Other components of the network device are omitted in order not to obscure the concepts presented herein.
Fig. 10 is a schematic diagram showing functional blocks of the network device, i.e. the home network node or the visited network node. The modules may be implemented as only software instructions such as a computer program executing in the cache server or only hardware, such as application specific integrated circuits, field programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware. The modules correspond to the steps in the methods illustrated in Fig. 7b, comprising a determination manager unit 80 and communication manager unit 81 . In the embodiments where one or more of the modules are implemented by a computer program, it shall be understood that these modules do not necessarily correspond to process modules, but can be written as instructions according to a programming language in which they would be
implemented, since some programming languages do not typically contain process modules.
The determination manager 80 is for authentication exchange in a radio communication network, e.g. for EPS AKA. This module corresponds to the determine step S510 of Fig. 7b. This module can e.g. be implemented by the processor 60 of Fig. 8, when running the computer program.
The communication manager 81 is for authentication exchange in a radio
communication network, e.g. for EPS AKA. This module corresponds to the receive step S500, the send step S520 and the receive step S530 of Fig. 7b. This module can e.g. be implemented by the processor 60 of Fig. 8, when running the computer program.
Fig. 9 is a schematic diagram showing some components of the WT 1 . A processor 70 may be provided using any combination of one or more of a suitable central processing unit, CPU, multiprocessor, microcontroller, digital signal processor, DSP, application specific integrated circuit etc., capable of executing software instructions of a computer program 74 stored in a memory. The memory can thus be considered to be or form part of the computer program product 72. The processor 70 may be configured to execute methods described herein with reference to Fig. 7a.
The memory may be any combination of read and write memory, RAM, and read only memory, ROM. The memory may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
A second computer program product 73 in the form of a data memory may also be provided, e.g. for reading and/or storing data during execution of software instructions in the processor 70. The data memory can be any combination of read and write memory, RAM, and read only memory, ROM, and may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory. The data memory may e.g. hold other software instructions 75, to improve functionality for the WT 1.
The WT 1 may further comprise an input/output, I/O, interface 71 including e.g. a user interface. The WT 1 may further comprise a receiver configured to receive signalling from other nodes, and a transmitter configured to transmit signalling to other nodes (not illustrated). Other components of the WT are omitted in order not to obscure the concepts presented herein.
Fig. 1 1 is a schematic diagram showing functional blocks of the WT 1. The modules may be implemented as only software instructions such as a computer program executing in the cache server or only hardware, such as application specific integrated circuits, field
programmable gate arrays, discrete logical components, transceivers, etc. or as a combination thereof. In an alternative embodiment, some of the functional blocks may be implemented by software and other by hardware.
The modules correspond to the steps in the methods illustrated in Fig. 7a, comprising a determination manager unit 90 and communication manager unit 91. In the embodiments where one or more of the modules are implemented by a computer program, it shall be understood that these modules do not necessarily correspond to process modules, but can be written as instructions according to a programming language in which they would be implemented, since some programming languages do not typically contain process modules.
The determination manager 90 is for authentication exchange in a radio communication network, e.g. for EPS AKA. This module corresponds to the determine step S410 of Fig. 7a.
This module can e.g. be implemented by the processor 70 of Fig. 9, when running the computer program.
The communication manager 91 is for authentication exchange in a radio
communication network, e.g. for EPS AKA. This module corresponds to the receive step S400 and the send step S420 of Fig. 7a. This module can e.g. be implemented by the processor 70 of Fig. 9, when running the computer program.
Generally, then, it is an object of the present disclosure to reduce the risk that an authentication exchange is not correctly processed.
According to a first aspect, a method for authentication exchange in a radio
communication network is presented. The method is performed by a home network node of the radio communication network and comprises determining a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length. By the variable expected response having a shorter length than that of the variable response, a visited network node is prevented from being able to find the exact variable response even if the one-way function is broken.
According to a second aspect, a method for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, is presented. The method is performed by a home network node of a radio communication network and comprises determining a variable response, RES*, based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second RAND as inputs, wherein the HXRES* has a second length shorter than the first length.
The method may further comprise receiving an authentication request from a visited network node, and sending the determined HXRES* to the visited network node, in response to the received authentication request.
The method may further comprise receiving a confirmation of verified authentication from the visited network node.
The second length may be half the length of the first length.
The function to determine RES* may be a key derivation function, KDF.
The function to determine RES* may be a one-way function.
The difference in length between the first length and the second length may be at least
16 bits.
The one-way function may be a hashing function.
The first length may be determined by truncation of the RES*.
The first length may be determined by a second one-way function of the RES*.
The second length may be determined by truncation of the HXRES*.
The second length may be determined by a third one-way function of the HXRES*. The RES* may be determined by the KDF with CK, IK, RES, SNN, RAND included as inputs.
The HXRES* may be determined by a one-way function H with the variable RES* and the second RAND included as inputs.
According to a third aspect, a method for authentication exchange in a radio
communication network is presented. The method is performed by a wireless terminal, WT, of the radio communication network comprises determining a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a one-way function.
According to a fourth aspect, a method for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, is presented. The method is performed by a wireless terminal, WT, of a radio communication network comprises determining a variable response, RES*, based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES* has a length determined by a one-way function.
According to a fifth aspect, a method for authentication exchange in a radio
communication network is presented. The method is performed by a visited network node of the radio communication network comprises receiving a variable expected response from a home network node, receiving a variable response from a wireless terminal, determining an expected response, based on the received variable response, and validating the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
According to a sixth aspect, a method for authentication exchange for Evolved Packet
System, EPS, Authentication and Key Agreement, AKA, is presented. The method is performed by a visited network node of a radio communication network and comprises receiving a variable expected response, HXRES*, from a home network node, receiving a variable response, RES*, from a wireless terminal, WT, determining an expected response, HRES*, based on the received variable RES*, and validating the received HXRES* with the determined HRES*, wherein the determined HRES* has a shorter length than the received RES*.
According to a seventh aspect, a home network node for authentication exchange in a radio communication network is presented. The home network node comprises processor and computer program product. The computer program product stores instructions that, when executed by the processor, causes the home network node to determine a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length.
According to an eighth aspect, a home network node for authentication exchange for
Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
communication network is presented. The home network node comprises a processor and a computer program product. The computer program product stores instructions that, when executed by the processor, causes the home network node to determine a variable response, RES*, based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second RAND as inputs, wherein the HXRES* has a second length shorter than the first length.
According to a ninth aspect, a wireless terminal for authentication exchange in a radio communication network is presented. The wireless terminal (WT) comprises a processor and a computer program product. The computer program product stores instructions that, when executed by the processor, causes the WT to determine a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a one-way function.
According to a tenth aspect, a wireless terminal (WT) for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
communication network is presented. The WT comprises a processor and a computer program product. The computer program product stores instructions that, when executed by the processor, causes the WT to determine (S1 10) a variable response, RES*, based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES* has a length determined by a one-way function.
According to an eleventh aspect, a visited network node in a radio communication network is presented. The visited network node comprises a processor and a computer program product. The computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response from a home network node, receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
According to a twelfth aspect, a visited network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
communication network is presented. The visited network node comprises a processor and a computer program product. The computer program product stores instructions that, when executed by the processor, causes the visited network node to receive a variable expected response, HXRES*, from a home network node, receive a variable response, RES*, from a wireless terminal (WT), determine an expected response, HRES*, based on the received variable RES*, and to validate the received HXRES* with the determined HRES*, wherein the determined HRES* has a shorter length than the received RES*.
According to a thirteenth aspect, a home network node for authentication exchange in a radio communication network is presented. The home network node comprises a determination manager for determining a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length.
According to a fourteenth aspect, a home network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA in a radio
communication network is presented. The home network node comprises a determination manager for determining a variable response, RES*, based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second RAND as inputs, wherein the HXRES* has a second length shorter than the first length.
According to a fifteenth aspect, a wireless terminal for authentication exchange in a radio communication network is presented. The wireless terminal (WT) comprising determination manager for determining a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a oneway function.
According to a sixteenth aspect, a wireless terminal for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
communication network is presented. The wireless terminal (WT) comprises a determination manager for determining (S1 10) a variable response, RES*, based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES* has a length determined by a one-way function.
According to a seventeenth aspect, a visited network node for authentication exchange in a radio communication network is presented. The visited network node comprises a communication manager and a determination manager. The communication manager is for receiving a variable expected response from a home network node, and for receiving a variable response from a wireless terminal (WT). The determination manager is for determining an expected response, based on the received variable response, and for validating the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
According to an eighteenth aspect, a visited network node for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented. The visited network node comprises a communication manager and a determination manager. The communication manager is for receiving a variable expected response, HXRES*, from a home network node, and for receiving a variable response, RES*, from a wireless terminal (WT). The determination manager is for determining an expected response, HRES*, based on the received variable RES*, and for validating the received HXRES* with the determined HRES*, wherein the determined HRES* has a shorter length than the received RES*.
According to a nineteenth aspect, a computer program for authentication exchange in a communication network is presented. The computer program comprises computer program code which, when run on a home network node, causes the home network node to determine a variable response, based on a function including a response and a first random number, RAND, wherein the variable response has a first length, and determining a variable expected response based on a one-way function including the determined variable response and a second RAND, wherein the variable expected response has a second length shorter than the first length. According to a twentieth aspect, a computer program for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
communication network is presented. The computer program comprises computer program code which, when run on a home network node, causes the home network node to determine a variable response, RES*, based on a function including a response, RES, and a first random number, RAND, as inputs, wherein the RES* has a first length, and determining a variable expected response, HXRES*, based on a one-way function including the determined RES* and a second RAND as inputs, wherein the HXRES* has a second length shorter than the first length.
According to a twenty-first aspect, a computer program for authentication exchange in a radio communication network is presented. The computer program comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response based on a function including a response and a first random number, RAND, wherein the variable response has a length determined by a one-way function.
According to a twenty-second aspect, a computer program for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio communication network is presented. The computer program comprises computer program code which, when run on a wireless terminal (WT), causes the WT to determine a variable response, RES*, based on a key derivation function, KDF, including a first random number, RAND, wherein the variable RES* has a length determined by a one-way function.
According to a twenty-third aspect, a computer program for authentication exchange in a radio communication network is presented. The computer program comprises computer program code which, when run on a visited network node, causes the visited network node to receive a variable expected response from a home network node, receive a variable response from a wireless terminal (WT), determine an expected response, based on the received variable response, and to validate the received variable expected response with the determined expected response, wherein the determined expected response has a shorter length than the received variable response.
According to a twenty-fourth aspect, a computer program for authentication exchange for Evolved Packet System, EPS, Authentication and Key Agreement, AKA, in a radio
communication network is presented. The computer program comprises computer program code which, when run on a visited network node, causes the visited network node to receive a variable expected response, HXRES*, from a home network node, receive a variable response, RES*, from a wireless terminal (WT), determine an expected response, HRES*, based on the received variable RES*, and to validate the received HXRES* with the determined HRES*, wherein the determined HRES* has a shorter length than the received RES*.
A computer program product comprising a computer program and a computer readable storage means on which the computer program is stored is also presented. Generally, all terms used in the itemized list of embodiments are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed by the exact order disclosed, unless explicitly stated.
The present disclosure has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the present disclosure.

Claims

1 . A method for authentication exchange in a radio communication network (4), the method being performed by a home network node (5) of the radio communication network (4) and comprising:
determining (S1 10) a variable response (8) that has a first length, and determining a variable expected response (6) based on a one-way function (7) that includes the determined variable response (8) and a random number (9) as inputs to the oneway function (7), wherein the variable expected response (6) has a second length shorter than the first length.
2. The method of claim 1 , further comprising:
receiving (S100) from a visited network node (10) an authentication information request that requests information for verifying authentication of a wireless terminal (1 ); and
sending (S120) the determined variable expected response (6) to the visited network node (10), in response to the received authentication information request.
3. The method of claim 2, further comprising receiving (S130) a confirmation (21 ) of verified authentication from the visited network node (10).
4. The method of claim 3, wherein the confirmation (21 ) includes a variable response (1 1 ) based on which the visited network node (10) verified authentication of a wireless terminal (1 ), and wherein the method further comprises verifying whether the variable response (1 1 ) included in the confirmation (21 ) corresponds to the determined variable response (8) included as an input to the one-way function (7).
5. The method of any of claims 1 -4, wherein the second length is half the length of the first length.
6. The method of any of claims 1 -5, wherein the difference in length between the first length and the second length is at least 16 bits.
7. The method of any of claims 1 -6, wherein determining the variable response (8) comprises determining an output of a function (16) and truncating the output to have the first length.
8. The method of any of claims 1 -6, wherein the variable response (8) is an output of another one-way function (16), wherein the output of the another one-way function (16) has the first length.
9. The method of any of claims 1 -8, wherein determining the variable expected response (6) comprises determining an output of the one-way function (7) and truncating the output to have the second length.
10. The method of any of claims 1 -8, wherein the determined variable expected response (6) is an output of the one-way function (7), wherein the output of the one-way function (7) has the second length.
1 1 . The method of any of claims 1 -8, wherein determining the variable expected response (6) comprises determining a first output of the one-way function (7) and determining a second output of another one-way function, with the first output included as an input to the another oneway function, wherein the second output has the second length.
12. The method of any of claims 1 -1 1 , wherein the determined variable response (8) is determined based on a function (16) that includes a response (19) and a first random number (20) as inputs to the function, wherein the one-way function (7) includes the determined variable response (8) and a second random number (9) as inputs to the one-way function (7).
13. The method of claim 12, wherein the authentication exchange is for or based on Authentication and Key Agreement, AKA, wherein the variable response (8) is a variable result RES*, wherein the response is a result RES, and wherein the variable expected response (6) is a variable expected result HXRES*.
14. The method of any of claims 12-13, wherein the function (16) based on which the variable response (8) is determined is a key derivation function, KDF.
15. The method of claim 14, wherein the KDF includes as inputs a cipher key, an integrity key, the response (19), a serving network name, and the first random number (20).
16. The method of any of claims 12-15, wherein the function (16) based on which the variable response (8) is determined is a one-way function.
17. The method of any of claims 1 -16, wherein the one-way function (7) based on which the variable expected response (6) is determined is a hashing function.
18. A method for authentication exchange in a radio communication network (4), the method being performed by a visited network node (10) of the radio communication network (4) and comprising:
receiving (S200) a variable expected response (6) from a home network node (5);
receiving (S210) from a wireless terminal (1 ) a variable response (1 1 ) that has a first length;
determining (S230) an expected response (13), based on the received variable response (1 1 ), wherein the determined expected response (13) has a second length that is shorter than the first length of the received variable response (1 1 ); and validating (S240) the determined expected response (13) with the received variable expected response (6).
19. The method of claim 18, further comprising verifying or not verifying (S240)
authentication of the wireless terminal (1 ) depending on whether or not the determined expected response (13) is validated.
20. The method of claim 19, further comprising, after verifying authentication of the wireless terminal (1 ), sending (S250) a confirmation (21 ) of verified authentication from the visited network node (10) to the home network node (5).
21 . The method of claim 20, wherein the confirmation (21 ) includes the received variable response (1 1 ).
22. The method of any of claims 18-21 , further comprising sending to the home network node (5) an authentication information request that requests information for verifying
authentication of the wireless terminal (1 ), and wherein the variable expected response (6) is received from the home network node (5) in response to the authentication information request.
23. The method of any of claims 18-22, wherein the second length is half the length of the first length.
24. The method of any of claims 18-23, wherein the difference in length between the first length and the second length is at least 16 bits.
25. The method of any of claims 18-24, wherein determining the expected response (13) comprises determining the expected response (13) based on a one-way function (7) that includes the received variable response (1 1 ) and a random number (9) as inputs to the one-way function (7).
26. The method of claim 25, wherein determining the expected response (13) comprises determining an output of the one-way function (7) and truncating the output to have the second length.
27. The method of claim 25, wherein the determined expected response (13) is an output of the one-way function (7), wherein the output of the one-way function (7) has the second length.
28. The method of claim 25, wherein determining the expected response (13) comprises determining a first output of the one-way function (7) and determining a second output of another one-way function, with the first output included as an input to the another one-way function, wherein the second output has the second length.
29. The method of any of claims 15-28, wherein the one-way function (7) based on which the expected response (13) is determined is a hashing function.
30. The method of any of claims 18-29, wherein the authentication exchange is for
Authentication and Key Agreement, AKA, wherein the variable response is a variable result RES*, wherein the variable expected response (6) is a variable expected result HXRES*, and wherein the determined expected response (13) is a determined expected result HRES*.
31 . A method for authentication exchange in a radio communication network (4), the method being performed by a wireless terminal (1 ) of the radio communication network (4) and comprising:
determining (S330) a variable response (1 1 ) that has a first length; and
sending (S340) the variable response (1 1 ) to a visited network node (10) for
authentication of the wireless terminal (1 ) based on an expected response (13) that is determinable from the variable response (1 1 ), wherein the first length of the variable response (1 1 ) is longer than a second length of the expected response (13).
32. The method of claim 31 , further comprising sending (S310) an attach request to the visited network node (10) and receiving (S320) a first random number in response to the attach request, and wherein determining the variable response (1 1 ) comprises determining the variable response (1 1 ) based on the first random number (20).
33. The method of any of claims 31 -32, wherein determining the variable response (1 1 ) comprises determining the variable response (1 1 ) based on a function (16) that includes a response (19) and a first random number (20) as inputs to the function (16).
34. The method of any of claims 31 -33, wherein determining the variable response (1 1 ) comprises determining an output of a function (16) and truncating the output to have the first length.
35. A home network node (5) for authentication exchange in a radio communication network (4), the home network node (5) configured to:
determine a variable response (8) that has a first length; and
determine a variable expected response (6) based on a one-way function (7) that
includes the determined variable response (8) and a random number (9) as inputs to the one-way function (7), wherein the variable expected response (6) has a second length shorter than the first length.
36. The home network node (5) of claim 35, configured to perform the method of any of claims 2-17.
37. A visited network node (10) configured for use in a radio communication network, the visited network node (10) configured to:
receive a variable expected response (6) from a home network node (5);
receive from a wireless terminal (1 ) a variable response (1 1 ) that has a first length; determine an expected response (13), based on the received variable response (1 1 ), wherein the determined expected response (13) has a second length that is shorter than the first length of the received variable response (1 1 ); and validate the determined expected response (13) with the received variable expected response (6).
38. The visited network node (10) of claim 37, configured to perform the method of any of claims 19-30.
39. A wireless terminal (1 ) for authentication exchange in a radio communication network, the wireless terminal (1 ) configured to:
determine a variable response (1 1 ) that has a first length; and
send the variable response (1 1 ) to a visited network node (10) for authentication of the wireless terminal (1 ) based on an expected response (13) that is determinable from the variable response (1 1 ), wherein the first length of the variable response (1 1 ) is longer than a second length of the expected response (13).
40. The wireless terminal of claim 39, configured to perform the method of any of claims 32- 34.
41 . A home network node (5) for authentication exchange in a radio communication network (4), the home network node (5) comprising:
a processor (30); and
a computer program product (32, 34) storing instructions that, when executed by the processor (30), causes the home network node (5) to:
determine a variable response (8) that has a first length; and
determine a variable expected response (6) based on a one-way function (7) that includes the determined variable response (8) and a random number (9) as inputs to the one-way function (7), wherein the variable expected response (6) has a second length shorter than the first length.
42. The home network node (5) of claim 41 , wherein the computer program product (32, 34) stores instructions that, when executed by the processor (30), causes the home network node (5) to perform the method of any of claims 2-17.
43. A visited network node (10) configured for use in a radio communication network, the visited network node (10) comprising:
a processor (40); and
a computer program product (42, 44) storing instructions that, when executed by the processor (40), causes the visited network node (10) to:
receive a variable expected response (6) from a home network node (5);
receive from a wireless terminal (1 ) a variable response (1 1 ) that has a first
length;
determine an expected response (13), based on the received variable response
(1 1 ), wherein the determined expected response (13) has a second length that is shorter than the first length of the received variable response (1 1 ); and
validate the determined expected response (13) with the received variable
expected response (6).
44. The visited network node (10) of claim 43, wherein the computer program product (42, 44) stores instructions that, when executed by the processor (40), causes the visited network node (10) to perform the method of any of claims 19-30.
45. A wireless terminal (1 ) for authentication exchange in a radio communication network, the wireless terminal (1 ) comprising:
a processor (50); and
a computer program product (52, 54) storing instructions that, when executed by the processor (50), causes the wireless terminal (1 ) to:
determine a variable response (1 1 ) that has a first length; and
send the variable response (1 1 ) to a visited network node (10) for authentication of the wireless terminal (1 ) based on an expected response (13) that is determinable from the variable response (1 1 ), wherein the first length of the variable response (1 1 ) is longer than a second length of the expected response (13).
46. The wireless terminal of claim 45, wherein the computer program product (52, 54) stores instructions that, when executed by the processor (50), causes the wireless terminal (1 ) to perform the method of any of claims 32-34.
47. A home network node (5) for authentication exchange in a radio communication network, the home network node (5) comprising:
a determination manager (36) for determining a variable response (8) that has a first length, and determining a variable expected response (6) based on a one-way function (7) that includes the determined variable response (8) and a random number (9) as inputs to the one-way function (7), wherein the variable expected response (6) has a second length shorter than the first length.
48. A visited network node (10) for authentication exchange in a radio communication network, the visited network node (10) comprising:
a communication manager (48) for receiving a variable expected response (6) from a home network node (5), and for receiving from a wireless terminal (1 ) a variable response (1 1 ) that has a first length; and
a determination manager (46) for determining an expected response (13), based on the received variable response (1 1 ), wherein the determined expected response (13) has a second length that is shorter than the first length of the received variable response (1 1 ), and for validating the determined expected response (13) with the received variable expected response (6).
49. A wireless terminal (1 ) for authentication exchange in a radio communication network, the wireless terminal (1 ) comprising:
a determination manager (56) for determining a variable response (1 1 ) that has a first length; and
a communication manager (58) for sending the variable response (1 1 ) to a visited
network node (10) for authentication of the wireless terminal (1 ) based on an expected response (13) that is determinable from the variable response (1 1 ), wherein the first length of the variable response (1 1 ) is longer than a second length of the expected response (13).
50. A computer program (34) for authentication exchange in a communication network (4), the computer program (34) comprising computer program code which, when run on a home network node (5), causes the home network node (5) to:
determine a variable response (8) that has a first length; and
determine a variable expected response (6) based on a one-way function (7) that
includes the determined variable response (8) and a random number (9) as inputs to the one-way function (7), wherein the variable expected response (6) has a second length shorter than the first length.
51 . A computer program (44) for authentication exchange in a radio communication network (4), the computer program (44) comprising computer program code which, when run on a visited network node (10), causes the visited network node (10) to:
receive a variable expected response (6) from a home network node (5);
receive from a wireless terminal (1 ) a variable response (1 1 ) that has a first length; determine an expected response (13), based on the received variable response (1 1 ), wherein the determined expected response (13) has a second length that is shorter than the first length of the received variable response (1 1 ); and validate the determined expected response (13) with the received variable expected response (6).
52. A computer program (54) for authentication exchange in a radio communication network (4), the computer program (54) comprising computer program code which, when run on a wireless terminal (1 ), causes the wireless terminal (1 ) to:
determine a variable response (1 1 ) that has a first length; and
send the variable response (1 1 ) to a visited network node (10) for authentication of the wireless terminal (1 ) based on an expected response (13) that is determinable from the variable response (1 1 ), wherein the first length of the variable response (1 1 ) is longer than a second length of the expected response (13).
53. A computer program product (32, 42, 52) comprising a computer program (34, 44, 54) according to any one of claims 50-52 and a computer readable storage medium on which the computer program (34, 44, 54) is stored.
PCT/EP2017/083440 2017-05-12 2017-12-19 Authentication exchange for wireless networks using variable expected response lengths Ceased WO2018206139A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762505286P 2017-05-12 2017-05-12
US62/505286 2017-05-12

Publications (1)

Publication Number Publication Date
WO2018206139A1 true WO2018206139A1 (en) 2018-11-15

Family

ID=61002973

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/083440 Ceased WO2018206139A1 (en) 2017-05-12 2017-12-19 Authentication exchange for wireless networks using variable expected response lengths

Country Status (1)

Country Link
WO (1) WO2018206139A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7194765B2 (en) 2002-06-12 2007-03-20 Telefonaktiebolaget Lm Ericsson (Publ) Challenge-response user authentication
WO2015177397A1 (en) * 2014-05-20 2015-11-26 Nokia Technologies Oy Cellular network authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7194765B2 (en) 2002-06-12 2007-03-20 Telefonaktiebolaget Lm Ericsson (Publ) Challenge-response user authentication
WO2015177397A1 (en) * 2014-05-20 2015-11-26 Nokia Technologies Oy Cellular network authentication

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on the security aspects of the next generation system (Release 14)", 3GPP STANDARD ; TECHNICAL REPORT ; 3GPP TR 33.899, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. V1.1.0, 13 April 2017 (2017-04-13), pages 1 - 491, XP051298122 *
ERICSSON: "Interim Agreements: How to implement increased home control in EPS AKA*", vol. SA WG3, no. Ljubljana,Slovenia; 20170515 - 20170519, 9 May 2017 (2017-05-09), XP051269102, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_87_Ljubljana/Docs/> [retrieved on 20170509] *
NOKIA: "Authentication procedure for EPS AKA* - possible variant", vol. SA WG3, no. Ljubljana, Slovenia; 20170515 - 20170519, 9 May 2017 (2017-05-09), XP051269327, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_87_Ljubljana/Docs/> [retrieved on 20170509] *
ZTE ET AL: "EPS Authentication with hiding keys assisted by UE - EPS AKA+", vol. SA WG3, no. Ljubljana,Slovenia; 20170515 - 20170519, 8 May 2017 (2017-05-08), XP051269084, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_87_Ljubljana/Docs/> [retrieved on 20170508] *

Similar Documents

Publication Publication Date Title
JP6979420B2 (en) Security configuration for communication between communication devices and network devices
KR101536489B1 (en) Authentication of access terminal identities in roaming networks
US11392685B2 (en) Device authentication method and apparatus
EP2548390B1 (en) Facilitating authentication of access terminal identity
CN108292994B (en) Method and apparatus for message authentication
EP3485624B1 (en) Operation related to user equipment using secret identifier
CN102480713B (en) Method, system and device for communication between sink node and mobile communication network
CN110545252B (en) A method, terminal, control function entity and application server for authentication and information protection
KR101297648B1 (en) Authentication method between server and device
CN102833066B (en) Three-party authentication method and device as well as intelligent card supporting two-way authentication
CN109788480B (en) Communication method and device
EP2874367A1 (en) Call authentication method, device, and system
EP3614741B1 (en) Processing apparatus for terminal access to 3gpp network and communication system and corresponding system and computer program product
US8989380B1 (en) Controlling communication of a wireless communication device
CN112534850A (en) Protection of non-access stratum communications in a wireless communication network
JP2017069719A (en) In-vehicle communication system
WO2018205148A1 (en) Data packet checking method and device
CN115868189A (en) Method, vehicle, terminal and system for establishing vehicle safety communication
CN113519173A (en) Wireless devices and network nodes for authenticating device classes and corresponding methods in wireless communication systems
WO2018206139A1 (en) Authentication exchange for wireless networks using variable expected response lengths
CN119014023A (en) Security implementation method and device, equipment and network element
KR101960583B1 (en) Method for issuing a certificate
US12490090B2 (en) Systems and methods for ephemeral token-based device identifier detection
CN119031363B (en) Emergency management method and system based on data security
CN111866884B (en) Safety protection method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17832060

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17832060

Country of ref document: EP

Kind code of ref document: A1