Security and privacy enhancements for security devices

Abstract

The invention generally relates to a tamper-resistant security device, such as a subscriber identity module or equivalent, which has an AKA (Authentication and Key Agreement) module for performing an AKA process with a security key stored in the device, as well as means for external communication. The idea according to the invention is to provide the tamper-resistant security device with an application adapted for cooperating with the AKA module and means for interfacing the AKA module and the application. The application cooperating with the AKA module is preferably a security and/or privacy enhancing application. The application is advantageously a software application implemented in an application environment of the security device. For increased security, the security device may also be adapted to detect whether it is operated in its normal secure environment or a foreign less secure environment, and set access rights to resident files or commands that could expose the AKA process or corresponding parameters accordingly.

Description

TECHNICAL FIELD OF THE INVENTION [0001] The present invention generally relates to Authentication and Key Agreement (AKA) procedures in communication systems, and more particularly to the use and configuration of tamper-resistant security devices in such procedures. BACKGROUND OF THE INVENTION [0002] In general, Authentication and Key Agreement (AKA) includes mutual authentication, which means that each of the communicating parties, such as a user and an associated operator, can be certain that the other party is the alleged party, but may also include preserved privacy, which for example means that the initiating party, normally the user, can use a pseudonym for his / her identity. The operator will then be able to determine the user's true identity, whereas no third party will be able to. Naturally, there is usually no point in performing authentication, unless some subsequent actions and / or procedures involving the authenticated parties are performed. Typically, the authentication ...

AI Technical Summary

Benefits of technology

[0012] It is a general object of the invention to provide enhanced security and / or privacy in connection with authentication and / or key agreement.

[0013] It is an object to provide an improved SIM or similar tamper-resistant security device. In this respect, it is particularly desirable to extend the functionality of the tamper-resistant security device for the purpose of enhanced security and / or privacy.

Problems solved by technology

It will take time to change the standard, and it might not even be possible before standard UMTS USIMs, which are stronger and do not need the extra protection, are available on the market.

Hence, such a standardization effort is questionable.

In addition, it cannot be excluded that the EAP SIM proposal itself has some weakness and may later need to be “tweaked”.

In fact, the approach of using several RAND values in sequence to derive longer keys was recently discovered to have some flaws.

Images