40 results about "Generic Bootstrapping Architecture" patented technology

Method and apparatus for communicating with a machine to machine, M2M, device comprising: deriving at a M2M device using generic bootstrapping architecture, GBA, a first key. Sending a second key to the M2M device protected using the first key, wherein the second key is different to the first key. Sending protected data to the M2M device, wherein the protected data is verifiable by the M2M device using the second key.

A particular method includes receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining whether the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device, or determining whether the SUPL server supports a certificate-based authentication method; and in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device.

A method includes receiving at a network application function a request related to a generic bootstrapping architecture key originated from a user equipment (1). The received request includes a network application function identifier that includes a uniform resource locator, where the network application function has a fully qualified domain name. The method further includes causing a generic bootstrapping architecture key to be generated for the user equipment based at least in part on the uniform resource locator that is part of the network application function identifier (5). Apparatus and computer programs for performing the method are also disclosed.

A method, performed by a User Equipment device (UE), for obtaining a key for direct communication with a device over an air interface, wherein the UE has previously acquired a transaction identifier received from a Bootstrapping Server Function (BSF), in a Generic Bootstrapping Architecture (GBA), procedure, is provided. The method comprises storing the transaction identifier, sending the transaction identifier to the device and requesting key generation for direct communication with the device. If the transaction identifier is invalid, the method further comprises receiving from the device adevice identifier and key generation information, deriving a session shared key from at least the key generation information, and deriving a direct communication key from at least the session shared key and the device identifier.

The embodiment of the invention discloses a key distribution and reception method, a key management center, and first and second network elements. The key distribution and reception method disclosed by the embodiment comprises the steps: a first key management center obtains information of an NAF key of the first network element and the NAF key of the first network element, the information of the NAF key of the first network element being the information necessary for obtaining the NAF key of the first network element; the first key management center obtains a service key, the service key being used for performing encryption and / or integrity protection on communication data when the first network element communicates with the second network element; the first key management center performs encryption and / or integrity protection on the service key by adopting the NAF key of the first network element and generates a first safety protection parameter; and the first key management center sends a first GBA (Generic Bootstrapping Architecture) push message to the first network element, wherein the first GBA push message carries the first safety protection parameter and the information of the NAF key of the first network element. The embodiment can prevent data from suffering from eavesdropping attack in a transmission process.

The embodiment of the invention provides secret key notification and decryption method and device in generic bootstrapping architecture push (GBA Push). The secret key notification method comprises the steps of: encrypting push information to be pushed to user equipment (UE) respectively by using a first secret key and a second secret key so as to generate two encrypted push information; and sending the two encrypted push information and corresponding secret key type information thereof to the UE. Therefore, the problem that the UE cannot decrypt the push information during GBA Push due to the inconsistency between the secret key type pushed by a server and a secret key type supported by the UE is solved.

The invention relates to a generic bootstrapping architecture protocol. Method and system for communicating securely with a user equipment, UE, using generic bootstrapping architecture, GBA, the system comprising a bootstrapping server function, BSF. A proxy server configured to receive messages from a user equipment, UE, in a first format. Convert the received messages from the first format to a second format. Transmit the received UE messages to a bootstrapping server function, BSF, in the second format. Receive messages from the BSF, in a third format. Convert the messages received from the BSF from the third format to a fourth format. Transmit the received BSF messages to the UE in the fourth format.

Method and system for communicating securely with a user equipment, UE, using generic bootstrapping architecture, GBA, the system comprising a bootstrapping server function, BSF. A proxy server configured to receive messages from a user equipment, UE, in a first format. Convert the received messages from the first format to a second format. Transmit the received UE messages to a bootstrapping server function, BSF, in the second format. Receive messages from the BSF, in a third format. Convert the messages received from the BSF from the third format to a fourth format. Transmit the received BSF messages to the UE in the fourth format.

The invention discloses a GBA-based MTC equipment group management method, which is applied to a system including MTC equipment, BSF and M2M-SC. The method includes: when the first MTC equipment negotiates with the M2M-SC and determines to join the group When the MTC devices identified as G-ID are grouped, the first session key is established between the first MTC device and the M2M-SC through the first GBA process between the first MTC device, the BSF and the M2M-SC, and the M2M-SC The G-ID and group key Kg of the MTC device group are encrypted by the first session key and sent to the first MTC device. By adopting the present invention, the group members in the MTC equipment grouping can be safely managed.

A method is provided for putting in place a security association of GBA type for a terminal. The method includes the following steps, executed in a network access server, following receipt of a request for attachment to the network from the terminal: dispatching a request for association of security to a priming function server; reception of a response comprising security association parameters, from the priming function server and dispatching a message including the security association parameters to the terminal.

Method and Apparatus for Securing a Connection in a Communications Network A method of operating a user equipment (UE) using a Generic Bootstrapping Architecture (GBA) is provided. The method includes establishing a shared secret between the UE and a Network Application Function (NAF). An authentication request is sent to a Bootstrapping Server Function (BSF) by the UE. An original parameter intended for a key derivation function and a bootstrapping transaction identifier is received from the BSF. An application request, including the bootstrapping transaction identifier, is sent by the UE to the NAF. A modified parameter is derived by the UE from the secret and the original parameter intended for the key derivation function. A cryptographic key is determined using said modified parameter in place of or in addition to the original parameter in the key derivation function, and communications with the NAF are secured using the key.

The Generic Bootstrapping Architecture is used in a method for assigning the bootstrapping transaction ID so that a machine-to-machine server or other device can locate and communicate with a bootstrapping server function. The bootstrapping server function assigns the bootstrapping transaction ID and updates a DNS server with an entry that maps the bootstrapping transaction ID to a network node IP Address.

The invention discloses a method for MTC servers to share keys. When an MTC device establishes a secure connection with a first MTC server through a GBA process and performs secure communication, it can send request information to a second MTC server (including the MTC device and the first MTC server). The host identification NAF-ID1 of the boot identification B-TID and the first MTC server being used); The second MTC server sends an authentication request to the BSF (including the host identification NAF-ID2, B-TID and NAF-ID1 of the second MTC server ); After the BSF verifies that NAF-ID2 and NAF-ID1 are valid, it generates a session key KNAF according to B-TID and NAF-ID1, and sends it to the second MTC server. The present invention also correspondingly discloses a system for MTC servers to share keys. Through the present invention, MTC equipment can be safely communicated with multiple MTC servers at the same time, and the use efficiency of network resources is improved.

In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list receivedfrom the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities. The method further includes receiving a second response message from the network that is at least partially integrity protected, where the second response message includes an indication of the selected authentication mechanism and the corresponding identity.