公开(公告)号：AU2004301386A1

公开(公告)日：2005-01-27

申请号：AU2004301386

申请日：2004-07-01

Applicant: QUALCOMM INC

Inventor： CASACCIA LORENZO ,  GRILLI FRANCESCO ,  SEMPLE JAMES ,  AGASHE PARAG A

IPC: H04L29/06 ,  H04L12/18 ,  H04L12/56 ,  H04N7/16 ,  H04W4/08 ,  H04W12/06

Abstract: A method and an apparatus for secure registration for a multicast-broadcast-multimedia system (MBMS) are disclosed. A random number is generated by a broadcast-multicast-service center (BM-SC) and broadcast to user equipment in the coverage area of a radio access network (RAN). A memory module or smart card (UICC) in the user equipment generates a radio access network key (RAK) which is a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK), and then generates a temporary registration key (RGK) as a function of the RAK, a service identification number and a user identification number, for example, P-TMSI, which may be extracted by the RAN to authenticate the registration as legitimate.

公开(公告)号：CA2531502C

公开(公告)日：2014-08-19

申请号：CA2531502

申请日：2004-07-08

Applicant: QUALCOMM INC

Inventor： HAWKES PHILIP MICHAEL ,  SEMPLE JAMES ,  ROSE GREGORY G

IPC: H04L9/00 ,  G06F9/32 ,  G06F11/30 ,  G06F12/14 ,  H04K1/04 ,  H04K1/06 ,  H04L9/08 ,  H04L9/30 ,  H04M15/00 ,  H04W4/24

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.

公开(公告)号：CA2597475C

公开(公告)日：2012-09-18

申请号：CA2597475

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04W12/06

Abstract: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.

公开(公告)号：PL1854263T3

公开(公告)日：2011-10-31

申请号：PL06720264

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04L29/06 ,  H04W12/06

公开(公告)号：HK1145376A1

公开(公告)日：2011-04-15

申请号：HK10111748

申请日：2010-12-16

Applicant: QUALCOMM INC

Inventor： HAWKES PHILIP MICHAEL ,  SEMPLE JAMES ,  ROSE GREGORY G

IPC: H04L20060101 ,  H04L9/08 ,  H04L9/30 ,  H04W20090101 ,  H04W4/24

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.

公开(公告)号：NZ560464A

公开(公告)日：2010-10-29

申请号：NZ56046406

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04L29/06 ,  H04L12/56 ,  H04W12/06 ,  H04W88/02 ,  H04W92/04

Abstract: A method for authenticating a legacy mobile terminal to communicate with a network application function is disclosed. The method comprises: - generating an authentication challenge at a bootstrapping server function, including a first random number as a first parameter, a public key based at least in part on the first random number, and a signature based at least in part on the first random number, the public key and a private key; - sending the authentication challenge to the legacy mobile terminal which can verify the origin of the authentication challenge based on a previously obtained bootstrapping server digital certificate associated with the bootstrapping server function; - receiving an authentication response at the bootstrapping server function that includes a second random number and a second parameter computed with a copy of the private key generated at the legacy mobile terminal based at least in part on the first random number and a pre-shared secret key stored in a subscriber identification module in the legacy mobile terminal; - verifying whether the authentication response originated from the legacy mobile terminal by re-computing the first parameter at the bootstrapping server function based on a second key provided to the bootstrapping server function; and - generating a mutually authenticated key at the bootstrapping server function based at least in part on the first random number the second random number and the private key. A method for authenticating a network application function to communicate with a legacy mobile terminal is also disclosed. The method comprises: - receiving an authentication challenge at the legacy mobile terminal, including a first random number as a first parameter, a public key based at least in part on the first random number, and a signature based at least in part on the first random number, the public key and a private key; - generating a mutually authenticated key at the legacy mobile terminal based at least in part on the first random number, a second random number and the private key; - verifying whether the authentication challenge originates at a bootstrapping server function based on a previously obtained bootstrapping server digital certificate associated with the bootstrapping server function; and - sending an authentication response to the bootstrapping server function that includes the second random number and a second parameter computed with a copy of the private key generated at the legacy mobile terminal based at least in part on the first random number and a pre-shared secret key stored in a subscriber identification module in the legacy mobile terminal.

公开(公告)号：AU2004258561B2

公开(公告)日：2010-03-04

申请号：AU2004258561

申请日：2004-07-08

Applicant: QUALCOMM INC

Inventor： SEMPLE JAMES ,  QUICK ROY FRANKLIN ,  ROSE GREGORY G

IPC: H04L9/08 ,  H04L12/28 ,  H04L29/06

Abstract: Apparatus and method for provisioning an access key used for a controlled access broadcast service is disclosed. In one aspect, a method for secure processing in a device that securely stores a secret key comprises receiving a plurality of challenges from a network, generating a plurality of ciphering keys based on the secret key and the plurality of challenges, and generating an access key based on the plurality of ciphering keys.

公开(公告)号：BRPI0607359A2

公开(公告)日：2009-09-01

申请号：BRPI0607359

申请日：2006-02-03

Applicant: QUALCOMM INC

Inventor： ROSE GREGORY GORDON ,  SEMPLE JAMES ,  NASIELSKI JOHN WALLACE

IPC: H04L29/06 ,  H04W12/06

Abstract: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.

公开(公告)号：BRPI0416324A2

公开(公告)日：2008-11-25

申请号：BRPI0416324

申请日：2004-11-10

Applicant: QUALCOMM INC

Inventor： PADDON MICHAEL ,  ROSE GREGORY G ,  HAWKES PHILIP M ,  SEMPLE JAMES

IPC: H04W12/02 ,  H04L9/00 ,  H04L9/12 ,  H04L9/32 ,  H04W12/00 ,  H04W12/04 ,  H04W12/06

Abstract: Systems and methods of securing wireless communications between a network and a subscriber station are disclosed. One embodiment creates authentication triplets due to expire after a certain amount of time such that they may not be used indefinitely by an attacker who intercepts them.

公开(公告)号：AT408299T

公开(公告)日：2008-09-15

申请号：AT04756664

申请日：2004-07-01

Applicant: QUALCOMM INC

Inventor： GRILLI FRANCESCO ,  CASACCIA LORENZO ,  SEMPLE JAMES ,  AGASHE PARAG

IPC: H04L29/06 ,  H04L12/18 ,  H04L12/56 ,  H04N7/16 ,  H04W4/08 ,  H04W12/06

Abstract: A method and an apparatus for secure registration for a multicast-broadcast-multimedia system (MBMS) are disclosed. A random number is generated by a broadcast-multicast-service center (BM-SC) and broadcast to user equipment in the coverage area of a radio access network (RAN). A memory module or smart card (UICC) in the user equipment generates a radio access network key (RAK) which is a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK), and then generates a temporary registration key (RGK) as a function of the RAK, a service identification number and a user identification number, for example, P-TMSI, which may be extracted by the RAN to authenticate the registration as legitimate.