摘要 |
Systems and methods for providing authentication key agreement (AKA) with perfect forward secrecy (PFS) are disclosed. In one embodiment, a network according to the disclosure may receive an attach request from a UE, provide an authentication request including a network support indicator to a network resource, receive an authentication token from the network resource, such that the authentication token includes an indication that a network supports PFS, provide the authentication token to the UE, receive an authentication response including a UE public key value, obtain a network public key value and a network private key value, determine a shared key value based on the network private key value and the UE public key value, bind the shared key value with a session key value to create a bound shared key value, and use the bound shared key value to protect subsequent network traffic. |
主权项 |
1. A method for providing an authentication and key agreement protocol with perfect forward secrecy (PFS) between a user equipment and a network, the method comprising:
generating, with the user equipment, an attach request; receiving, with the user equipment, an authentication token, that includes an indication of PFS support by the network; determining, with the user equipment, whether the network supports PFS; providing, with the user equipment, a UE public key value to the network; receiving, with the user equipment, a network public key value from the network; determining, with the user equipment, a shared key value based on the network public key value and a UE private key value; binding, with the user equipment, the shared key value with a session key value to create a bound shared key value; and utilizing, with the user equipment, the bound shared key value to protect subsequent network traffic. |