Internet key exchange protocol using security associations

摘要

The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.

主权项

1. A method of authenticating a user equipment in a communications network, the method comprising:
sending a message from a network entity to the user equipment including a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity said options including a “shared key”-based authentication procedure; selecting an option from the set and in the event that the “shared-key”-based authentication procedure is selected, generating a shared secret from a security key established in a generic bootstrapping architecture (GBA) over a second interface between the user equipment and a bootstrapping service function; and using the shared secret to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.