|Publication number||USRE39589 E1|
|Application number||US 10/936,830|
|Publication date||Apr 24, 2007|
|Filing date||Sep 9, 2004|
|Priority date||Sep 15, 1998|
|Publication number||10936830, 936830, US RE39589 E1, US RE39589E1, US-E1-RE39589, USRE39589 E1, USRE39589E1|
|Original Assignee||Nokia Networks Oy|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (20), Non-Patent Citations (2), Referenced by (4), Classifications (7), Legal Events (4)|
|External Links: USPTO, USPTO Assignment, Espacenet|
This application is a continuation of PCT/FI98/00721 filed Sep. 15, 1998.
The invention relates to a method for providing connection security for transmission between the communicating parties in a telecommunication network.
At the beginning of a communication a handshake is usually performed between applications in telecommunication networks, during which the parties involved typically authenticate each other and exchange key information, for example, negotiate an encryption algorithm and cryptographic keys to be used in communication. It is only after the handshake that the actual data is transmitted. The confidentiality of the transmission is arranged, for example, through ciphering.
where C is the cipher text, M is the message in plain text, EK is the encryption with key K, and DK is the decryption with key K.
where C is the cipher text, M is the message in plain text, EB + is encryption with the receiver's public key KB +, and DB − is decryption with the receiver's private key KB −.
In the public key algorithm the encryption of a message with the private key K− of the message sender acts as a signature, since anyone can decrypt the message with the known public key K+ of the sender. Since asymmetric keys are usually much longer than symmetric keys, the asymmetric algorithm requires much more processing power. Thus asymmetric algorithms are unsuitable for encrypting large amounts of data.
A hybrid cryptography uses both the above-mentioned algorithms together. For example, only session keys are exchanged using public key algorithm, and the rest of the communication is encrypted with symmetric method.
To provide message integrity and authentication in a connection, a message authentication code MAC is calculated and attached to the transmitted message. For example, MAC can be calculated with a one-way hash algorithm in the following way:
h=H(K, M, K),
where K is the key, M is the message, and H is the hash function. The input cannot be deduced from the output. When MAC is attached to a message, the message cannot be corrupted or impersonated. The receiving party calculates MAC using the received message and the same hash function and key as the transmitting party and compares this calculated MAC to the MAC attached to the message in order to verify it.
One problem with providing connection security is that handshaking requires plenty of processing time since several messages must be sent between the parties involved. The low processing power and narrow bandwidth in the mobile stations make handshakes particularly burdensome in mobile communication networks. Handshakes are also burdensome for applications which have numerous simultaneous transactions, for example, a server in a bank. Therefore, it is desirable to minimize the number and duration of the handshakes. This leads to the problem that an attacker has lots of time for cryptanalysis, as the same encryption keys are used between the two handshakes. If the attacker succeeds in the cryptanalysis, he can access all the material sent between the two handshakes.
The object of this invention is to provide a method for securely protecting transmitted information between communicating applications, especially over narrow-band connections, without unnecessarily loading the communicating parties.
This is achieved by using a method according to the invention characterized by what is stated in the independent claim 1. Special embodiments of the invention are presented in the dependent claims.
The invention is based on the idea that the communicating parties recalculate the security parameters during the transmission session simultaneously with each other at agreed intervals and the continue communicating and providing connection security for messages with these new parameters. The communicating parties monitor the time for recalculation and at the agreed intervals recalculate and thus change the security parameters without a handshake taking place. In the primary embodiment of the invention, the messages are numbered and the number agreed on triggers recalculation at intervals.
The advantage of the method according to the invention is that security parameters can be changed during the session without handshaking. This reduces the need for handshakes.
Another advantage of the method according to the invention is that the security of the transmission is improved, i.e. attacking is made more difficult and less profitable.
The description of the preferred embodiments of the invention will now be made with reference to the attached drawings, in which
The present invention can be applied to any telecommunication network. Below the invention is described in more detail using as an example a mobile station operating in the digital GSM mobile communication system and communicating with an application located either inside or outside the GSM network.
In the following the primary embodiment of the invention is described in more detail with reference to
After agreeing on the intervals for recalculation both the parties monitor the agreed intervals. If an interval after four messages is agreed on, either both parties monitor the number of messages sent, which requires a reliable transmission media with no lost messages, or they number all transmitted messages and transmit these sequence numbers with the messages. The advantage of sending the sequence numbers or time stamps with the messages is that the recalculation is synchronous at both ends even though some messages get lost along the way or messages received are not in correct order. When in the example described above the fourth message is transmitted and received, both the communicating parties recalculate the security parameters and use these new parameters for providing connection security for the next four messages. A handshake or any other session key exchange is not performed during or after the recalculation of the parameters. The recalculation can be based on a shared secret and the latest sequence number, for example. Security parameters can also be used to calculate session keys Kn for ciphering and the message authentication code MAC in the following way, for example:
MAC=H(M, S, N),
where H is a predetermined hash algorithm, S is the shared secret, N is the latest sequence number, and M is the message to be transmitted in plain text.
In another embodiment of the invention, MAC is used to provide connection security for message transmission in the place of ciphering. According to the invention MAC is calculated, from the sequence number that last triggered recalculation of the security parameters, for example. In the example in
Yet another embodiment of the invention uses ciphering and MAC to provide connection security for messages. This is implemented by combining the embodiments described above.
Recalculation of the security parameters includes also the possibility of changing the ciphering algorithm to be used in ciphering the next messages.
The drawings and the accompanying explanation are only intended to demonstrate the principles of the invention. The details of the method according to the invention can vary within the patent claims. Although the invention was described above mostly in connection with a mobile station and service application communication, the invention can also be used for providing connection security for messages between any two or more applications communicating together, also in mobile to mobile connection in a speech, data and short message transmission. The invention is also suitable for use in recalculating other security parameters than session keys and MACs. The invention is not restricted for use only in connection with the ciphering algorithms presented above, but can be applied together with any ciphering algorithms.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4607137 *||Apr 13, 1984||Aug 19, 1986||U.S. Philips Corporation||Method of distributing and utilizing enciphering keys|
|US4856063 *||Jan 27, 1988||Aug 8, 1989||Technical Communication Corporation||No-overhead synchronization for cryptographic systems|
|US5241599 *||Oct 2, 1991||Aug 31, 1993||At&T Bell Laboratories||Cryptographic protocol for secure communications|
|US5602917 *||Dec 30, 1994||Feb 11, 1997||Lucent Technologies Inc.||Method for secure session key generation|
|US5812667 *||Sep 11, 1995||Sep 22, 1998||Nippon Telegraph And Telephone Corporation||Subscriber registration and authentication method|
|US5854841||Nov 25, 1996||Dec 29, 1998||Hitachi, Ltd.||Communication system|
|US5905445 *||May 5, 1997||May 18, 1999||Delco Electronics Corp.||Keyless entry system with fast program mode|
|US5966449 *||Dec 20, 1994||Oct 12, 1999||Canon Kabushiki Kaisha||Method and network for communicating between a group of entities a text encrypted using an encryption key intrinsic to the group of entities in a network having a plurality of entities and a center|
|US5991405 *||Jan 27, 1998||Nov 23, 1999||Dsc Telecom, L.P.||Method for dynamically updating cellular phone unique encryption keys|
|US6014444 *||Apr 3, 1997||Jan 11, 2000||Mita Industrial Co., Ltd.||Apparatus for encrypted communication|
|US6125185 *||May 27, 1997||Sep 26, 2000||Cybercash, Inc.||System and method for encryption key generation|
|US6157722 *||Mar 23, 1998||Dec 5, 2000||Interlok Technologies, Llc||Encryption key management system and method|
|US6157723 *||Mar 3, 1997||Dec 5, 2000||Motorola, Inc.||Method and apparatus for secure communications with encryption key scheduling|
|US6230002 *||Nov 19, 1997||May 8, 2001||Telefonaktiebolaget L M Ericsson (Publ)||Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network|
|EP0189823A2 *||Jan 21, 1986||Aug 6, 1986||Rohde & Schwarz GmbH & Co. KG||Method for transmitting digital information|
|JPH066615A||Title not available|
|JPH01288131A||Title not available|
|WO1995006374A1||Jul 11, 1994||Mar 2, 1995||Motorola Inc||Method and apparatus for providing cryptographic protection of a data stream in a communication system|
|WO1995008232A1 *||Sep 14, 1994||Mar 23, 1995||Chantilley Corp Ltd||Apparatus for key distribution in an encryption system|
|WO1995026087A1 *||Mar 23, 1995||Sep 28, 1995||Chantilley Corp Ltd||Apparatus for generating encryption/decryption look-up tables using a session key|
|1||Davies et al, "Security for Computer Networks", Nikkei MacGrow Hill-Sha, Dec. 5, 1985, pp. 126-128. (with English Translation).|
|2||*||Mar. 25, 1999, International Search Report for PCT/FI98/00721.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7913085 *||Mar 22, 2011||Koolspan, Inc.||System and method of per-packet keying|
|US8234412 *||Sep 10, 2001||Jul 31, 2012||International Business Machines Corporation||Method and system for transmitting compacted text data|
|US20070049251 *||Aug 31, 2005||Mar 1, 2007||Mock Von A||Method and system for wireless communication in emergency situations|
|US20110138170 *||Jun 9, 2011||Koolspan, Inc.||System and method of per-packet keying|
|U.S. Classification||455/410, 380/284, 455/411, 380/283|
|International Classification||H04M1/68, H04M1/66, H04M3/16|
|May 3, 2007||AS||Assignment|
Owner name: NOKIA CORPORATION, FINLAND
Free format text: MERGER;ASSIGNOR:NOKIA NETWORKS OY;REEL/FRAME:019235/0856
Effective date: 20050928
|Feb 25, 2010||FPAY||Fee payment|
Year of fee payment: 8
|Feb 12, 2014||FPAY||Fee payment|
Year of fee payment: 12
|Jan 29, 2015||AS||Assignment|
Owner name: NOKIA TECHNOLOGIES OY, FINLAND
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NOKIA CORPORATION;REEL/FRAME:034840/0740
Effective date: 20150116