Secured authenticated communication between an initiator and a responder
地域:
Stockholm
摘要
Secure, authenticated communication is enabled between an initiator (12) (e.g., a user equipment) and a responder (14) (e.g., an authentication server function, AUSF, or a subscription de-concealing function, SIDF). The initiator (12) transmits a message (20) to the responder (14) over a secure communication channel (16). The message (20) may include information indicating a third party (18) whose signing of data (e.g., bound to the secure communication channel (16)) will authenticate the responder (14) to the initiator (12). The responder (14) correspondingly retrieves from the third party (18) data that is signed by the third party (18) and transmits a response (24) to the initiator (12) that includes the retrieved data. The initiator (12) receives this response (24) and determines whether or not the responder (14) is authenticated by determining whether or not the response (24) includes data that is signed by the third party (18).
說明書
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
The present application relates generally to secured, authenticated communication and relates more specifically to secured, authenticated communication between an initiator and a responder.
Protocols such as the Internet Key Exchange (IKE) protocol help two parties to mutually authenticate one another and securely communicate, so as to ensure data confidentiality and/or integrity. In version 2 of the IKE protocol, for example, a so-called initiator initiates negotiation with a responder regarding which cryptographic algorithm, keying material, and other parameters will be used to protect communication between the initiator and the responder. This negotiation effectively establishes a secure control channel (also referred to as a security association) between the initiator and the responder. The initiator and the responder next authenticate one another in a way that ensures the already negotiated control channel is bound to the authenticated entities. The initiator and responder can then use the secure control channel to establish a secure “traffic” channel (e.g., in the form of an Internet Protocol, IP, Security tunnel) for exchanging data securely.
權利要求
What is claimed is:1. A method for enabling secured, authenticated communication between an initiator and a responder, the method performed by the initiator and comprising:transmitting a message from the initiator to the responder over a secure communication channel established between the initiator and the responder, wherein the message includes information indicating a third party whose signing of data bound to the secure communication channel will authenticate the responder to the initiator; receiving, at the initiator and over the secure communication channel, a response to the message from the responder; and determining, at the initiator, whether or not the responder is authenticated by determining whether or not the response includes data that is bound to the secure communication channel and that is signed by the third party. 2. The method of claim 1 , wherein said determining comprises using a public key of the third party to determine whether or not the response includes data that is signed with a private key of the third party. 3. The method of claim 1 , further comprising, after the responder is authenticated to the initiator, negotiating, on behalf of a security service, one or more security associations for a secure traffic channel between the initiator and the responder. 4. The method of claim 1 , wherein the message is an IKE_AUTH request message according to an Internet Key Exchange (IKE) protocol, wherein the response is an IKE_AUTH response to the IKE_AUTH request message, wherein the initiator is an IKE initiator, and the responder is an IKE responder. 5. The method of claim 1 , wherein the message further indicates that an Extensible Authentication Protocol (EAP) is to be used for authenticating at least the initiator to the responder. 6. The method of claim 1 , wherein the data comprises:a random number signed with a key derived from a shared secret SKEYSEED, wherein the shared secret SKEYSEED is calculated from one or more nonces exchanged between the initiator and the responder as part of establishing the secure communication channel and from a Diffie-Hellman shared secret or an Elliptic Curve Diffie-Hellman shared secret between the initiator and the responder; and/or an authentication payload formed from at least a portion of a message that the responder sent to the initiator as part of establishing the secure communication channel. 7. The method of claim 1 , wherein the initiator is configured, prior to establishment of the secure communication channel, with a public key of the third party with which to verify whether the third party has signed the data. 8. The method of claim 1 , wherein the initiator is a wireless communication device, and wherein the third party is a home network of the wireless communication device. 9. The method of claim 1 , wherein:the third party is represented by network equipment that implements an authentication server function, AUSF, or a subscriber identifier de-concealing function, SIDF; and the responder comprises network equipment that implements a non-3GPP inter-networking function, N3IWF, or an enhanced packet data gateway, ePDG, via which the initiator connects to a 3GPP core network over a non-3GPP access network. 10. The method of claim 1 , wherein the data includes or is a function of at least one of any one or more of:at least some data exchanged between the initiator and the responder as part of establishing the secure communication channel; a shared secret resulting from establishment of the secure communication channel; one or more freshness parameters exchanged as part of establishing the secure communication channel; and an identity of the responder and/or an identity of the initiator. 11. The of claim 1 , wherein the third party is not a certificate authority, and wherein said determining comprises determining, at the initiator, whether or not the responder is authenticated by determining whether or not the response includes data that is bound to the secure communication channel and that is signed by the third party in lieu of a signature of the responder. 12. A method for enabling secured, authenticated communication between an initiator and a responder, the method performed by the responder and comprising:receiving a message from the initiator over a secure communication channel established between the initiator and the responder, wherein the message includes information indicating a third party whose signing of data bound to the secure communication channel will authenticate the responder to the initiator; retrieving from the indicated third party data that is bound to the secure communication channel and that is signed by the third party; and transmitting, by the responder and over the secure communication channel, a response to the message that includes the retrieved data that is bound to the secure communication channel and that is signed by the third party. 13. The method of claim 12 , further comprising, after the responder is authenticated to the initiator, negotiating, on behalf of a security service, one or more security associations for a secure traffic channel between the initiator and the responder. 14. The method of claim 12 , wherein the message is an IKE_AUTH request message according to an Internet Key Exchange (IKE) protocol, wherein the response is an IKE_AUTH response to the IKE_AUTH request message, wherein the initiator is an IKE initiator, and the responder is an IKE responder. 15. The method of claim 12 , wherein the message further indicates that an Extensible Authentication Protocol (EAP) is to be used for authenticating at least the initiator to the responder. 16. The method of claim 12 , wherein the data comprises:a random number signed with a key derived from a shared secret SKEYSEED, wherein the shared secret SKEYSEED is calculated from one or more nonces exchanged between the initiator and the responder as part of establishing the secure communication channel and from a Diffie-Hellman shared secret or an Elliptic Curve Diffie-Hellman shared secret between the initiator and the responder; and/or an authentication payload formed from at least a portion of a message that the responder sent to the initiator as part of establishing the secure communication channel. 17. The method of claim 12 , wherein the initiator is configured, prior to establishment of the secure communication channel, with a public key of the third party with which to verify whether the third party has signed the data. 18. The method of claim 12 , wherein the initiator is a wireless communication device, and wherein the third party is a home network of the wireless communication device. 19. The method of claim 12 , wherein:the third party is represented by network equipment that implements an authentication server function, AUSF, or a subscriber identifier de-concealing function, SIDF; and the responder comprises network equipment that implements a non-3GPP inter-networking function, N3IWF, or an enhanced packet data gateway, ePDG, via which the initiator connects to a 3GPP core network over a non-3GPP access network. 20. The method of claim 12 , wherein the data includes or is a function of at least one of any one or more of:at least some data exchanged between the initiator and the responder as part of establishing the secure communication channel; a shared secret resulting from establishment of the secure communication channel; one or more freshness parameters exchanged as part of establishing the secure communication channel; and an identity of the responder and/or an identity of the initiator. 21. The method of claim 12 , wherein the third party is not a certificate authority, and wherein the response is signed by the third party in lieu of a signature of the responder. 22. A method for enabling secure, authenticated communication between an initiator and a responder, the method performed by third party equipment of a third party and comprising:receiving, at the third party equipment and from the responder, a request that includes data bound to a secure communication channel established between the initiator and the responder and that requests the third party to sign the data; signing the data at the third party equipment; and transmitting the signed data from the third party equipment towards the responder in response to the request. 23. The method of claim 22 , wherein the initiator is a wireless communication device, and wherein the third party is a home network of the wireless communication device.
意見反饋