Authenticating an application

Description

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide a further understanding of the invention and constitute a part of this specification, illustrate embodiments of the invention and together with the description help to explain the principles of the invention. In the drawings:

FIG. 1 is a block diagram illustrating a prior art architecture of the Generic Bootstrapping Architecture (GBA),

FIG. 2 is a signaling diagram illustrating a prior art bootstrapping procedure,

FIG. 3 is a block diagram illustrating various elements in accordance with one embodiment of the invention, and

FIG. 4 is a signaling diagram illustrating one embodiment for authenticating an application towards a server application in mobile equipment in accordance with the present invention.

FIG. 5 is a signaling diagram illustrating another embodiment for authenticating an application towards a server application in mobile equipment in accordance with the present invention.

Claims

1. A method of authenticating an application, the method comprising: performing, with a server application, bootstrapping procedures between the server application and a bootstrapping server function server;deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier;providing the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures;receiving a response from the application; andauthenticating the application by validating the response with the shared key.
2. The method according to claim 1, wherein the authenticating of the application comprises: authenticating the application by comparing the shared key with the response.
3. The method according to claim 1, further comprising: generating a challenge; andproviding the application with the challenge,wherein the authenticating of the application comprises authenticating the application by validating the response with the challenge and the shared key.
4. The method according to claim 3, further comprising: receiving signed data with the response,wherein the authenticating of the application further comprises verifying the signed data with the shared key.
5. The method according to claim 1, further comprising: receiving a register request from the application, the request comprising at least one of the network application function identifier and an application instance identifier before providing the application with the bootstrapping transaction identifier.
6. The method according to claim 1, further comprising: receiving a register request from the application, before providing the application with the bootstrapping transaction identifier.
7. The method according to claim 6, wherein the register request comprises an application instance identifier.
8. The method according to claim 5, wherein the deriving of the shared key comprises: deriving the shared key based on the key received from the bootstrapping server function server during the bootstrapping procedures, the network application function identifier and the application instance identifier.
9. The method according to claim 1, further comprising: marking the application as trusted if the authentication is successful.
10. The method according to claim 9, further comprising: providing the application with the shared key.
11. The method according to claim 9, further comprising: receiving from the application a request for a network application function key; andsending to the application the network application function key in response to the request.
12. A method of authenticating an application with a server application, the method comprising: receiving, with the application, from the server application at least a bootstrapping transaction identifier;opening a communication link with a network application function server;providing the network application function server with at least the bootstrapping transaction identifier via the communication link;receiving, in response to providing the bootstrapping transaction identifier, at least a response from the network application function server; andauthenticating the application by providing the server application with at least the response received from the network application function server.
13. The method according to claim 12, wherein the receiving from the server application comprises receiving the bootstrapping transaction identifier and a challenge, andthe providing to the network application function server comprises providing the network application function server with the bootstrapping transaction identifier and the challenge via the communication link.
14. The method according to claim 13, wherein the receiving from the network application function comprises receiving the response and signed data from the network application function; andthe authenticating of the application comprises providing the server application with the response and the signed data received from the network application function server.
15. The method according to claim 12, further comprising: receiving a shared key from the server application after successful authentication.
16. The method according to claim 12, further comprising: after authentication, sending to the server application a request for a network application function key; andreceiving the network application function key from the server application in response to the request.
17. A method of deriving an authentication key, the method comprising: opening a communication link with an application;receiving, from the application, at least a bootstrapping transaction identifier via the communication link;sending a request to a bootstrapping server function server to receive a shared key, the request comprising at least the bootstrapping transaction identifier;receiving, from the bootstrapping transaction identifier, the shared key in response to the request;deriving a response by using at least the shared key; andsending at least the response to the application.
18. The method according to claim 17, wherein: the receiving, from the application comprises receiving the bootstrapping transaction identifier and a challenge via the communication link; andthe deriving of the response comprises deriving the response by using at least the shared key and the challenge.
19. The method according to claim 17, wherein: the sending of at least the response comprises sending the response and signed data signed with the shared key to the application.
20. A computer program embodied on a data-processing device to authenticate an application, the computer program comprising code configured to comprise: performing bootstrapping procedures with a bootstrapping server function server;deriving a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier;providing the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures;receiving a response from the application; andauthenticating the application by validating the response with the shared key.
21. The computer program according to claim 20, wherein the authenticating of the application comprises: authenticating the application by comparing the shared key with the response.
22. The computer program according to claim 20, further comprising: generating a challenge; andproviding the application with the challenge,wherein the authenticating of the application comprises authenticating the application by validating the response with the challenge and the shared key.
23. The computer program according to claim 22, further comprising: receiving signed data with the response,wherein the authenticating of the application further comprises verifying the signed data with the shared key.
24. The computer program according to claim 20, further comprising: receiving a register request from the application, the request comprising at least one of the network application function identifier and an application instance identifier before providing the application with the bootstrapping transaction identifier.
25. The computer program according to claim 20, further comprising: receiving a register request from the application, before providing the application with the bootstrapping transaction identifier.
26. The computer program according to claim 25, wherein the register request comprises an application instance identifier.
27. The computer program according to claim 24, wherein the deriving of the shared key comprises: deriving the shared key based on the key received from the bootstrapping server function server during the bootstrapping procedures, the network application function identifier and the application instance identifier.
28. The computer program according to claim 20, further comprising: marking the application as trusted when the authentication is successful.
29. The computer program according to claim 28, further comprising: providing the application with the shared key.
30. The computer program according to claim 28, further comprising: receiving from the application a request for a network application function key; andsending to the application the network application function key in response to the request.
31. The computer program according to claim 20, wherein the computer program is embodied on a computer-readable medium.
32. A computer program embodied on a data-processing device to authenticate an application with a server application, the computer program comprising code configured to comprise: receiving from a server application at least a bootstrapping transaction identifier;opening a communication link with a network application function server;providing the network application function server with at least the bootstrapping transaction identifier via the communication link;receiving, in response to providing the bootstrapping transaction identifier, at least a response from the network application function server; andauthenticating the application by providing the server application with at least the response received from the network application function server.
33. The computer program according to claim 32, wherein the receiving from the server application comprises receiving the bootstrapping transaction identifier and a challenge, andthe providing to the network application function server comprises providing the network application function server with the bootstrapping transaction identifier and the challenge via the communication link.
34. The computer program according to claim 33, wherein the receiving from network application function comprises receiving the response and signed data from network application function, andthe authenticating of the application comprises providing the server application with the response and the signed data received from the network application function server.
35. The computer program according to claim 32, further comprising: receiving s shared key from the server application after successful authentication.
36. The computer program according to claim 32, further comprising: after authentication, sending to the server application a request for a network application function key; andreceiving the network application function key from the server application in response to the request.
37. The computer program according to claim 32, wherein the computer program is embodied on a computer-readable medium.
38. A computer program embodied on a data-processing device to derive an authentication key, the computer program comprising code configured to comprise: opening a communication link with an application;receiving, from the application, at least a bootstrapping transaction identifier via the communication link;sending a request to a bootstrapping server function server to receive a shared key, the request comprising at least the bootstrapping transaction identifier;receiving, from the bootstrapping transaction identifier, the shared key in response to the request;deriving a response by using at least the shared key; andsending at least the response to the application.
39. The computer program according to claim 38, wherein the receiving comprises receiving the bootstrapping transaction identifier and a challenge via the communication link; andthe deriving comprises deriving the response by using at least the shared key and the challenge.
40. The computer program according to claim 38, wherein: the sending of at least the response comprises sending the response and signed data signed with the shared key to the application.
41. The computer program according to claim 38, wherein the computer program is embodied on a computer-readable medium.
42. A mobile terminal for authenticating an application, comprising: a server application configured to perform bootstrapping procedures between the server application and a bootstrapping server function server, to derive a shared key based on at least a key received from the bootstrapping server function server during the bootstrapping procedures and a network application function identifier, to provide the application with a bootstrapping transaction identifier, the bootstrapping transaction identifier being received from the bootstrapping server function server during the bootstrapping procedures, to receive a response from the application, and to authenticate the application by validating the response with the shared key.
43. The mobile terminal according to claim 42, wherein the server application is configured to authenticate the application by comparing the shared key with the response.
44. The mobile terminal according to claim 42, wherein the server application is configured to generate a challenge, to provide the application with the challenge, and to validate the response with the challenge and the shared key.
45. The mobile terminal according to claim 44, wherein the server application is configured to receive signed data with the response, and to verify the signed data with the shared key.
46. The mobile terminal according to claim 42, wherein the server application is configured to receive a register request from the application, the request comprising at least one of the network application function identifier and an application instance identifier before providing the application with the bootstrapping transaction identifier.
47. The mobile terminal according to claim 42, wherein the server application is configured to receive a register request from the application, before providing the application with the bootstrapping transaction identifier.
48. The mobile terminal according to claim 47, wherein the register request comprises an application instance identifier.
49. The mobile terminal according to claim 46, wherein the server application is configured to derive the shared key based on the key received from the bootstrapping server function server during the bootstrapping procedures, the network application function identifier and the application instance identifier.
50. The mobile terminal according to claim 42, wherein the server application is configured to mark the application as trusted when the authentication is successful.
51. The mobile terminal according to claim 50, wherein the server application is configured to provide the application with the shared key.
52. The mobile terminal according to claim 50, wherein the server application is configured to receive from the application a request for a network application function key, and to send to the application the network application function key in response to the request.

Provisional Applications (1)

	Number	Date	Country
	60786357	Mar 2006	US

Authenticating an application

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

US Classifications

International Classifications

Abstract

Description

Claims

Provisional Applications (1)