Claims
- 1. A method for generating a key pair in a telecommunications system comprising a user terminal and at least one network node serving the user terminal, wherein a key pair comprises a public key and a private key, the method comprising:
generating a first seed value in a user terminal and a second seed value in at least one network node, such that the first and the second seed values are identical; and generating, based on said first seed value, a first key pair in the user terminal, and, based on the second seed value, a second key pair in the said at least one network node, such that the first and the second key pairs are identical.
- 2. The method of claim 1, wherein said first and second key pairs are generated using the same key generator application.
- 3. The method of claim 1, wherein generating said first and second key pairs and seed values is initiated upon a successful authentication of the user terminal.
- 4. The method of claim 1, wherein said first and second seed values are generated using at least one of a cipher key and an integrity key.
- 5. The method of claim 1, wherein said first and second seed values are generated using a cipher key of a second generation network.
- 6. The method of claim 1, wherein the public key is temporary.
- 7. The method of claim 1, wherein the private key is temporary.
- 8. The method of claim 1, comprising storing a backup copy of the private key in a security module of the at least one network node.
- 9. The method of claim 1, comprising:
incrementing an authentication counter stored in the user terminal, indicating a successful authentication of the user terminal, thus triggering a generation of the first and second key pairs through seed values in the user terminal; and incrementing an authentication counter stored in the at least one network node, indicating a successful authentication of the user terminal, thus triggering the generation of the first and second key pairs through seed values in the at least one network node.
- 10. The method of claim 9, wherein said authentication counters are user-specific.
- 11. A telecommunications system comprising a user terminal and at least one network node serving the user terminal, wherein the system is configured to:
generate a first seed value in a user terminal and a second seed value in the at least one network node, such that the first and the second seed values are identical; and generate, on the basis of the first seed value, a first key pair in the user terminal, and, on the basis of the second seed value, a second key pair in the said at least one network node, such that the first and the second key pairs are identical.
- 12. A system according to claim 11, wherein the system is configured to initiate a generation of said first and second key pairs upon a successful authentication of the user terminal.
- 13. A system according to claim 11, wherein the system is configured to generate said first and second seed values using at least one of a cipher key and an integrity key.
- 14. A system according to claim 11, wherein the system is configured to generate said first and second seed values using a cipher key of a second generation network.
- 15. A system according to claim 11, wherein the system is configured to use asymmetric ciphering.
- 16. A system according to claim 11, wherein the system is configured to issue in at least one network node a certification for a public key of the second key pair and to store in the at least one network node the certification for the public key of the second key pair.
- 17. A network node for serving the user terminal in a telecommunications system, the network node comprising:
a first routine to compose a seed value; and a second routine to generate, based on the seed value, a public key and a related private key.
- 18. A network node according to claim 17, further comprising a third routine to initiate a generation of said public and related private keys upon a successful authentication of a user.
- 19. A network node according to claim 17, further comprising a fourth routine configured to issue certification of the public key and to store certification of the public key.
- 20. A network node according to claim 17, further comprising an authentication center of a telecommunications system.
- 21. A network node according to claim 17, further comprising a serving support node of a telecommunications system.
- 22. A network node according to claim 17, further comprising a subscriber register of a telecommunications system.
- 23. A user terminal in a telecommunications system, the user terminal comprising:
a first routine to compose a seed value; and a second routine to generate, based on the seed value, a public key and a related private key.
- 24. A user terminal according to claim 23, further comprising a third routine to initiate a generation of said public and related private keys upon a successful authentication of a user.
- 25. A network node for serving the user terminal in a telecommunications system, the network node comprising:
means for generating a seed value; and means for generating, based on the seed value, a public key and a related private key.
- 26. A network node according to claim 25, further comprising means for initiating a generation of said public and related private keys upon a successful authentication of a user.
- 27. A network node according to claim 25, further comprising means for issuing certification of the public key and storing certification of the public key.
- 28. A user terminal in a telecommunications system, the user terminal comprising:
means for generating a seed value; and means for generating, based on the seed value, a public key and a related private key.
- 29. A user terminal according to claim 28, further comprising means for initiating a generation of said public and related private keys upon a successful authentication of a user.
CROSS-REFERENCE TO RELATED APPLICATIONS:
[0001] This application claims priority of U.S. Provisional Patent Application Serial No. 60/443,569 entitled, “Generating Asymmetric Keys in a Telecommunications System,” filed Jan. 30, 2003, the entire contents of which are incorporated herein by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60443569 |
Jan 2003 |
US |