Showing papers by "Nadarajah Asokan published in 2003"

System and method of secure authentication and billing for goods and services using a cellular telecomunication and an authorization infrastructure

Abstract: A system, method and computer program for authorizing a mobile station to use a product, service, access or other rights provided by a service provider through the use of digital signatures.. These digital signatures are based on a shared signing key, and can be verified using a signature verification service. This system, method and computer program will validate the identity of the mobile station being used utilizing long term keys stored in the mobile station and an authentication center. The system, method and computer program will then utilize the signing key and the signature verification service to verify digital signatures that enable the authorization to access products, services, access or other rights using a mobile station. When this system, method and computer program is used for authorizing payment transactions, the gateway will verify the authenticity of any charges made based on the signatures received. Thus, a user of this system, method and computer program can purchase goods and services without fear of fraud or errors.

Method for sharing the authorization to use specific resources

Abstract: The invention relates to a method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key d available at a master device 11. In order to provide an optimized sharing of authorization, it is proposed that the master device 11 splits the secret master key d into two parts d1, d2. A piece of information relating to the first part d1 of the secret master key d is forwarded to the slave device 13 for enabling this slave device to perform a partial secret key operation on a message m. The second part d2 of the secret master key d is forwarded to a server 12 for enabling the server 12 to perform partial secret key operations on a message m received from the slave device 13.

Man-in-the-middle in tunnelled authentication protocols

Abstract: John Ioannidis: I have to interrupt here and be even more offensive than usual. But you are using the worst rackets in industry as a justification for what you're doing. There are all sorts of people just generating garbage protocols, a couple of which you have already mentioned here. We're trying to reverse their work, whereas you're trying to advocate we use all these garbage protocols. Reply: I'm not saying that. I'm saying that something is wrong here. You are trying to do the right thing but you are going about it the wrong way. The reality is that people are going to use existing credentials because they obtained them at great expense, and they want to reuse them. I'm not justifying it. Bruce Christianson: I think he's going to come up with a very good new reason why this is a bad thing to do, in which case it's more ammunition for you JI, or he's going to show that the reasons for which we usually think it's bad are wrong, in which case we're going to have to change our position anyway. Either way you should let him go on for a bit. Reply: The most common use of this kind of authentication through the tunnel is essentially to guide the application inside. I guess actually the authentication was not intended as a general framework but it's being used as one. So the PAP was supposed to be used running EAP, AKA inside that, while sending a random challenge. Since this is an authenticator tunnel, anybody could make that, including the man in the middle. The man in the middle is sent a random challenge and authenticated, he could turn around, pretend to be a server network and get the client to send a response. Notice that the client thinks that it's his own network server, and instead he does mutual authentication. And at this point he goes back and the client has been authenticated to send these keys to the NAS and that would leave the man in the middle with a stolen key. Ross Anderson: But surely this attack would not work if the certificates that people use from TLS actually worked? Reply: The man in the middle is not pretending to be a TLS server, he's pretending to be a server network. So the server network has it's own usual authentication but this is effectively defeating that.

Method and system for managing cryptographic keys

Abstract: A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.

Controlling delivery of certificates in a mobile communication system

Abstract: In order to enable a home network operator to also control the issuing of certificates to a roaming subscriber, first information indicating whether or not it is allowed to issue a certificate to the subscriber is maintained in the subscription information. The first information is checked in response to a subscriber's certificate request received from the subscriber and the certificate is generated and delivered to the subscriber only if certificate issuance is allowed.

Defining authorization domains using virtual devices

Abstract: An authorization domain consists of multiple physical devices Authorizations, such as the right to make a payment or the right to access content are granted to the domain as a whole, but can be exercised from any device in the domain A device in the domain may have either unconditional or restricted access to the authorizations Typically, authorizations can be modeled as access to a secret key In this paper, we discuss the rationales for such an authorization domain, and propose a specific technique to implement authorization domains by sharing the RSA function between a device in the domain and a semi-trusted network server

Location related information in mobile communication system

Abstract: In order to deliver to subscriber's user equipment network-specific information required for a service or for requesting a service in the mobile com-munication network, where the subscriber's user equipment is currently lo-cated, either at least part of the information required for the service is transmit-ted to the user equipment after the subscriber has been authenticated or the address of a network node is determined (2-9) on the basis of the subscriber's location information.