Benefits of public key authentication mechanisms

No on-line connection to the home network (i.e., the service provider) is required.
The user's identity need not be transmitted in plaintext over the air-interface.
The user is unable to deny that he or she actually used the network.
It is possible to provide mutual authentication between the user and the visiting network in a dynamically changing environment, without the need to change authentication data in the USIM or the network.
The public key infrastructure is then available for use in conjunction with other value added services where public key mechanisms are essential, an obvious example being electronic payment.

Demonstrated operational scenario :

User enters a network, Negotiation about the authentication mechanism to be used

User

Network Operator

Service Provider

InitAuthRqt (SPid, authClass)

(list of authMechanisms)

CapsRqt (authClass)

CapsInfo

PresAuthMech (authMechanism)

Chosen authentication mechanism

User

Network Operator

gRNDU, idca

RNDN, AUTHN, Enc(Ks,TMUIN), CertN

Enc(Ks,Sigu(h3(Ks||TMUIN))), Enc(Ks,CertU)

Demonstrated authentication mechanism : Siemens protocolUser enters a new network : “new registration”, exchange of certificates

Demonstrated authentication mechanism : Siemens protocolUsers enters a known network : “current registration” , certificates already exchanged

User

Network Operator

gRNDU

RNDN, AUTHN, Enc(Ks,TMUIN)

Enc(Ks,Sigu(h3(Ks||TMUIN))), Enc(Ks,IMUI)

European Communities -

Fourth Framework Programme

DG XIII B - ACTS Project AC095

Vodafone Ltd (UK)

Siemens Atea (B)

Giesecke und Devrient GmbH (D)

Panafon SA (GR)

Royal Holloway University of London (UK)

Siemens AG (D)

Katholieke Universiteit Leuven (B)

Lernout and Hauspie (B)

Swisscom (CH)

ASPeCT Partners

Associate Partner

Siemens Atea

Genevičve Vanneste (Genevieve.Vanneste@vnet.atea.be)

WP2.1 : Migration towards UMTS Security

WP2.4 : UIM security functionality

Giesecke und Devrient

Eric Johnson (Eric.Johnson@gdm.de)