Many authentication schemes and encryption schemes require the use of a Shared Secret Data (SSD) that is available only to the entities (typically two entities) that are engaged in exchanging information or are using the services provided by one of the entities. To prevent the SSD from being compromised, (e.g., through electronic eavesdropping or other means), the SSD may not always be provided to the two entities directly. Instead a string of information (e.g., a BaseSSD) may be provided to the two entities. The BaseSSD may then be modified (e.g., processed and manipulated) and extended to obtain the SSD.
Often, the generation of the SSD from the BaseSSD is done in an ad hoc fashion. The disadvantage of this method is that if the scheme is compromised then the implementation of a new scheme needs the involvement of the original individuals. Changing schemes is time consuming.
Location based services (LBS) provided by mobile communications network continue to gain user acceptance. One requirement of LBS services is determining the location of the mobile station or other network device (e.g., laptop, mobile client, PC Card, etc.) for use with the LBS service application. Privacy laws and end users require that the location of a mobile station be protected. Thus, mobile communication network operators must prevent access to this location data. One way to protect the location information is to encrypt the data. Another way to protect the data is to restrict access to the mobile communications network and specific devices operating on the network.
In addition, many public key/private key encryption schemes require large amounts of processing resources. These methods do not lend themselves to use in some applications. For example, some devices (e.g., certain mobile stations and other computing devices) lack the processing power to effectively use advanced encryption methods. Using the advanced encryption methods could, in some instances, prevent the processor from performing other functions.
Thus, a need exists for a way to generate a shared secret data that is flexible (e.g., relatively easy to change) and does not overwhelm the processing capabilities of certain devices.