1. Field of the Invention
The present invention relates to authentication. In particular, the present invention relates to novel and improved methods, computer programs and mobile terminal for authenticating a client application.
2. Description of the Related Art
The current development towards truly mobile computing and networking has brought on the evolution of various access technologies, which also provide the users with access to the Internet when they are outside their own home network. So far, the use of the Internet has been dominated by person-to-machine communications, i.e. information services. The evolution towards the so-called third generation (3G) wireless networks brings along mobile multimedia communications, which will also change the way IP-based services are utilized in public mobile networks. The IP Multimedia Subsystem (IMS), as specified by the by the 3rd Generation Partnership Project (3GPP), integrates mobile voice communications with Internet technologies, allowing IP-based multimedia services to be utilized in mobile networks.
The new multimedia capable mobile terminals (multimedia phones) provide an open development platform for application developers, allowing independent application developers to design new services and applications for the multimedia environment. The users may, in turn, download the new applications/services to their mobile terminals and use them therein.
For example, technical specification 3GPP TS 33.220 discloses the Generic Bootstrapping Architecture (GBA) that is part of the Generic Authentication Architecture (GAA). A general network model of the GBA is disclosed in FIG. 1. The model disclosed in FIG. 1 includes four different entities: User Equipment (UE) 14, a Bootstrapping Server Function (BSF) 12, a Network Application Function (NAF) 16 and a Home Subscriber System (HSS) 10. FIG. 1 also discloses the interfaces between the entities.
FIG. 2 is a diagram that illustrates the bootstrapping procedure in the GBA. When UE 200 wants to interact with a NAF, and it knows that the bootstrapping procedure is needed, it shall first perform a bootstrapping authentication. When the bootstrapping is initiated, UE 200 sends (21) an HTTP request towards BSF 202. BSF 202 retrieves (22) the complete set of GBA user security settings and one Authentication Vector (AV, AV=RAND∥AUTN∥XRES∥CK∥IK) over the reference point Zh from a HSS 204. Then BSF 202 forwards the RAND and AUTN to UE 200 in the 401 message (23) (without the CK, IK and XRES). This is to demand UE 200 to authenticate itself. UE 200 checks (24) AUTN to verify that the challenge is from an authorized network. UE 200 also calculates CK, IK and RES. This will result in session keys IK and CK in both BSF 202 and UE 200. UE 200 sends (25) another HTTP request, containing the Digest AKA response (calculated using RES), to BSF 202. BSF 202 authenticates (26) UE 200 by verifying the Digest AKA response and generates (27) a master key Ks by concatenating CK and IK. A B-TID value shall be also generated. BSF 202 sends (28) a 200 OK message, including the B-TID, to UE 200 to indicate the success of the authentication. In addition, in the 200 OK message, BSF 202 shall supply the lifetime of the key Ks. The key Ks is generated in UE 200 by concatenating CK and IK. Both UE 200 and BSF 202 shall use the Ks to derive the key Ks_NAF. Ks_NAF shall be used for securing the reference point Ua (see FIG. 1).
Ks_NAF is computed as Ks_NAF=KDF (Ks, key derivation parameters), where KDF is a suitable key derivation function, and the key derivation parameters comprise the user's private identity, the NAF_Id and RAND. KDF for the GBA is defined in 3GPP TS 33.220, Annex B. The NAF_Id consists of the full DNS name of the NAF and Ua protocol security identifier. KDF shall be implemented in the mobile equipment.
When an application in the terminal wants to authenticate to a network application server, it obtains a NAF specific shared secret Ks_NAF through an API offered by a trusted application in the terminal. The trusted application uses the above described bootstrapping procedures with the Bootstrapping Server Function (BSF) server in the network to derive the NAF specific shared secret Ks_NAF. The NAF gets the shared secret for this client application by communicating with the BSF.
A service provider may want to prevent client applications developed and owned by other service providers and installed in a mobile terminal to access his service. To achieve this goal he could, for instance, authenticate an application in the mobile terminal every time it tries to access the service. This method, however, would require a long-term security association between the service provider and each deployed copy of the application. Maintaining those long-term security associations may add significantly to the costs of the service provider.
Since the NAF specific key, i.e. Ks_NAF, is indeed NAF (i.e. service) specific, the goal may be achieved by the mobile terminal by restricting access to Ks_NAF to only those applications that are trusted by the NAF service provider. This restriction is possible if the mobile terminal platform hardware and software has the following security properties: (1) processes can authenticate each other and (2) one process cannot access the data of another process. The mobile terminal, however, has to be configured; it needs to know which applications are allowed access to what NAF specific credentials (i.e., NAF specific keys).
There are at least two options to configure access permissions to GBA credentials (i.e., a set of NAF specific keys) in the mobile terminal.
First, the mobile terminal may get the configuration data with permissions for all NAF applications from an external source. In this case it is required that the configuration data comes from a trusted source and is integrity protected. The permissions to access GBA credentials could be delivered to the ME together with other configuration data using a device management framework (e.g., OMA Device Management procedures), that implements those requirements. The security of configuration data could be based on 1) symmetric, or on 2) asymmetric cryptography. This option can be used also without an external device management framework. For example, the mobile terminal may be configured before it is delivered to the end user, e.g. in the factory by the manufacturer, or in the shop by the seller of the mobile terminal. After the mobile terminal has reached its end user, permissions could be modified manually: e.g., the mobile terminal will ask its owner to configure each new permission. However, manual configuration of the mobile terminal may impair the usability of service usage, so it is better to configure the permissions automatically as much as possible. Furthermore, a potential disadvantage of this option is that the source of configuration data must be trusted by all service providers because it defines the permissions for all NAF applications.
Second, the access rights for each application can be configured in the terminal one by one based on communication with external source.
Another method to configure the access rights individually for each application is to use the Public Key Infrastructure (PKI) and signed applications. Typically, the signature of a signed application can be verified using an application specific digital certificate. It may be that the PKI system used to certify and verify applications includes a possibility to define the service, or services, this application is allowed to access (i.e., to which NAF specific credentials the application has access rights to). This information may be encoded in the application certificate itself, or be part of the metadata of the application. Typically, this information would consist of NAF identifiers that identify each NAF specific credential uniquely.
The security of configuration with GBA symmetric keys is based on the fact that the NAF and the mobile terminal share the key Ks_NAF. Two main methods to implement this alternative are: (1) If an application signed by Ks_NAF, then it can be trusted to get access to future instances of that NAF's credentials, and (2) if an application can prove once to the mobile terminal that it knows Ks_NAF, then it can be trusted to get access to future instances of that NAF's credentials.
When client applications are installed on a mobile terminal, there is a need to establish a trust between this application and a GAA_ME server (i.e., the trusted application that performs the bootstrapping procedure with the BSF) installed in the mobile terminal if this application wants to get NAF specific keys to be acquired from the GAA_ME server. However, there is way to sign the application using a NAF specific digital certificate and to use the signature to establish trust the application in the terminal. For example this is being used in Symbian terminals. However, GAA_ME server would not know whether out of all the installed applications (trusted), which only are should be provided with NAF specific keys.
The aforementioned problem can be solved by adding some entry to a certificate telling that this application signed by the application should be provided with GAA client capability (i.e. NAF credentials can be acquired from GAA_ME server to a mobile terminal application). This solution needs some mechanism between the GAA_ME server and the platform (with platform security) to coordinate the trust. When the client applications are in the proximity device like a laptop (split-terminal use case), which wants to use the phone's GAA_ME server, this solution becomes tricky to implement.
Based on the above there are several problems in prior art solutions that need to be solved. For example, which applications in a mobile terminal are allowed access to what NAF credentials and how to configure this. Furthermore, another problem is how to authenticate an application to a GAA_ME server in a mobile terminal.