MÉTHODE ET APPAREILS POUR LA GARANTIE DE FIXATION SÉCURISÉE DANS DES PROTOCOLES D'AUTHENTIFICATION LIMITÉS PAR LA TAILLE

摘要

The present invention relates to a method to securely attach a mobile device (MD) having a credential container (CC) to a server (SV) while using a protocol having data size encoding constraints which prevents from using traditional ciphering, said method comprising an initialization phase using a same range of ephemeral IMSIs (RG1(IMSI)) stored in a batch of credential containers (CC) of mobile devices (MD) and an associated group master key (MK11) shared by the server (SV) and the batch of credential containers (CC) of mobile devices (MD) having the same range of ephemeral IMSIs (RG1 (IMSI)) to initiate the secured session further using a server random value (Rnd), said initialization phase using limited payload in a first mobile device (MD) to server (SV) message (ATTR(rIMSI)_1) to send a randomly chosen rIMSI among the range of IMSIs (RG1(IMSI)) to enable the server (SV) to generate keys to initiate a secured communication phase then using individual keys (SK12c, SK12i) stored in the credential container (CC) of the mobile device (MD) and retrieved by the server (SV) with an identifier of the credential container (CCId) also sent using limited payload in a mobile device (MD) to server (SV) message (AUTF(rIMSI, AUTS)_3) and with an individualization master key (MK12) owned by the server (SV).