Communication with server during network device during extensible authentication protocol—authentication and key agreement prime procedure

摘要

A communication device for communication with a network device during EAP-AKA′. The communication device is operative to receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device. The communication device is also operative to receive a cipher key, CK, and an integrity key, IK. Generate a modified cipher key, CK′, and a modified integrity key, IK′ based on CK, IK and an access network identity. Operations include calculating a second PFS parameter value. Send the second PFS parameter value to the network device. Calculate a third PFS parameter value. Derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK′, IK′ and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.