Performing a Group Authentication and Key Agreement Procedure

1. A method, comprising: initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.

2. The method as recited in claim 1 , wherein the master device is selected by an owner of the group of devices, owner of the master device or a network operator.

3. The method as recited in claim 1 , wherein a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.

4. The method as recited in claim 1 , wherein the performing mutual authentication is based upon a challenge-response authentication procedure.

5. The method as recited in claim 1 , further comprising: sending, from the master device, to the authentication entity a message regarding results of the group authentication and key agreement procedure.

6. The method as recited in claim 1 , further comprising: generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.

7. The method as recited in claim 6 , wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.

8. The method as recited in claim 7 , wherein the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.

9. An apparatus, comprising: at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform: initiating, by the apparatus in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the apparatus and the authentication entity based upon the shared group key; performing mutual authentication between the authenticated apparatus and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.

10. The apparatus as recited in claim 9 , wherein the apparatus is selected by an owner of the group of devices, owner of the apparatus or a network operator.

11. The apparatus as recited in claim 9 , wherein a plurality of different shared group keys are defined for a plurality of different groups of devices such that the device has a plurality of the shared group keys based upon the groups to which it belongs.

12. The apparatus as recited in claim 9 , wherein the performing mutual authentication is based upon a challenge-response authentication procedure.

13. The apparatus as recited in claim 9 , wherein the apparatus is further caused to perform: sending to the authentication entity a message regarding results of the group authentication and key agreement procedure.

14. The apparatus as recited in claim 9 , wherein the apparatus is further caused to perform: generating, for one or more devices that have been successfully authenticated in the group authentication and key agreement procedure, a respective new shared key based upon one or more device specific parameters and an intermediate group key derived from the shared group key.

15. The apparatus as recited in claim 14 , wherein the one or more device specific parameters are one or more of an existing specific key, an international mobile subscriber identity, a temporary mobile subscriber identity, and an international mobile equipment identity of the device.

16. The apparatus as recited in claim 15 , wherein the existing specific key is a shared key derived from a shared root key between the device and an authentication center, and the respective new shared key is derived from the existing specific key and the intermediate group key.

17. The apparatus as recited in claim 9 , wherein the apparatus is a master device for a group of devices.

18. A non-transitory computer readable medium storing a program of instructions, execution of which by at least one processor configures an apparatus to perform at least: initiating, by a master device in a group of devices, a group authentication and key agreement procedure towards an authentication entity, wherein a shared group key is defined for use in the group authentication and key agreement procedure; performing mutual authentication between the master device and the authentication entity based upon the shared group key; performing mutual authentication between the authenticated master device and other devices in the group based upon the shared group key for completion of the group authentication and key agreement procedure; and in response to failure by one or more devices in the group authentication and key agreement procedure, instructing, by the master device, one or more of the devices that have failed, to initiate an authentication and key agreement procedure towards the authentication entity individually.