Verification of cell authenticity in a wireless network using a system query
First Claim
1. An apparatus comprising:
- an antenna;
a radio-frequency (RF) transceiver coupled to the antenna and configured to wirelessly transmit and receive RF signals via the antenna; and
a processor coupled to the RF transceiver and configured to;
generate a system query including a first nonce;
cause the system query to comprise a request to include a set of GPS coordinates in a corresponding acknowledgement;
operate the RF transceiver to transmit a first RF signal having encoded thereon the system query, the first RF signal being directed to a base station; and
process the corresponding acknowledgement encoded onto a second RF signal received by the RF transceiver in response to the first RF signal to test authenticity of the base station, the test of authenticity being performed using the first nonce and the set of GPS coordinates; and
wherein the antenna, the RF transceiver, and the processor are parts of a mobile terminal.
2 Assignments
0 Petitions
Accused Products
Abstract
We disclose various embodiments that enable a mobile terminal to authenticate a base station before the mobile terminal proceeds to attach to the corresponding network and/or camp on the corresponding cell, e.g., during the initial network selection and attachment or during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal generating and sending to a candidate base station a system query with a nonce. The candidate base station is deemed to be authentic only if the acknowledgement generated and transmitted in response to the system query includes a copy of the nonce properly signed by a digital signature generated using one or more security keys. In some embodiments, the system query may also include a request for GPS coordinates and/or selected system information signed using a digital signature, which the mobile terminal may beneficially use to further strengthen the protection against a spoofing attack.
31 Citations
15 Claims
-
1. An apparatus comprising:
-
an antenna; a radio-frequency (RF) transceiver coupled to the antenna and configured to wirelessly transmit and receive RF signals via the antenna; and a processor coupled to the RF transceiver and configured to; generate a system query including a first nonce; cause the system query to comprise a request to include a set of GPS coordinates in a corresponding acknowledgement; operate the RF transceiver to transmit a first RF signal having encoded thereon the system query, the first RF signal being directed to a base station; and process the corresponding acknowledgement encoded onto a second RF signal received by the RF transceiver in response to the first RF signal to test authenticity of the base station, the test of authenticity being performed using the first nonce and the set of GPS coordinates; and wherein the antenna, the RF transceiver, and the processor are parts of a mobile terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
an antenna; a radio-frequency (RF) transceiver coupled to the antenna and configured to wirelessly transmit and receive RF signals via the antenna; and a processor coupled to the RF transceiver and configured to; generate an acknowledgement in response to a first RF signal received by the RF transceiver from a mobile terminal, the first RF signal having encoded thereon a system query including a nonce, the acknowledgement including a copy of the nonce; operate the RF transceiver to transmit a second RF signal having encoded thereon the acknowledgement, the second RF signal being directed to the mobile terminal; and include in the acknowledgement; a first security key; and a first digital signature generated using a second security key, the first digital signature signing the first security key; and a second digital signature generated using a third security key, the second digital signature signing the copy of the nonce, the first security key, and the first digital signature. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of making a network node, the method comprising:
-
coupling an antenna to a radio-frequency (RF) transceiver configured to wirelessly transmit and receive RF signals via the antenna; and coupling a processor to the RF transceiver, the processor being configured to; generate an acknowledgement in response to a first RF signal received by the RF transceiver from a mobile terminal, the first RF signal having encoded thereon a system query including a nonce, the acknowledgement including a copy of the nonce; operate the RF transceiver to transmit a second RF signal having encoded thereon the acknowledgement, the second RF signal being directed to the mobile terminal; and include in the acknowledgement; a first security key; a first digital signature generated using a second security key, the first digital signature signing the first security key; and a second digital signature generated using a third security key, the second digital signature signing the copy of the nonce, the first security key, and the first digital signature.
-
Specification