Method and apparatus for providing authentication in a communication system
First Claim
1. A method comprising the steps of:
- generating a random number, an expected response, and a derived cipher key;
forwarding the random number and a random seed to a base station;
receiving, from the base station, a response to the random number and the random seed;
comparing the response and the expected response;
when the response matches the expected response, forwarding the derived cipher key to the base station.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).
-
Citations
98 Claims
-
1. A method comprising the steps of:
-
generating a random number, an expected response, and a derived cipher key;
forwarding the random number and a random seed to a base station;
receiving, from the base station, a response to the random number and the random seed;
comparing the response and the expected response;
when the response matches the expected response, forwarding the derived cipher key to the base station. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21)
-
-
16. A method performed by any of a base station and comprising the steps of:
-
receiving an authentication request from a mobile station;
determining whether to forward the request to an authentication agent;
when it is determined to forward the request, forwarding the request to the authentication agent;
receiving a random number and a random seed from the authentication agent;
forwarding the random number and the random seed to the mobile station;
receiving a response to the random number and the random seed from the mobile station and forwarding the response to the authentication agent;
when the authentication agent authenticates the mobile station, receiving a derived cipher key from the authentication agent;
encrypting messages to the mobile station and decrypting messages from the mobile station with the derived cipher key. - View Dependent Claims (22, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40, 41)
-
-
23. A method comprising the steps of:
-
receiving, from a base station, a random number generated by a mobile station;
using a random seed, generating a derived cipher key and a response to the random number and forwarding the random seed and the response to the base station;
when a positive authentication message is received from the base station, forwarding the derived cipher key to the base station.
-
-
36. A method performed by a base station and comprising the steps of:
-
receiving a random number from a mobile station;
forwarding the random number to an authentication agent;
receiving a response to the random number and a random seed from the authentication agent;
forwarding the response and the random seed to the mobile station;
when the mobile station authenticates the infrastructure, forwarding an authenticated message to the authentication agent;
receiving a derived cipher key from the authentication agent;
encrypting messages to the mobile station and decrypting messages from the mobile station with a derived cipher key.
-
-
42. A system comprising:
-
a first system device in a first zone of the system, the first system device comprised of memory for storing;
first zone session authentication information, a first key for encrypting at least one of key material and a part of the first zone session authentication information for transport in real-time to another system device in the first zone, and a second key for encrypting at least a segment of the first zone session authentication information for transport to a system device in a zone other than the first zone;
a second system device comprised of memory for storing the first zone session authentication information at least partially in an encrypted form. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
-
-
68. A method comprising the steps of:
-
generating session authentication information for each of a plurality of authentication keys for use in a communication system;
encrypting the session authentication information;
forwarding the encrypted session authentication information to a storage device for access in a non-real-time manner.
-
-
83. A system comprising:
-
a key management facility, arranged and constructed to store an authentication key for each mobile station residing in the system;
a user configuration server, operably coupled to the key management facility, arranged and constructed to store and distribute session authentication information for each mobile station residing in the system;
a zone manager, operably coupled to the user configuration server, arranged and constructed to store relevant session authentication information for a zone managed by the zone manager and to distribute the relevant session authentication information to a home location register within a zone controller for the zone;
wherein the key management facility, user configuration server, and the zone manager are arranged and constructed to provide the session authentication information to each other or to a zone in the even of a fault in the system;
wherein the home location register is arranged and constructed to continue to provide authentication and support secure communications in the event of a fault at any of the key management facility, user configuration server, and the zone manager. - View Dependent Claims (84, 85, 86)
-
-
87. A system comprising:
-
a plurality of first-level system devices, arranged and constructed to encrypt, store, and forward at least some session authentication information in a non-real-time manner;
a plurality of second-level system devices, arranged and constructed to receive at least a part of the session authentication information from at least one of the plurality of first-level system devices in a real-time manner. - View Dependent Claims (88, 89, 90, 91, 92, 93, 94)
-
-
95. A method comprising the steps of:
-
receiving, from a mobile station, a request to communicate in a communication system;
determining whether the request is encrypted;
when the request is not encrypted, sending a request to authenticate the mobile station to an infrastructure device in the communication system;
when the request is encrypted, determining whether the mobile station is powering up;
when the mobile station is powering up and the request is encrypted, sending a request to authenticate the mobile station to the infrastructure device in the communication system;
when the mobile station is not powering up and the request is encrypted, determining whether the request is encrypted using a valid key;
when the mobile station is not powering up and the request is encrypted using a valid key, permitting the mobile station access to the system without requesting authentication. - View Dependent Claims (96)
-
-
97. A method comprising the steps of:
-
receiving, from a mobile station, a request to communicate in a communication system;
determining whether the mobile station is powering up;
when the mobile station is powering up, sending a request to authenticate the mobile station to an infrastructure device in the communication system;
when the mobile station is not powering up, determining whether the request is encrypted;
when the request is not encrypted, sending a request to authenticate the mobile station to an infrastructure device in the communication system;
when the mobile station is not powering up and the request is encrypted, determining whether the request is encrypted using a valid key;
when the mobile station is not powering up and the request is encrypted using a valid key, permitting the mobile station access to the system without requesting authentication. - View Dependent Claims (98)
-
Specification