Authentication of subscriber station

US 20020180583A1
Filed: 04/19/2002
Published: 12/05/2002
Est. Priority Date: 10/19/1999
Status: Abandoned Application

First Claim

Patent Images

1. A method for identifying an authentication message generated by an external attacker, the method comprising receiving the authenticating message comprising an input, the method comprising checking the correctness of the input by computing a message authentication code by utilizing the input and a checking algorithm, and identifying the authentication message as being generated by the external attacker if the input is incorrect on the basis of the message authentication code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a telecommunication system comprising: at least one subscriber station in the memory of which a secret key is stored, and authentication means for authenticating the subscriber station. In order to make the subscriber-station-specific secret key even more difficult to crack, the subscriber station checks the correctness of a received input by computing a message authentication code utilizing the input and a checking algorithm and computes a response to be transmitted to the authentication means by the subscriber station utilizing an authentication algorithm, the secret key stored in the memory of the subscriber station and the input if the input is correct on the basis of the message authentication code.

36 Citations

View as Search Results

20 Claims

1. A method for identifying an authentication message generated by an external attacker, the method comprising receiving the authenticating message comprising an input, the method comprising checking the correctness of the input by computing a message authentication code by utilizing the input and a checking algorithm, and identifying the authentication message as being generated by the external attacker if the input is incorrect on the basis of the message authentication code.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as claimed in claim 1, further comprising computing a response by utilizing an authentication algorithm, the input and a secret key, and forwarding said response if the input is correct on the basis of the message authentication code.
  - 3. A method as claimed in claim 1, further comprising maintaining a counter function to keep a record of the number of inputs that are incorrect on the basis of the message authentication code, and locking the authentication function of the device to be authenticated such that the device to be authenticated no longer produces correct responses to the inputs in the authentication messages if the counter function indicates that the number of incorrect inputs has reached a predetermined limit value.
  - 4. A method as claimed in claim 1, further comprising producing and forwarding a random response if the input is incorrect on the basis of the message authentication code.
  - 5. A method as claimed in claim 4, wherein said random response is a random number.
  - 6. A method as claimed in claim 4, wherein said random response is computed by utilizing the input and a predetermined algorithm.

7. A telecommunication system comprising:
- at least one subscriber station comprising a counter and a memory with a subscriber-station-specific secret key stored therein, and authentication means for authenticating said subscriber station, the authentication means comprising a random number generator, a counter and a memory with the subscriber-station-specific secret key of said at least one subscriber station stored therein, the authentication means;
  
  computes a response on the basis of an input, an authentication algorithm and the subscriber-station-specific secret key stored in the memory of the authentication means, transmits said input to said subscriber station, and indicates that the subscriber station has been authenticated if the authentication means receive from the subscriber station a response which corresponds to the response computed by the authentication means, wherein the authentication means are arranged to compute said input by utilizing a random number generated by the random number generator and a first algorithm, and that the subscriber station checks the correctness of the received input by computing a message authentication code by utilizing the input and a checking algorithm, computes a response to be transmitted to the authentication means by the subscriber station by utilizing the authentication algorithm, said secret key stored in the memory of the subscriber station and the input if the input is correct on the basis of the message authentication code.
- View Dependent Claims (8, 9, 10, 11, 14, 15, 16, 17, 19, 20)
- - 8. A system as claimed in claim 7, wherein the subscriber station:
    - maintains a counter function to keep a record of the number of inputs that are incorrect on the basis of the message authentication code, and locks such that the subscriber station no longer produces correct responses to the received inputs if the counter function indicates that the number of incorrect inputs has reached a predetermined limit value.
  - 9. A system as claimed in claim 7, wherein the subscriber station computes a random response to be transmitted to the authentication means by the subscriber station if the input is incorrect on the basis of the message authentication code.
  - 10. A system as claimed in claim 7, wherein the subscriber station transmits no response to the authentication means if the input is incorrect on the basis of the message authentication code.
  - 11. A system as claimed in claim 7, wherein said system is a mobile communication system.
  - 14. A subscriber station as claimed in claim 13, wherein the subscriber station:
    - maintains a counter function to keep a record of the number of inputs that are incorrect on the basis of the message authentication code, and locks such that the subscriber station no longer produces correct responses to the received inputs if the counter function indicates that the number of incorrect inputs has reached a predetermined limit value.
  - 15. A subscriber station as claimed in claim 13, wherein the subscriber station checks the correctness of the input by computing the message authentication code on the basis of a predetermined part of the input and by comparing said message authentication code with the part remaining of the input, whereby the input is correct if the part remaining of the input corresponds to the message authentication code.
  - 16. A subscriber station as claimed in claim 13, wherein said subscriber station is a subscriber station in a mobile communication system, and that the memory and/or the counter are arranged on an SIM card detachably attached to the subscriber station.
  - 17. A subscriber station as claimed in claim 13, wherein the counter is arranged to compute a random response to be forwarded by the subscriber station if the input is incorrect on the basis of the message authentication code.
  - 19. A SIM card as claimed in claim 18, wherein the SIM card:
    - maintains a counter function to keep a record of the number of inputs that are incorrect on the basis of the message authentication code, and locks such that the SIM card no longer produces correct responses to the received inputs if the counter function indicates that the number of incorrect inputs has reached a predetermined limit value.
  - 20. A SIM card as claimed in claim 17, wherein the counter computes a random response to be forwarded by the subscriber station if the input is incorrect on the basis of the message authentication code.

12. An authentication centre in a telecommunication system, the authentication centre comprising:
- a random number generator a counter and a memory with subscriber station-specific secret keys of subscriber stations stored therein, and generating an input and a response necessary for authenticating a particular subscriber station, and in order to produce the response the authentication centre;
  
  retrieves from the memory the secret key of the subscriber station to be authenticated, and computes the response by utilizing the secret key retrieved from the memory, said input and an authentication algorithm, wherein the authentication centre is arranged to produce said input by utilizing a random number generated by the random number generator and a first algorithm.

13. A subscriber station in a telecommunication system which, for authenticating the subscriber station, comprises:
- a memory with a secret key stored therein, means for receiving an input and a counter wherein the subscriber station is arranged to check the correctness of the input by computing a message authentication code by utilizing the input and a checking algorithm, and the counter is arranged to compute a response to be forwarded by the subscriber station by utilizing an authentication algorithm, said secret key and said input if the input is correct on the basis of the message authentication code.

18. A SIM card comprising a counter and a memory with a secret key stored therein, and an inlet for receiving an input, wherein the SIM card:
- checks the correctness of the received input by computing a message authentication code by utilizing the input and a checking algorithm, and compute a response to be forwarded by the SIM card by utilizing an authentication algorithm, said secret key and said input if the input is correct on the basis of the message authentication code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Setec Oy (Thales SA)
Original Assignee
Setec Oy (Thales SA)
Inventors
Rantala, Janne, Paatero, Lauri

Application Number

US10/126,741
Publication Number

US 20020180583A1
Time in Patent Office

Days
Field of Search
US Class Current

340/5.8
CPC Class Codes

H04W 12/12 Detection or prevention of ...

Authentication of subscriber station

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of subscriber station

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links