AUTHENTICATION AND SECURITY IN WIRELESS COMMUNICATION SYSTEM

US 20030033522A1
Filed: 12/10/1997
Published: 02/13/2003
Est. Priority Date: 12/10/1997
Status: Active Grant

First Claim

Patent Images

1. A method for authentication in a wireless communication system, comprising the steps of:

establishing a wireless connection between a wireless access communication unit and a network;

transmitting a subscriber identifier from said wireless access communication unit to the network, said subscriber identifier corresponding to a subscriber port of said wireless access communication unit;

transmitting a numeric value from the network to said wireless access communication unit;

receiving said numeric value at said wireless access communication unit;

generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;

transmitting said signed response from said wireless access communication unit to the network;

receiving said signed response at the network;

comparing the signed response to an authentication parameter derived at the network; and

disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system having a wireless trunk for connecting multiple phone lines over wireless communication links to a cellular network comprises a central telephone switch, such as a private branch exchange or key system, connected through one or more trunk lines to a wireless access communication unit. The wireless access communication unit preferably comprises a separate subscriber interface for each trunk line from the central telephone switch. The wireless access communication unit collects data from each of the subscriber interfaces, formats the data into a format compatible with an over-the-air protocol, and transmits the information over one or more wireless channels to a cellular base station. The wireless access communication unit thereby connects calls received from the central telephone switch'"'"'s trunk lines over a wireless trunk to a network. A controller within the wireless access communication unit interfaces the subscriber interfaces with a radio transceiver, and assists in the conversion of data from a format suitable for wireless transmission. Authentication is carried out separately for each of the subscriber interfaces, thereby allowing the wireless access communication unit to represent itself as multiple individual subscribers to the network. Upon each initial registration, each subscriber interface derives its own ciphering key from a stored user key and uses it thereafter for encryption and decryption.

Citations

40 Claims

1. A method for authentication in a wireless communication system, comprising the steps of:
- establishing a wireless connection between a wireless access communication unit and a network;
  
  transmitting a subscriber identifier from said wireless access communication unit to the network, said subscriber identifier corresponding to a subscriber port of said wireless access communication unit;
  
  transmitting a numeric value from the network to said wireless access communication unit;
  
  receiving said numeric value at said wireless access communication unit;
  
  generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;
  
  transmitting said signed response from said wireless access communication unit to the network;
  
  receiving said signed response at the network;
  
  comparing the signed response to an authentication parameter derived at the network; and
  
  disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said signed response is generated using a GSM A3 algorithm.
  - 3. The method of claim 1, wherein said step of transmitting a subscriber identifier from said wireless access communication unit is carried out upon registration of the subscriber associated with said subscriber identifier.
  - 4. The method of claim 1, wherein said step of transmitting a subscriber identifier from said wireless access communication unit is carried out upon an attempt to establish a call.
  - 5. The method of claim 1, further comprising the step of completing a call from a user connected to said wireless access communication unit to the network if access to the network is not disallowed, said call being associated with said subscriber identifier.
  - 6. The method of claim 5, further comprising the step of completing a said call from said first user and completing a second call from a second user connected to said wireless access communication unit, said second call being associated with the same subscriber identifier.
  - 7. The method of claim 1, further comprising the step of generating a ciphering key from said user key value and said numeric value.
  - 8. The method of claim 7, wherein said ciphering key is generating using a GSM A8 algorithm.

9. A wireless access communication unit, comprising:
- at least one subscriber port connected to a local area telephone switch, whereby a communication path can be established between said wireless access communication unit and one or more users;
  
  a subscriber interface connected to said subscriber port;
  
  a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
  
  a controller connected to said radio transceiver and said subscriber interface, said controller managing the transfer of information between said radio transceiver and said subscriber interface; and
  
  a subscriber identity module connected to said subscriber interface, said subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, said subscriber identity module outputting a signed response value in response to an authentication parameter received by said radio transceiver over said wireless connection.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The wireless access communication unit of claim 9, wherein said authentication parameter comprises a random numeric value.
  - 11. The wireless access communication unit of claim 10, wherein said subscriber identity module applies a GSM A3 algorithm to said random numeric value and said user key value to output said signed response.
  - 12. The wireless access communication unit of claim 9, wherein said subscriber identity module outputs a ciphering key in response to said authentication parameter and said user key value.
  - 13. The wireless access communication unit of claim 12, wherein said subscriber identity module applies a GSM A8 algorithm to said authentication parameter and said user key value to output said ciphering key.
  - 14. The wireless access communication unit of claim 12, wherein said controller utilizes said ciphering key to encrypt and decrypt information transferred between said radio transceiver and said subscriber interface.

15. A method for authentication in a wireless communication system, comprising the steps of:
- establishing a wireless connection between a wireless access communication unit and a network;
  
  transmitting a plurality of subscriber identifiers from said wireless access communication unit to the network, said subscriber identifiers corresponding to a plurality of subscriber ports of said wireless access communication unit, one subscriber identifier for each subscriber port;
  
  transmitting a plurality of numeric values from the network to said wireless access communication unit, one numeric value being transmitted in response to each of said subscriber identifiers;
  
  receiving said numeric values at said wireless access communication unit;
  
  generating a plurality of signed responses at said wireless access communication unit, one signed response for each of said subscriber ports, each signed response based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a locally stored user key value associated with the subscriber port;
  
  transmitting said signed responses from said wireless access communication unit to the network; and
  
  disallowing access to the network for any subscriber port unless said signed response for the subscriber port matches an authentication parameter derived at the network for the subscriber port, said authentication parameter based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a network-stored user key value corresponding to the subscriber identifier of the subscriber port.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15, wherein each signed response is generated using a GSM A3 algorithm.
  - 17. The method of claim 15, wherein said step of transmitting a plurality of subscriber identifiers from said wireless access communication unit to said network is carried out individually for each subscriber port upon registration with the network.
  - 18. The method of claim 15, wherein said step of transmitting a plurality of subscriber identifiers from said wireless access communication unit to said network is carried out upon an attempt to establish calls through said subscriber ports.
  - 19. The method of claim 15, further comprising the step of completing a call through one of said subscriber ports from a user connected to said wireless access communication unit to the network if access to the network is not disallowed for that subscriber port.
  - 20. The method of claim 19, further comprising the step of completing a said call from said first user and completing a second call through said one of said subscriber ports from a second user connected to said wireless access communication unit.
  - 21. The method of claim 15, further comprising the step of generating a plurality of ciphering keys, one ciphering key for each of said subscriber ports, each ciphering key being generated from said numeric value corresponding to the subscriber identifier of the subscriber port and said locally stored user key value associated with the subscriber port.
  - 22. The method of claim 21, wherein each of said ciphering keys is generating using a GSM A8 algorithm.

23. A communication system, comprising:
- a wireless access communication unit, said wireless access communication unit comprising a plurality of user interfaces, a non-volatile storage containing a subscriber identifier and a user key value for each of said user interfaces;
  
  a base station comprising a radio unit whereby a wireless connection can be established between said wireless access communication unit and said base station;
  
  a mobile switching center connected to said base station, said mobile switching center retrieving a set of authentication parameters for each of said user interfaces upon occurrence of selected events and providing at least one of said authentication parameters to said wireless access communication unit via said base station;
  
  means located at said wireless access communication unit for receiving said at least one authentication parameter from said mobile switching center and for generating a signed response value based upon said at least one authentication parameter and said user-key value; and
  
  means located at said mobile switching center for receiving said signed response value from said wireless access communication unit and for comparing said signed response value to a second one of said authentication parameters.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The communication system of claim 23, wherein one of said selected events comprises a registration request by said wireless access communication unit pertaining to one of said user interfaces.
  - 25. The communication system of claim 23, wherein one of said selected events comprises an attempt to establish a call from a user connected to one of said user interfaces to said network across said wireless access communication unit.
  - 26. The communication system of claim 25, wherein said mobile switching center further comprises means for allowing said call to be established if said signed response value matches said second one of said authentication parameters, and for otherwise preventing said call from being established.
  - 27. The communication system of claim 23, wherein said set of authentication parameters is stored in a home location register connected to said mobile switching center.
  - 28. The communication system of claim 23, wherein said authentication parameters are retrieved by the mobile switching center using a subscriber identity corresponding to the user interface.
  - 29. The communication system of claim 23, wherein said set of authentication parameters comprises a random number, said random number generated at a location remote from said mobile switching center.
  - 30. The communication system of claim 23, wherein said set of authentication parameters comprises a ciphering key.

31. A method for authentication in a communication system, comprising the steps of:
- establishing, upon demand, wireless connections between a wireless access communication unit and a cellular network, said wireless access communication unit connected over a plurality of trunks to a plurality of users each capable of generating a call request to said wireless access communication unit;
  
  independently for each established wireless connection, transmitting a subscriber identifier from the wireless access communication unit to the cellular network;
  
  independently for each established wireless connection, undertaking an authentication procedure at said cellular network based upon the subscriber identifier received at the cellular network, said authentication procedure resulting in a pass or fail; and
  
  disallowing access to the cellular network to a subscriber associated with a transmitted subscriber identifier unless the authentication procedure results in a pass for that subscriber identifier.
- View Dependent Claims (32, 33, 34)
- - 32. The method of claim 31, wherein each subscriber identifier is permanently associated with one of said trunks.
  - 33. The method of claim 31, wherein said step of undertaking an authentication procedure at said cellular network based upon the subscriber identifier received at the cellular network comprises the steps of:
    - obtaining authentication parameters at said cellular network based upon the transmitted subscriber identifier, said authentication parameters comprising at least a numeric value and a first signed response value;
      
      transmitting said numeric value from the cellular network to the wireless access communication unit;
      
      receiving said numeric value at said wireless access communication unit;
      
      generating a second signed response value at said wireless access communication unit based upon said numeric value;
      
      transmitting said second signed response value from said wireless access communication unit to said cellular network;
      
      receiving said second signed response value at said cellular network;
      
      comparing said second signed response value to said first signed response value; and
      
      declaring a pass if said first signed response value matches said second response value, or else declaring a fail.
  - 34. The method of claim 33, wherein said step of obtaining authentication parameters at said cellular network comprises the step of retrieving stored authentication parameters from a database within said cellular network.

35. A method for authentication in a wireless communication system, comprising the steps of:
- establishing a wireless connection between a wireless access communication unit and a network;
  
  transmitting a subscriber identifier from said wireless access communication unit to the network, said subscriber identifier corresponding to a subscriber port of said wireless access communication unit;
  
  transmitting an authentication parameter from the network to said wireless access communication unit;
  
  receiving said authentication parameter at said wireless access communication unit; and
  
  generating an authentication key at said wireless access communication unit based upon said authentication parameter and a locally stored user key value associated with said subscriber port of said wireless access communication unit.
- View Dependent Claims (36, 37)
- - 36. The method of claim 35, wherein said authentication key comprises a signed response, said method further comprising the steps of transmitting said signed response from said wireless access communication unit to the network;
    - receiving said signed response at the network;
      
      comparing the signed response to a second authentication parameter derived at the network; and
      
      disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said second authentication parameter.
  - 37. The method of claim 35, wherein said authentication key comprises a ciphering key, said method further comprising the step of encrypting and decrypting messages transmitted across said wireless connection using said ciphering key.

38. A wireless access communication unit, comprising:
- at least one subscriber port connected to a local area telephone switch, whereby a communication path can be established between said wireless access communication unit and one or more users;
  
  a subscriber interface connected to said subscriber port;
  
  a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
  
  a controller connected to said radio transceiver and said subscriber interface, said controller managing the transfer of information between said radio transceiver and said subscriber interface; and
  
  a subscriber identity module connected to said subscriber interface, said subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, said subscriber identity module outputting an authentication key in response to an authentication parameter received by said radio transceiver over said wireless connection.
- View Dependent Claims (39, 40)
- - 39. The wireless access communication unit of claim 38, wherein said authentication key comprises a signed response, wherein said radio transceiver transmits said signed response over said wireless connection to said base station.
  - 40. The wireless access communication unit of claim 38, wherein said authentication key comprises a ciphering key, wherein said controller encrypts and decrypts information transferred to and from said subscriber interface using said ciphering key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
BILGIC, IZZET M, MENON, NARAYAN P

Granted Patent

US 6,580,906 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

H04W 4/18   Information format or conte...

H04W 60/00   Affiliation to network, e.g...

H04W 74/00   Wireless channel access

H04W 76/10   Connection setup

H04W 8/26   Network addressing or numbe...

H04W 84/14   WLL [Wireless Local Loop]; ...

AUTHENTICATION AND SECURITY IN WIRELESS COMMUNICATION SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION AND SECURITY IN WIRELESS COMMUNICATION SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links