AUTHENTICATION AND SECURITY IN WIRELESS COMMUNICATION SYSTEM
First Claim
1. A method for authentication in a wireless communication system, comprising the steps of:
- establishing a wireless connection between a wireless access communication unit and a network;
transmitting a subscriber identifier from said wireless access communication unit to the network, said subscriber identifier corresponding to a subscriber port of said wireless access communication unit;
transmitting a numeric value from the network to said wireless access communication unit;
receiving said numeric value at said wireless access communication unit;
generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;
transmitting said signed response from said wireless access communication unit to the network;
receiving said signed response at the network;
comparing the signed response to an authentication parameter derived at the network; and
disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter.
5 Assignments
0 Petitions
Accused Products
Abstract
A communication system having a wireless trunk for connecting multiple phone lines over wireless communication links to a cellular network comprises a central telephone switch, such as a private branch exchange or key system, connected through one or more trunk lines to a wireless access communication unit. The wireless access communication unit preferably comprises a separate subscriber interface for each trunk line from the central telephone switch. The wireless access communication unit collects data from each of the subscriber interfaces, formats the data into a format compatible with an over-the-air protocol, and transmits the information over one or more wireless channels to a cellular base station. The wireless access communication unit thereby connects calls received from the central telephone switch'"'"'s trunk lines over a wireless trunk to a network. A controller within the wireless access communication unit interfaces the subscriber interfaces with a radio transceiver, and assists in the conversion of data from a format suitable for wireless transmission. Authentication is carried out separately for each of the subscriber interfaces, thereby allowing the wireless access communication unit to represent itself as multiple individual subscribers to the network. Upon each initial registration, each subscriber interface derives its own ciphering key from a stored user key and uses it thereafter for encryption and decryption.
-
Citations
40 Claims
-
1. A method for authentication in a wireless communication system, comprising the steps of:
-
establishing a wireless connection between a wireless access communication unit and a network;
transmitting a subscriber identifier from said wireless access communication unit to the network, said subscriber identifier corresponding to a subscriber port of said wireless access communication unit;
transmitting a numeric value from the network to said wireless access communication unit;
receiving said numeric value at said wireless access communication unit;
generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;
transmitting said signed response from said wireless access communication unit to the network;
receiving said signed response at the network;
comparing the signed response to an authentication parameter derived at the network; and
disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A wireless access communication unit, comprising:
-
at least one subscriber port connected to a local area telephone switch, whereby a communication path can be established between said wireless access communication unit and one or more users;
a subscriber interface connected to said subscriber port;
a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
a controller connected to said radio transceiver and said subscriber interface, said controller managing the transfer of information between said radio transceiver and said subscriber interface; and
a subscriber identity module connected to said subscriber interface, said subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, said subscriber identity module outputting a signed response value in response to an authentication parameter received by said radio transceiver over said wireless connection. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for authentication in a wireless communication system, comprising the steps of:
-
establishing a wireless connection between a wireless access communication unit and a network;
transmitting a plurality of subscriber identifiers from said wireless access communication unit to the network, said subscriber identifiers corresponding to a plurality of subscriber ports of said wireless access communication unit, one subscriber identifier for each subscriber port;
transmitting a plurality of numeric values from the network to said wireless access communication unit, one numeric value being transmitted in response to each of said subscriber identifiers;
receiving said numeric values at said wireless access communication unit;
generating a plurality of signed responses at said wireless access communication unit, one signed response for each of said subscriber ports, each signed response based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a locally stored user key value associated with the subscriber port;
transmitting said signed responses from said wireless access communication unit to the network; and
disallowing access to the network for any subscriber port unless said signed response for the subscriber port matches an authentication parameter derived at the network for the subscriber port, said authentication parameter based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a network-stored user key value corresponding to the subscriber identifier of the subscriber port. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A communication system, comprising:
-
a wireless access communication unit, said wireless access communication unit comprising a plurality of user interfaces, a non-volatile storage containing a subscriber identifier and a user key value for each of said user interfaces;
a base station comprising a radio unit whereby a wireless connection can be established between said wireless access communication unit and said base station;
a mobile switching center connected to said base station, said mobile switching center retrieving a set of authentication parameters for each of said user interfaces upon occurrence of selected events and providing at least one of said authentication parameters to said wireless access communication unit via said base station;
means located at said wireless access communication unit for receiving said at least one authentication parameter from said mobile switching center and for generating a signed response value based upon said at least one authentication parameter and said user-key value; and
means located at said mobile switching center for receiving said signed response value from said wireless access communication unit and for comparing said signed response value to a second one of said authentication parameters. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for authentication in a communication system, comprising the steps of:
-
establishing, upon demand, wireless connections between a wireless access communication unit and a cellular network, said wireless access communication unit connected over a plurality of trunks to a plurality of users each capable of generating a call request to said wireless access communication unit;
independently for each established wireless connection, transmitting a subscriber identifier from the wireless access communication unit to the cellular network;
independently for each established wireless connection, undertaking an authentication procedure at said cellular network based upon the subscriber identifier received at the cellular network, said authentication procedure resulting in a pass or fail; and
disallowing access to the cellular network to a subscriber associated with a transmitted subscriber identifier unless the authentication procedure results in a pass for that subscriber identifier. - View Dependent Claims (32, 33, 34)
-
-
35. A method for authentication in a wireless communication system, comprising the steps of:
-
establishing a wireless connection between a wireless access communication unit and a network;
transmitting a subscriber identifier from said wireless access communication unit to the network, said subscriber identifier corresponding to a subscriber port of said wireless access communication unit;
transmitting an authentication parameter from the network to said wireless access communication unit;
receiving said authentication parameter at said wireless access communication unit; and
generating an authentication key at said wireless access communication unit based upon said authentication parameter and a locally stored user key value associated with said subscriber port of said wireless access communication unit. - View Dependent Claims (36, 37)
-
-
38. A wireless access communication unit, comprising:
-
at least one subscriber port connected to a local area telephone switch, whereby a communication path can be established between said wireless access communication unit and one or more users;
a subscriber interface connected to said subscriber port;
a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
a controller connected to said radio transceiver and said subscriber interface, said controller managing the transfer of information between said radio transceiver and said subscriber interface; and
a subscriber identity module connected to said subscriber interface, said subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, said subscriber identity module outputting an authentication key in response to an authentication parameter received by said radio transceiver over said wireless connection. - View Dependent Claims (39, 40)
-
Specification