Authentication in a mobile communications network

US 20040015692A1
Filed: 06/23/2003
Published: 01/22/2004
Est. Priority Date: 08/03/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method of authentication in a mobile communications network comprising:

authentication of a subscriber identifying means to a network entity; and

authentication of the network entity to the subscriber identifying means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authentication in a mobile communications network comprising authentication of a subscriber identifying means to a network entity and authentication of the network entity to the subscriber identifying means.

166 Citations

40 Claims

1. A method of authentication in a mobile communications network comprising:
- authentication of a subscriber identifying means to a network entity; and
  
  authentication of the network entity to the subscriber identifying means.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 21, 22)
- - 2. A method of authentication according to claim 1, wherein said authentication of the subscriber identifying means to the network entity includes said subscriber identifying means receiving an authentication challenge, calculating an authentication response from said authentication challenge, an authentication input parameter stored on said subscriber identifying means and an authentication algorithm, and transmitting said authentication response to the network.
  - 3. A method of authentication according to claim 1 or 2, wherein said authentication of the network to the subscriber identifying means includes adding a certificate to an authentication challenge for said authentication of the subscriber identifying means to the network entity.
  - 4. A method of authentication according to claim 3, wherein said certificate includes at least one of the following:
    - i) a digital signature;
      
      ii) a message authentication code (MAC); and
      
      iii) a redundancy check code.
  - 5. A method of authentication according to claim 3 or 4, wherein a response to said authentication challenge is given by the subscriber identifying means to a request with valid and invalid certificates.
  - 6. A method of authentication according to claims 3, 4 or 5, wherein a valid response to said authentication challenge is only given to a request with a valid certificate.
  - 7. A method of authentication according to any of claims 3 to 6, wherein the procedure of responding to said authentication challenge is the same for a valid and an invalid certificate and a first input parameter or algorithm is used for said procedure of responding to a valid certificate and at least one further input parameter or algorithm, different from said first input parameter or algorithm, is used for said procedure of responding to an invalid certificate.
  - 8. A method of authentication according to claim 7, wherein said first and any further input parameter and algorithms are stored on said subscriber identifying means.
  - 9. A method of authentication according to any of claims 3 to 8, further comprising storing data on said subscriber identifying means indicating that said subscriber identifying means has been subject to a request for authentication with an invalid certificate.
  - 10. A method of authentication according to claim 3 or 4, wherein for an authentication challenge with an invalid certificate, said subscriber identifying means is prevented from responding to any further authentication challenges.
  - 21. A method of authentication according to any of claims 3 to 10 and 18, wherein a sequence of messages comprising said authentication challenges and said certificates or authentication codes have the appearance of randomness.
  - 22. A method of authentication according to any of claims 3 to 10 and 18 for authentication in a mobile communications network, said communications network being in accordance with the GSM standard, wherein said authentication challenge comprises a message of (128-n) bits and said certificate or authentication code comprises a message of n bits, such that a message comprising said authentication challenge and said certificate or authentication code is 128 bits long.

11. A method of authentication in a mobile communications network using an information storage means, said method comprising the steps of:
- said information storage means receiving a message comprising an authentication challenge and determining a characteristic of said message;
  
  performing a first procedure if said message has a first predetermined characteristic; and
  
  performing a second procedure if said message has a different characteristic.
- View Dependent Claims (12, 13, 14, 16, 17, 18, 19, 20)
- - 12. A method of authentication according to claim 11, wherein performing said first procedure includes generating an authentication response with an authentication algorithm based on said authentication challenge and an authentication input parameter.
  - 13. A method of authentication according to claim 11 or 12, wherein performing said second procedure includes:
    - generating an authentication response based on said authentication challenge, and;
      
      i) said authentication algorithm and at least one second authentication input parameter;
      
      or ii) said authentication input parameters and at least one second authentication algorithm; and
      
      transmitting the generated response to the network.
  - 14. A method of authentication according to claim 11 or 12, wherein performing said second procedure includes preventing said information storage means from responding to any further authentication challenges.
  - 16. A method of authentication according to any of claims 11 to 15, wherein said characteristic of said message is derivable from said authentication challenge.
  - 17. A method of authentication according to claim 16, wherein said characteristic is determined using checksums, cyclic redundancy codes or by portions of predetermined length or predetermined position.
  - 18. A method of authentication according to claims 11 to 15, wherein said message includes said authentication challenge and an authentication code and said characteristic of said message is included in said authentication code.
  - 19. A method of authentication according to claim 18, comprising the step of selecting one authentication code from a number of different authentication codes, whereby each authentication code is assigned to a particular input parameter or algorithm.
  - 20. A method of authentication according to claim 19, wherein said authentication codes, input parameters or algorithms and assignments of said codes to said input parameter or algorithms are stored on said information storage means.

15. A method of authentication using an information storage means, said information storage means receiving a message comprising an authentication challenge and determining a characteristic of said message, said information storage means comprising means for calculating an authentication response based on said authentication challenge, an authentication input parameter and an authentication algorithm, said method comprising the steps of:
- retrieving one authentication input parameter from a number of input parameters stored on said information storage means or one authentication algorithm from a number of algorithms stored on said information storage means in response to said characteristic; and
  
  responding to said authentication challenge by using said retrieved authentication input parameter or algorithm.

23. A method of authentication, comprising distinguishing an authorised request for authentication from an unauthorised request for authentication and responding differently to authorised requests than to unauthorised requests.
- View Dependent Claims (24, 25)
- - 24. A method of authentication according to claim 23, further comprising storing data on an information storage means indicating that said information storage means has been subject to an unauthorised request for authentication.
  - 25. A method of authentication according to claim 23 or 24, wherein said request for authentication includes an authentication challenge.

26. A method of authentication, comprising the step of using a first valid input parameter or a first authentication algorithm to respond to an authorised authentication challenge and using a second input parameter or a second algorithm, different from said first input, to respond to an unauthorised authentication challenge.
- View Dependent Claims (27)
- - 27. A method of authentication according to claim 26, further comprising storing data on an information storage means indicating that said information storage means has been subject to an unauthorised authentication challenge.

28. An authentication centre for a mobile communications network, comprising:
- a database storing a secret authentication input parameter for subscribers of said mobile communications network;
  
  a source for providing random numbers as second input parameters;
  
  means for calculating certificates for authorising authentication challenges, including an algorithm for calculating said certificates; and
  
  means for calculating authentication responses, including an algorithm for calculating said responses.

29. An authentication centre for a mobile communications network, comprising:
- a database storing;
  
  i) an authentication algorithm and at least two secret first input parameters;
  
  or ii) a secret first input parameter and at least two different authentication algorithms for calculating authentication responses;
  
  a source for providing second input parameters for calculating said authentication responses;
  
  means for;
  
  i) determining characteristics of said second input parameters;
  
  or ii) providing authentication codes;
  
  means for assigning one of said at least two secret first input parameters or authentication algorithms to said characteristics or said authentication codes in a predetermined way;
  
  means for retrieving the assigned first input parameter or authentication algorithm from said database; and
  
  means for calculating said authentication responses using said assigned first input parameter or authentication algorithm.

30. An information storage means for authentication, adapted for distinguishing authorised and unauthorised requests for authentication and for responding differently to said authorised and said unauthorised authentication requests.
- View Dependent Claims (31, 32, 33, 34, 35, 37)
- - 31. An information storage means according to claim 30, wherein said authentication requests include authentication challenges and responding to said authentication challenges include calculating an authentication response from said authentication challenge an authentication input parameter and an authentication algorithm.
  - 32. An information storage means according to claim 31, wherein said authentication challenges carry certificates for authorising said authentication challenges.
  - 33. An information storage means according to claim 32, wherein the validity of said certificate can be checked by calculation of said certificate from a certifying key and a certifying algorithm stored on said information storage means using said authentication challenge as an input parameter and by comparing the calculated and received certificate.
  - 34. An information storage means according to any of claims 30 to 33, said information storage means being adapted for storing a first authentication input parameter or algorithm for use in a procedure of responding to authorised requests for authentication and further adapted for storing at least another authentication input parameter or algorithm for use in a procedure of responding to unauthorised requests.
  - 35. An information storage means according to any of claims 30 to 34, further adapted for storing data on said information storage means indicating that said information storage means has been subject to an unauthorised request for authentication.
  - 37. An information storage means according to claims 32, 33 or 36, for authentication in a mobile communications network according to a GSM standard, wherein a received message comprising said authentication challenge and said certificate or authentication code have the same appearance as an authentication challenge according to the GSM standard.

36. An information storage means for authentication, comprising:
- means for calculating authentication responses to received authentication challenges using said challenges, an authentication input parameter and an authentication algorithm stored on said information storage means;
  
  means for;
  
  i) determining characteristics of said authentication challenges;
  
  or ii) determining characteristics of received authentication codes;
  
  means for storing;
  
  i) an authentication algorithm and at least two secret authentication input parameters;
  
  or ii) a secret authentication input parameters and at least two authentication algorithms means for determining predetermined assignments of said characteristics to said at least two authentication input parameters or algorithms; and
  
  means for retrieving the assigned authentication input parameters or algorithms for a particular characteristic or authentication code and using said assigned authentication input parameter or algorithm for calculating said authentication responses.

38. A subscriber identifying means for authentication in a mobile communications network, adapted for distinguishing a genuine authentication challenge as transmitted by said network from a false authentication challenge and for storing data indicating that said subscriber identifying means has been subject to false authentication challenges.

39. A method of authentication in a mobile communications network, comprising transmitting an authentication request to a mobile station and receiving an authentication response from the mobile station, wherein the authentication request transmitted to the mobile station comprises:
- an authentication challenge; and
  
  a certificate, said certificate providing authentication of a network entity to or an authentication code for determining a procedure for responding to said authentication challenge.

40. A method of authentication in a mobile communications network, wherein a network entity transmits an authentication challenge to a subscriber identifying means and generates an authentication response to said challenge, wherein said subscriber identifying means generates an authentication response to said received challenge and transmitting said response to said network entity, wherein said network entity compares the authentication response generated by said network entity to the authentication response provided by said subscriber identifying means, and wherein said method comprises the steps of generating said authentication responses using a variable external input parameter available to said network entity and said subscriber identifying means and calculating said authentication response in response thereto.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange Personal Communications Services Limited (BT Group PLC)
Original Assignee
Orange Personal Communications Services Limited (BT Group PLC)
Inventors
Green, Mark Raymond, Haysom, Timothy John, Hooker, Philip

Application Number

US10/343,778
Publication Number

US 20040015692A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 51/42   Mailbox-related aspects, e....

H04L 51/58   Message adaptation for wire...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/40   Security arrangements using...

Authentication in a mobile communications network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

166 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication in a mobile communications network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links