Performing authentication in a communications system

US 20040229597A1
Filed: 05/15/2003
Published: 11/18/2004
Est. Priority Date: 05/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method for authentication in a communications system, the method comprising:

receiving a request for authentication from a server, the request for authentication including a first and a second random challenge;

comparing the first random challenge and the second random challenge;

denying the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge; and

transmitting an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for performing authentication in a communications system is provided. The method includes receiving a request for authentication from a server, the request for authentication including a first and a second random challenge, and comparing the first random challenge and the second random challenge. The method further includes denying the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge, and transmitting an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.

Citations

30 Claims

1. A method for authentication in a communications system, the method comprising:
- receiving a request for authentication from a server, the request for authentication including a first and a second random challenge;
  
  comparing the first random challenge and the second random challenge;
  
  denying the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge; and
  
  transmitting an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein denying the request for authentication comprises not responding to the request for authentication.
  - 3. The method of claim 1, wherein denying the request for authentication comprises rejecting the request from the server.
  - 4. The method of claim 1, wherein denying the request for authentication comprises establishing a session for at least one of voice and data communications and terminating the session.
  - 5. The method of claim 1, further comprising receiving a message authentication code associated with at least the first random challenge and the second random challenge in response to transmitting an initial random challenge to the server.
  - 6. The method of claim 5, further comprising verifying if the received message authentication code is valid and further comprising establishing a communications session based on determining that the message authentication code is valid.
  - 7. The method of claim 6, wherein verifying the received message authentication code comprises:
    - determining a master key based on one or more cipher keys associated with the first random challenge and the second random challenge;
      
      calculating a message authentication code based on the master key; and
      
      comparing the calculated message authentication code and the received message authentication code.
  - 8. The method of claim 7, wherein receiving the request for authentication comprises receiving the request for authentication including a third random challenge and wherein denying the request for authentication comprises denying the request if any two of the received random challenges are substantially the same.

9. An apparatus for performing authentication in a communications system, the apparatus comprising:
- a receiver adapted to receive a request for authentication from a server, the request for authentication including a first and a second random challenge; and
  
  a control unit communicatively coupled to the receiver, the control unit adapted to;
  
  compare the first random challenge and the second random challenge;
  
  deny the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge; and
  
  transmit an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is generated based on the first and second random challenge and a key that is not shared with the server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The apparatus of claim 9, wherein the control unit is adapted to ignore the request for authentication based on determining that the first random challenge is not equal to the second random challenge.
  - 11. The apparatus of claim 9, wherein the control unit is adapted to reject the request from the server based on determining that the first random challenge is not equal to the second random challenge.
  - 12. The apparatus of claim 9, wherein the control unit is adapted to establish a session for at least one of voice and data communications and to terminate the session based on determining that the first random challenge is not equal to the second random challenge.
  - 13. The apparatus of claim 9, wherein the control unit is adapted to receive a message authentication code associated with the first random challenge and the second random challenge.
  - 14. The apparatus of claim 13, wherein the control unit is adapted to verify the validity of the received message authentication code and to establish a session based on determining that the message authentication code is valid.
  - 15. The apparatus of claim 14, wherein the control unit is adapted to:
    - determine a master key based on one or more cipher keys associated with the first random challenge and the second random challenge;
      
      calculate a message authentication code based on the master key; and
      
      compare the calculated message authentication code and the received message authentication code.
  - 16. The apparatus of claim 15, wherein the control unit is adapted to receive the request for authentication including a third random challenge and to deny the request for authentication if any two of the received random challenges are substantially the same.
  - 17. The apparatus of claim 15, wherein the control unit is adapted determine the master key based on at least one of a signed response associated with the first random challenge and a signed response associated with the second random challenge.

18. A system, comprising:
- a server having access to a plurality of challenges and to a plurality of associated values generated based on a key that is not accessible to the server, the server being adapted to transmit a request for authentication including at least a first and a second challenge from the plurality of challenges; and
  
  an apparatus to;
  
  compare the first random challenge and the second random challenge;
  
  deny the request for authentication in response to determining that the first random challenge is substantially the same as the second random challenge; and
  
  transmit an encoded value to the server in response to determining that the first random challenge is different from the second random challenge, wherein the encoded value is based on at least a portion of the values associated with the first and second random challenges and the secret key.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The system of claim 18, wherein the access terminal is adapted to not respond to the request for authentication based on determining that the first random challenge is not equal to the second random challenge.
  - 20. The system of claim 18, wherein the access terminal is adapted to reject the request from the server based on determining that the first random challenge is not equal to the second random challenge.
  - 21. The system of claim 18, wherein the access terminal is adapted to establish a session for at least one of voice and data communications and to terminate the session based on determining that the first random challenge is not equal to the second random challenge.
  - 22. The system of claim 18, wherein the server is adapted to transmit a message authentication code associated with the first random challenge and the second random challenge and wherein the access terminal is adapted to receive the message authentication code.
  - 23. The system of claim 21, wherein the server is adapted to:
    - generate a message authentication code associated with the first random challenge and the second random challenge, wherein generating the message authentication code comprises determining a master key based on a cipher key and a signed response associated with the first and second random challenges; and
      
      transmit the message authentication code to the access terminal.
  - 24. The system of claim 21, wherein the access terminal is adapted to verify the validity of the received message authentication code and to establish a session based on determining that the message authentication code is valid.
  - 25. The system of claim 23, wherein the access terminal is adapted to:
    - determine a master key based on one or more cipher keys associated with the first random challenge and the second random challenge;
      
      calculate a message authentication code based on the master key; and
      
      compare the calculated message authentication code and the received message authentication code.
  - 26. A system of claim 25, wherein the access terminal is adapted to determine the master key based on at least one of a signed response associated with the first random challenge and a signed response associated with the second random challenge.

27. A method, comprising:
- determining one or more challenges to transmit to an access terminal;
  
  determining a message authentication code value for the one or more challenges, comprising;
  
  determining a cipher key associated with each of the one or more challenges;
  
  determining a signed response associated with each of the one or more challenges; and
  
  determining a master key based on one or more of the cipher keys and the signed responses to determine the message authentication code; and
  
  transmitting the one or more challenges and the message authentication code to the access terminal.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27, further comprising determining an authentication key based on applying the master key to a pseudo-random number function and further comprising determining the message authentication code based on the authorization key.
  - 29. The method of claim 28, further comprising receiving the transmitted one or more challenges and the message authentication code and determining if the message authentication code is valid.
  - 30. The method of claim 29, further comprising determining a signed response associated with each of the one or more challenges, determining a message authentication code of one or more signed responses, and transmitting the message authentication code of one or more signed responses to a server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Patel, Sarvar M.

Granted Patent

US 7,181,196 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/162   at the data link layer

H04L 9/3242   involving keyed hash functi...

H04L 9/3273   for mutual authentication n...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

Performing authentication in a communications system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Performing authentication in a communications system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links