Method and apparatus for authentication in wireless communications

US 20050100165A1
Filed: 09/16/2004
Published: 05/12/2005
Est. Priority Date: 11/07/2003
Status: Active Grant

First Claim

Patent Images

1. A method of securing wireless communications with a network at a subscriber station, comprising:

receiving a random value from the network;

calculating a first session key and a first response value as a function of the random value;

calculating a second session key and a second response value as a function of the random value, first session key and first response value; and

communicating the second response value to the network for authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of securing wireless communications between a network and a subscriber station include inserting a marker denoting an encryption type within a random value used for authentication, calculating a first session key and a first response value as a function of the random value, then calculating a second session key and a second response value as a function of the random value, first session key and first response value. The two levels of session keys and response values may be used by upgraded subscriber stations and network access points to prevent attackers from intercepting authentication triplets.

Citations

32 Claims

1. A method of securing wireless communications with a network at a subscriber station, comprising:
- receiving a random value from the network;
  
  calculating a first session key and a first response value as a function of the random value;
  
  calculating a second session key and a second response value as a function of the random value, first session key and first response value; and
  
  communicating the second response value to the network for authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the random value including an encryption marker identifying an encryption type for a communication.
  - 3. The method of claim 2, wherein the marker comprises a plurality of bits that specify a predetermined sequence of values.
  - 4. The method of claim 2, wherein the encryption type is different from A5/2 encryption.
  - 5. The method of claim 1, further comprising receiving an encryption request that is inconsistent with the encryption type and ignoring the request.
  - 6. The method of claim 5, further comprising encrypting communications data in accordance with the encryption type.
  - 7. The method of claim 5, further comprising declining to transmit communications data in response to the encryption request being inconsistent with the encryption type.
  - 8. The method of claim 1, further comprising:
    - retrieving a secret key stored in the subscriber station, wherein calculation of the first session key and the first response key is also a function of the secret key.
  - 9. The method of claim 1, further comprising:
    - modifying the random value, wherein calculation of the second session key and the second response value comprises combining the modified random value, the first session key and the first response value to form an authentication triplet, and performing a hash function on the authentication triplet.
  - 10. The method of claim 9, wherein the second session key and second response value are calculated as a function of the output of the hash function and a secret key that is stored on a SIM card in the subscriber station.
  - 11. The method of claim 1, further comprising calculating an encrypted key as a function of the first session key and a predetermined value.
  - 12. The method of claim 11, wherein the encrypted key comprises a cipher key.
  - 13. The method of claim 11, wherein the encrypted key comprises an authentication key.
  - 14. The method of claim 11, further comprising encrypting communications data with the encrypted key prior to communicating the data to the network.

15. A method of securing wireless communications with a subscriber station from a network, comprising:
- generating a random value having a marker specifying an encryption type;
  
  calculating a first session key and a first response value as a function of the random value;
  
  calculating a second session key and a second response value as a function of the random value, first session key and first response value;
  
  communicating the random value to the subscriber station;
  
  receiving a subscriber response value from the subscriber station in response to the random value; and
  
  comparing the subscriber response value to each of the first and second response values.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The method of claim 15, wherein the marker comprises a plurality of bits that specify a predetermined sequence of values.
  - 17. The method of claim 15, wherein the mandated encryption type is different from A5/2 encryption.
  - 18. The method of claim 15, wherein the calculation of the first session key and first response value is also a function of a secret key associated with the subscriber station.
  - 19. The method of claim 15, wherein the calculation of the second session key and second response value comprises:
    - combining the modified random value, the first session key and the first response value to form an authentication triplet; and
      
      performing a hash function on the authentication triplet.
  - 20. The method of claim 19, wherein the second session key and second response value are calculated as a function of the output of the hash function and a secret key that is associated with the subscriber station.
  - 21. The method of claim 15, wherein the subscriber response value matches the first response value, and wherein the method further comprises calculating an encrypted key as a function of the first session key and a predetermined value.
  - 22. The method of claim 21, further comprising receiving communications data from the subscriber station and decrypting the communications data with the encrypted key.
  - 23. The method of claim 21, wherein the encrypted key comprises a cipher key.
  - 24. The method of claim 21, wherein the encrypted key comprises an authentication key.

25. A subscriber station, comprising:
- means for receiving a random value from the network;
  
  means for calculating a first session key and a first response value as a function of the random value, and further for calculating a second session key and a second response value as a function of the random value, first session key and first response value;
  
  means for communicating the second response value to the network for authentication; and
  
  means for applying the second session key to encryption of data for transmission.

26. A network, comprising:
- means for generating a random value comprising a marker specifying an encryption type;
  
  means for calculating a first session key and a first response value as a function of the random value;
  
  means for calculating a second session key and a second response value as a function of the random value, first session key and first response value;
  
  means for communicating the random value to the subscriber station;
  
  means for receiving a subscriber response value from the subscriber station in response to the random value; and
  
  means for comparing the subscriber response value to each of the first and second response values.
- View Dependent Claims (32)
- - 32. The subscriber station of claim 26, further comprising:
    - memory storage unit for storing a secret key unique to the subscriber station, wherein the processor calculates the second session key and the second response value as a function of the secret key, the random value, the first session key and the first response value.

27. A subscriber station, comprising:
- a receiver configured to receive a random value from the network;
  
  a processor system configured to calculate a first session key and a first response value as a function of the random value, and calculate a second session key and a second response value as a function of the random value, first session key and first response value;
  
  an encryption unit adapted to receive the second session key for encryption and decryption of transmission data; and
  
  a transmitter configured to send the second response value to the network for authentication.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The subscriber station of claim 27 wherein the processor system comprises a first processor on a communications device and a second processor on a SIM card.
  - 29. The subscriber station of claim 28 wherein the communications device comprises a Global System Mobile cellular phone.
  - 30. The subscriber station of claim 27 wherein the processor system is further configured to combine the random value, first session key and first response value to form an authentication triplet and perform a hash function on the authentication triplet.
  - 31. The subscriber station of claim 27 wherein the processor system is further configured to calculate an encrypted key as a function of the first session key and a predetermined value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Rose, Gregory G., Paddon, Michael, Semple, James F., Hawkes, Philip M.

Granted Patent

US 8,229,118 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04W 12/069   using certificates or pre-s...

Method and apparatus for authentication in wireless communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authentication in wireless communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links