Mobile terminal authentication method capable of reducing authentication processing time and preventing fraudulent transmission/reception of data through spoofing

US 20050113070A1
Filed: 11/22/2004
Published: 05/26/2005
Est. Priority Date: 11/21/2003
Status: Active Grant

First Claim

Patent Images

1. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:

said mobile terminal transmitting an N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−

1)th authentication key transmitted when an (N−

1)th handover occurred; and

said authentication responsible device authenticating the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−

1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile terminal transmits an N-th authentication key to an authentication server when the mobile terminal has moved from a coverage area under a certain radio access point to a coverage area under another radio access point. The N-th authentication key is generated by applying a hash function to a random number a number of times one smaller than an (N−1)th authentication key which was transmitted when the mobile terminal moved to the coverage area under the certain radio access point. Upon receipt of the N-th authentication key from the mobile terminal, the authentication server applies the hash function once to the N-th authentication key, and compares the result with the (N−1)th authentication key. Then, the authentication server determines that the authentication is successful when there is a match between both keys.

155 Citations

47 Claims

1. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
- said mobile terminal transmitting an N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred; and
  
  said authentication responsible device authenticating the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
  
  1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (3)
- - 3. The authentication method according to claim 1, wherein said value given from said authentication responsible device is a random number.

2. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
- said mobile terminal generating an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmitting the generated authentication key to said authentication responsible device; and
  
  said authentication responsible device authenticating the validity of said mobile terminal based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (4)
- - 4. The authentication method according to claim 2, wherein said value given from said authentication responsible device is a random number.

5. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication server, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
- said authentication server transmitting a challenge word to said mobile terminal;
  
  said mobile terminal holding the challenge word sent from said authentication server, and transmitting an N-th authentication key to said authentication server when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held challenge word a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N-1)th handover has occurred; and
  
  said authentication server authenticating the validity of said mobile terminal when the N-th authentication key is sent from said mobile terminal, based on whether or not the N-th authentication key and the held (N−
  
  1)th authentication key have a predetermined relationship, and holding the N-th authentication key in place of the (N-1)th authentication key when the authentication is successful.
- View Dependent Claims (6, 7)
- - 6. The authentication method according to claim 5, wherein:
    - said hash function is a one-way function, said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key, and said authentication server determines a successful authentication when the result of applying the hash function once to the N-th authentication key sent from said mobile terminal matches the held (N−
      
      1)th authentication key.
  - 7. The authentication method according to claim 5, further comprising the steps of:
    - when the N-th handover occurs, said mobile terminal transmitting to said authentication server the N-th authentication key generated by applying the hash function to the challenge word a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred; and
      
      said authentication server applying the hash function to the N-th authentication key a number of times in accordance with a difference between a held sequence number and the N-th sequence number when the N-th authentication key and sequence number are sent from said mobile terminal, determining that the authentication is successful when the result of applying the hash function to the N-th authentication key matches the held authentication key, and holding the N-th authentication key and sequence number in place of the held authentication key and sequence number.

8. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, an authentication server, and an authentication proxy switch disposed between said authentication server and said plurality of radio access points, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
- said authentication server authenticating the validity of said mobile terminal based on a password sent from said mobile terminal;
  
  said authentication proxy switch transmitting a local challenge to said mobile terminal;
  
  said mobile terminal holding the local challenge sent from said authentication proxy switch, and transmitting an N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held local challenge a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred; and
  
  said authentication proxy switch authenticating the validity of said mobile terminal based on whether or not the N-th authentication key and the (N−
  
  1)th authentication key held therein have a predetermined relationship, when the N-th authentication key is sent from said mobile terminal, and holding the N-th authentication key in place of the (N−
  
  1)th authentication key when the authentication is successful.
- View Dependent Claims (9, 10)
- - 9. The authentication method according to claim 8, wherein:
    - said hash function is a one-way function, said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key, and said authentication proxy switch determines a successful authentication when the result of applying the hash function once to the N-th authentication key sent from said mobile terminal matches the held (N−
      
      1)th authentication key.
  - 10. The authentication method according to claim 8, further comprising the steps of:
    - when the N-th handover occurs, said mobile terminal transmitting to said authentication proxy switch the N-th authentication key generated by applying the hash function to the local challenge a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred; and
      
      said authentication proxy switch applying the hash function to the N-th authentication key a number of times in accordance with a difference between a held sequence number and the N-th sequence number when the N-th authentication key and sequence number are sent from said mobile terminal, determining that the authentication is successful when the result of applying the hash function to the N-th authentication key matches the held authentication key, and holding the N-th authentication key and sequence number in place of the held authentication key and sequence number.

11. A mobile wireless communication system including a mobile terminal, a plurality of radio access points, and an authentication responsible device, said mobile terminal making communications through one of said radio access points, wherein:
- said mobile terminal is configured to transmit an N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred; and
  
  said authentication responsible device is configured to authenticate the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
  
  1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (13)
- - 13. The mobile wireless communication system according to claim 11, wherein said value given from said authentication responsible device is a random number.

12. A mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, wherein:
- said mobile terminal is configured to generate an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmit the generated authentication key to said authentication responsible device; and
  
  said authentication responsible device is configured to authenticate the validity of said mobile terminal based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (14)
- - 14. The mobile wireless communication system according to claim 12, wherein said value given from said authentication responsible device is a random number.

15. A mobile wireless communication system including a mobile terminal, a plurality of radio access points, and an authentication server, said mobile terminal making communications through one of said radio access points, wherein:
- said authentication server comprises authentication means for transmitting a challenge word to said mobile terminal, authenticating the validity of said mobile terminal when the N-th authentication key is sent from said mobile terminal, based on whether or not the N-th authentication key and the held (N−
  
  1)th authentication key have a predetermined relationship, and holding the N-th authentication key in place of the (N−
  
  1)th authentication key when the authentication is successful; and
  
  said mobile terminal comprising authentication requesting means for holding the challenge word sent from said authentication server, and transmitting an N-th authentication key to said authentication server when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held challenge word a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover has occurred.
- View Dependent Claims (16, 17)
- - 16. The mobile wireless communication system according to claim 15, wherein:
    - said hash function is a one-way function, said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key, and said authentication means determines a successful authentication when the result of applying the hash function once to the N-th authentication key sent from said mobile terminal matches the held (N−
      
      1)th authentication key.
  - 17. The mobile wireless communication system according to claim 15, wherein:
    - said authentication requesting means is configured to transmit, when the N-th handover occurs, to said authentication server the N-th authentication key generated by applying the hash function to the challenge word a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred; and
      
      said authentication means is configured to apply the hash function to the N-th authentication key a number of times in accordance with a difference between a held sequence number and the N-th sequence number when the N-th authentication key and sequence number are sent from said mobile terminal, determine that the authentication is successful when the result of applying the hash function to the N-th authentication key matches the held authentication key, and hold the N-th authentication key and sequence number in place of the held authentication key and sequence number.

18. A mobile wireless communication system including a mobile terminal, a plurality of radio access points, an authentication server, and an authentication proxy switch disposed between said authentication server and said plurality of radio access points, said mobile terminal making communications through one of said radio access points, wherein:
- said authentication server comprises authentication server resident authentication means for authenticating the validity of said mobile terminal based on a password sent from said mobile terminal;
  
  said authentication proxy switch comprises authentication proxy switch resident authentication means for transmitting a local challenge to said mobile terminal, authenticating the validity of said mobile terminal based on whether or not an N-th authentication key and an (N−
  
  1)th authentication key held therein have a predetermined relationship, when the N-th authentication key is sent from said mobile terminal, and holding the N-th authentication key in place of the (N−
  
  1)th authentication key when the authentication is successful; and
  
  said mobile terminal comprises authentication requesting means for holding the local challenge sent from said authentication proxy switch, and transmitting the N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held local challenge a number of times different by a predetermined number of times from the (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred.
- View Dependent Claims (19, 20)
- - 19. The mobile wireless communication system according to claim 18, wherein:
    - said hash function is a one-way function, said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key, and said authentication proxy switch resident authentication means determines a successful authentication when the result of applying the hash function once to the N-th authentication key sent from said mobile terminal matches the held (N−
      
      1)th authentication key.
  - 20. The mobile wireless communication system to claim 18, wherein:
    - said authentication requesting means is configured to transmit, when the N-th handover occurs, to said authentication server the N-th authentication key generated by applying the hash function to the local challenge a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred; and
      
      said authentication proxy switch resident authentication means is configured to apply the hash function to the N-th authentication key a number of times in accordance with a difference between a held sequence number and the N-th sequence number when the N-th authentication key and sequence number are sent from said mobile terminal, determine that the authentication is successful when the result of applying the hash function to the N-th authentication key matches the held authentication key, and hold the N-th authentication key and sequence number in place of the held authentication key and sequence number.

21. A mobile terminal configured to transmit an N-th authentication key to an authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
- 1)th authentication key transmitted when an (N−
  
  1)th handover occurred.
- View Dependent Claims (23)
- - 23. The mobile terminal according to claim 21, wherein said value given from said authentication responsible device is a random number.

22. A mobile terminal configured to generate an authentication key each time a handover occurs by applying a hash function to a value given from an authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmit the generated authentication key to said authentication responsible device.

24. A mobile terminal comprising:
- a challenge word register for holding a challenge word sent from said authentication server; and
  
  control means for transmitting an N-th authentication key to said authentication server when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held challenge word a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover has occurred.
- View Dependent Claims (25, 26)
- - 25. The mobile terminal according to claim 24, wherein:
    - said hash function is a one-way function, and said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key.
  - 26. The mobile terminal according to claim 24, wherein said control means is configured to transmit, when the N-th handover occurs, to said authentication server the N-th authentication key generated by applying the hash function to the challenge word a number of times smaller by one than the (N−
    - 1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred.

27. A mobile terminal comprising:
- a local challenge register for holding a local challenge sent from an authentication proxy switch; and
  
  control means for transmitting an N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held local challenge a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred.
- View Dependent Claims (28, 29)
- - 28. The mobile terminal according to claim 27, wherein:
    - said hash function is a one-way function, and said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key.
  - 29. The mobile terminal according to claim 27, wherein:
    - said control means is configured to transmit, when the N-th handover occurs, to said authentication server the N-th authentication key generated by applying the hash function to the local challenge a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred.

30. An authentication responsible device configured to be responsive to an N-th authentication key sent thereto from a mobile terminal which transmits the N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
- 1)th authentication key transmitted when an (N−
  
  1)th handover occurred, for authenticating the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
  
  1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (32)
- - 32. The authentication responsible device according to claim 30, wherein said value given to said mobile terminal is a random number.

31. An authentication responsible device configured to authenticate the validity of a mobile terminal which generates an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmits the generated authentication key, based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (33)
- - 33. The authentication responsible device according to claim 31, wherein said value given to said mobile terminal is a random number.

34. An authentication server comprising:
- authentication means responsive to an N-th authentication key sent thereto from a mobile terminal which transmits the N-th authentication key when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a challenge word a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover has occurred, for authenticating the validity of said mobile terminal based on whether or not the N-th authentication key and the held (N−
  
  1)th authentication key have a predetermined relationship, and holding the N-th authentication key in place of the (N−
  
  1)th authentication key when the authentication is successful.
- View Dependent Claims (35, 36)
- - 35. The authentication server according to claim 34, wherein:
    - said hash function is a one-way function, said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key, and said authentication means is configured to determine a successful authentication when the result of applying the hash function once to the N-th authentication key sent from said mobile terminal matches the held (N−
      
      1)th authentication key.
  - 36. The authentication server according to claim 34, wherein:
    - said mobile terminal is configured to transmit, when the N-th handover occurs, to said authentication server the N-th authentication key generated by applying the hash function to the challenge word a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred; and
      
      said authentication means is configured to apply the hash function to the N-th authentication key a number of times in accordance with a difference between a held sequence number and the N-th sequence number when the N-th authentication key and sequence number are sent from said mobile terminal, determine that the authentication is successful when the result of applying the hash function to the N-th authentication key matches the held authentication key, and hold the N-th authentication key and sequence number in place of the held authentication key and sequence number.

37. An authentication proxy switch comprising authentication means responsive to an N-th authentication key sent from a mobile terminal which transmits an N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a local challenge a number of times different by a predetermined number of times from an (N−
- 1)th authentication key transmitted when an (N−
  
  1)th handover occurred, for authenticating the validity of said mobile terminal based on whether or not the N-th authentication key and the (N−
  
  1)th authentication key held therein have a predetermined relationship, and holding the N-th authentication key in place of the (N−
  
  1)th authentication key when the authentication is successful.
- View Dependent Claims (38, 39)
- - 38. The authentication proxy switch according to claim 37, wherein:
    - said hash function is a one-way function, said N-th authentication key is generated by applying the hash function to the challenge word a number of times smaller by one than said (N−
      
      1)th authentication key, and said authentication means determines a successful authentication when the result of applying the hash function once to the N-th authentication key sent from said mobile terminal matches the held (N−
      
      1)th authentication key.
  - 39. The authentication proxy switch according to claim 37, wherein:
    - said mobile terminal is configured to transmit, when the N-th handover occurs, to said authentication server the N-th authentication key generated by applying the hash function to the local challenge a number of times smaller by one than the (N−
      
      1)th authentication key transmitted when the (N−
      
      1)th handover occurred, and an N-th sequence number which is larger by one than an (N−
      
      1)th sequence number transmitted when the (N−
      
      1)th handover occurred; and
      
      said authentication means is configured to apply the hash function to the N-th authentication key a number of times in accordance with a difference between a held sequence number and the N-th sequence number when the N-th authentication key and sequence number are sent from said mobile terminal, determine that the authentication is successful when the result of applying the hash function to the N-th authentication key matches the held authentication key, and hold the N-th authentication key and sequence number in place of the held authentication key and sequence number.

40. A program for causing a computer to function as a mobile terminal, said program causing the computer to execute:
- processing for transmitting an N-th authentication key to an authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred.
- View Dependent Claims (42)
- - 42. The program according to claim 40, wherein said value given from said authentication responsible device is a random number.

41. A program for causing a computer to function as a mobile terminal, said program causing the computer to execute:
- processing for generating an authentication key each time a handover occurs by applying a hash function to a value given from an authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmitting the generated authentication key to said authentication responsible device.
- View Dependent Claims (43)
- - 43. The program according to claim 41, wherein said value given from said authentication responsible device is a random number.

44. A program for causing a computer to function as an authentication responsible device, said program causing the computer to execute:
- processing for authenticating the validity of a mobile terminal when an N-th authentication key is sent from said mobile terminal which transmits the N-th authentication key when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
  
  1)th authentication key transmitted when an (N−
  
  1)th handover occurred, based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
  
  1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (46)
- - 46. The program according to claim 44, wherein said value given from said authentication responsible device to said mobile terminal is a random number.

45. A program for causing a computer to function as an authentication responsible device, said program causing the computer to execute:
- processing for authenticating the validity of a mobile terminal which generates an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmits the generated authentication key, based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship.
- View Dependent Claims (47)
- - 47. The program according to claim 45, wherein said value given from said authentication responsible device to said mobile terminal is a random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Okabe, Toshiya

Granted Patent

US 7,631,186 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

Mobile terminal authentication method capable of reducing authentication processing time and preventing fraudulent transmission/reception of data through spoofing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

155 Citations

47 Claims

Specification

Use Cases

Quick Links

Others

Mobile terminal authentication method capable of reducing authentication processing time and preventing fraudulent transmission/reception of data through spoofing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

47 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others