Mobile terminal authentication method capable of reducing authentication processing time and preventing fraudulent transmission/reception of data through spoofing
First Claim
1. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
- said mobile terminal transmitting an N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred; and
said authentication responsible device authenticating the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.
1 Assignment
0 Petitions
Accused Products
Abstract
A mobile terminal transmits an N-th authentication key to an authentication server when the mobile terminal has moved from a coverage area under a certain radio access point to a coverage area under another radio access point. The N-th authentication key is generated by applying a hash function to a random number a number of times one smaller than an (N−1)th authentication key which was transmitted when the mobile terminal moved to the coverage area under the certain radio access point. Upon receipt of the N-th authentication key from the mobile terminal, the authentication server applies the hash function once to the N-th authentication key, and compares the result with the (N−1)th authentication key. Then, the authentication server determines that the authentication is successful when there is a match between both keys.
155 Citations
47 Claims
-
1. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
-
said mobile terminal transmitting an N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred; and
said authentication responsible device authenticating the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship. - View Dependent Claims (3)
-
-
2. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
-
said mobile terminal generating an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmitting the generated authentication key to said authentication responsible device; and
said authentication responsible device authenticating the validity of said mobile terminal based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship. - View Dependent Claims (4)
-
-
5. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication server, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
-
said authentication server transmitting a challenge word to said mobile terminal;
said mobile terminal holding the challenge word sent from said authentication server, and transmitting an N-th authentication key to said authentication server when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held challenge word a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N-1)th handover has occurred; and
said authentication server authenticating the validity of said mobile terminal when the N-th authentication key is sent from said mobile terminal, based on whether or not the N-th authentication key and the held (N−
1)th authentication key have a predetermined relationship, and holding the N-th authentication key in place of the (N-1)th authentication key when the authentication is successful. - View Dependent Claims (6, 7)
-
-
8. An authentication method for use in a mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, an authentication server, and an authentication proxy switch disposed between said authentication server and said plurality of radio access points, wherein said mobile terminal makes communications through one of said radio access points, said method comprising the steps of:
-
said authentication server authenticating the validity of said mobile terminal based on a password sent from said mobile terminal;
said authentication proxy switch transmitting a local challenge to said mobile terminal;
said mobile terminal holding the local challenge sent from said authentication proxy switch, and transmitting an N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held local challenge a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred; and
said authentication proxy switch authenticating the validity of said mobile terminal based on whether or not the N-th authentication key and the (N−
1)th authentication key held therein have a predetermined relationship, when the N-th authentication key is sent from said mobile terminal, and holding the N-th authentication key in place of the (N−
1)th authentication key when the authentication is successful. - View Dependent Claims (9, 10)
-
-
11. A mobile wireless communication system including a mobile terminal, a plurality of radio access points, and an authentication responsible device, said mobile terminal making communications through one of said radio access points, wherein:
-
said mobile terminal is configured to transmit an N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred; and
said authentication responsible device is configured to authenticate the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship. - View Dependent Claims (13)
-
-
12. A mobile wireless communication system which includes a mobile terminal, a plurality of radio access points, and an authentication responsible device, wherein said mobile terminal makes communications through one of said radio access points, wherein:
-
said mobile terminal is configured to generate an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmit the generated authentication key to said authentication responsible device; and
said authentication responsible device is configured to authenticate the validity of said mobile terminal based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship. - View Dependent Claims (14)
-
-
15. A mobile wireless communication system including a mobile terminal, a plurality of radio access points, and an authentication server, said mobile terminal making communications through one of said radio access points, wherein:
-
said authentication server comprises authentication means for transmitting a challenge word to said mobile terminal, authenticating the validity of said mobile terminal when the N-th authentication key is sent from said mobile terminal, based on whether or not the N-th authentication key and the held (N−
1)th authentication key have a predetermined relationship, and holding the N-th authentication key in place of the (N−
1)th authentication key when the authentication is successful; and
said mobile terminal comprising authentication requesting means for holding the challenge word sent from said authentication server, and transmitting an N-th authentication key to said authentication server when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held challenge word a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover has occurred. - View Dependent Claims (16, 17)
-
-
18. A mobile wireless communication system including a mobile terminal, a plurality of radio access points, an authentication server, and an authentication proxy switch disposed between said authentication server and said plurality of radio access points, said mobile terminal making communications through one of said radio access points, wherein:
-
said authentication server comprises authentication server resident authentication means for authenticating the validity of said mobile terminal based on a password sent from said mobile terminal;
said authentication proxy switch comprises authentication proxy switch resident authentication means for transmitting a local challenge to said mobile terminal, authenticating the validity of said mobile terminal based on whether or not an N-th authentication key and an (N−
1)th authentication key held therein have a predetermined relationship, when the N-th authentication key is sent from said mobile terminal, and holding the N-th authentication key in place of the (N−
1)th authentication key when the authentication is successful; and
said mobile terminal comprises authentication requesting means for holding the local challenge sent from said authentication proxy switch, and transmitting the N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held local challenge a number of times different by a predetermined number of times from the (N−
1)th authentication key transmitted when an (N−
1)th handover occurred. - View Dependent Claims (19, 20)
-
-
21. A mobile terminal configured to transmit an N-th authentication key to an authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
- 1)th authentication key transmitted when an (N−
1)th handover occurred. - View Dependent Claims (23)
- 1)th authentication key transmitted when an (N−
-
22. A mobile terminal configured to generate an authentication key each time a handover occurs by applying a hash function to a value given from an authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmit the generated authentication key to said authentication responsible device.
-
24. A mobile terminal comprising:
-
a challenge word register for holding a challenge word sent from said authentication server; and
control means for transmitting an N-th authentication key to said authentication server when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held challenge word a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover has occurred. - View Dependent Claims (25, 26)
-
-
27. A mobile terminal comprising:
-
a local challenge register for holding a local challenge sent from an authentication proxy switch; and
control means for transmitting an N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to the held local challenge a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred. - View Dependent Claims (28, 29)
-
-
30. An authentication responsible device configured to be responsive to an N-th authentication key sent thereto from a mobile terminal which transmits the N-th authentication key to said authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
- 1)th authentication key transmitted when an (N−
1)th handover occurred, for authenticating the validity of said mobile terminal based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship. - View Dependent Claims (32)
- 1)th authentication key transmitted when an (N−
- 31. An authentication responsible device configured to authenticate the validity of a mobile terminal which generates an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmits the generated authentication key, based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship.
-
34. An authentication server comprising:
authentication means responsive to an N-th authentication key sent thereto from a mobile terminal which transmits the N-th authentication key when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a challenge word a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover has occurred, for authenticating the validity of said mobile terminal based on whether or not the N-th authentication key and the held (N−
1)th authentication key have a predetermined relationship, and holding the N-th authentication key in place of the (N−
1)th authentication key when the authentication is successful.- View Dependent Claims (35, 36)
-
37. An authentication proxy switch comprising authentication means responsive to an N-th authentication key sent from a mobile terminal which transmits an N-th authentication key to said authentication proxy switch when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a local challenge a number of times different by a predetermined number of times from an (N−
- 1)th authentication key transmitted when an (N−
1)th handover occurred, for authenticating the validity of said mobile terminal based on whether or not the N-th authentication key and the (N−
1)th authentication key held therein have a predetermined relationship, and holding the N-th authentication key in place of the (N−
1)th authentication key when the authentication is successful. - View Dependent Claims (38, 39)
- 1)th authentication key transmitted when an (N−
-
40. A program for causing a computer to function as a mobile terminal, said program causing the computer to execute:
processing for transmitting an N-th authentication key to an authentication responsible device when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred.- View Dependent Claims (42)
-
41. A program for causing a computer to function as a mobile terminal, said program causing the computer to execute:
processing for generating an authentication key each time a handover occurs by applying a hash function to a value given from an authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmitting the generated authentication key to said authentication responsible device. - View Dependent Claims (43)
-
44. A program for causing a computer to function as an authentication responsible device, said program causing the computer to execute:
processing for authenticating the validity of a mobile terminal when an N-th authentication key is sent from said mobile terminal which transmits the N-th authentication key when an N-th handover occurs, said N-th authentication key being generated by applying a hash function to a value given from said authentication responsible device a number of times different by a predetermined number of times from an (N−
1)th authentication key transmitted when an (N−
1)th handover occurred, based on whether or not the N-th authentication key sent from said mobile terminal and the (N−
1)th authentication key previously sent from said mobile terminal satisfy a predetermined relationship.- View Dependent Claims (46)
-
45. A program for causing a computer to function as an authentication responsible device, said program causing the computer to execute:
processing for authenticating the validity of a mobile terminal which generates an authentication key each time a handover occurs by applying a hash function to a value given from said authentication responsible device a number of times associated with the number of times the authentication key has been transmitted, and transmits the generated authentication key, based on whether or not the current authentication key sent from said mobile terminal and a preceding authentication key sent from said mobile terminal satisfy a predetermined relationship. - View Dependent Claims (47)
Specification