Local authentication of mobile subscribers outside their home systems
First Claim
Patent Images
1. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising:
- a memory; and
a processor configured to implement a set of instructions stored in the memory, the set of instructions for;
generating a plurality of keys in response to a received challenge;
generating an authentication signal based on a received signal and a first key from the plurality of keys, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; and
transmitting the authentication signal to the communications system via the communications unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber'"'"'s account.
-
Citations
22 Claims
-
1. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising:
-
a memory; and
a processor configured to implement a set of instructions stored in the memory, the set of instructions for;
generating a plurality of keys in response to a received challenge;
generating an authentication signal based on a received signal and a first key from the plurality of keys, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; and
transmitting the authentication signal to the communications system via the communications unit.
-
-
2. The processor of 1, wherein the authentication signal is generated by a hash function.
-
3. The processor of 2, wherein the hash function is the Secure Hash Algorithm (SHA-1).
-
4. The processor of 1, wherein the authentication signal is generated by an encryption algorithm.
-
5. The processor of 4, wherein the encryption algorithm is the Data Encryption Standard (DES).
-
6. A subscriber identification module, comprising:
-
a key generation element; and
a signature generator configured to receive a secret key from the key generation element and a first signature from a mobile unit, and further configured to output a second signature to the mobile unit, wherein the second signature is generated based on the secret key and the first signature. - View Dependent Claims (7, 8, 9)
-
-
10. An apparatus for providing secure local authentication of a subscriber in a communication system, comprising a subscriber identification module configured to interact with a communications unit, wherein the subscriber identification module comprises:
-
a key generator for generating a plurality of keys from a received value and a secret value, wherein at least one communication key from the plurality of keys is delivered to the communications unit and at least one secret key from the plurality of keys is not delivered to the communications unit; and
a signature generator for generating an authorization signal from both the at least one secret key and from an authorization message, wherein the authorization message is generated by the communications unit using the at least one communication key. - View Dependent Claims (11, 12, 13, 14)
-
-
15. The subscriber identification module of 12, wherein the hash function is SHA-1.
-
16. A method for providing authentication of a subscriber using a subscriber identification device, comprising:
-
generating a plurality of keys;
transmitting at least one key from the plurality of keys to a communications device communicatively coupled to the subscriber identification device and holding private at least one key from the plurality of keys;
generating a signature at the communications device using both the at least one key transmitted to the communications device and a transmission message;
transmitting the signature to the subscriber identification device;
receiving the signature at the subscriber identification device;
generating a primary signature from the received signature; and
conveying the primary signature to a communications system. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A processor for use in a subscriber identification module for providing local authentication of a subscriber in a communication system, the processor configured to control:
-
generating a plurality of keys in response to a received challenge;
generating an authentication signal based on a received signal and a first key from the plurality of keys, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; and
transmitting the authentication signal to the communications system via the communications unit.
-
Specification