Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device

US 20060107059A1
Filed: 12/29/2005
Published: 05/18/2006
Est. Priority Date: 06/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method for providing telephone service in a telephone service provider, comprising the steps of:

receiving an identity public key transmitted from a telephone to said service provider;

providing source test data, said step of providing source test data being performed by said service provider;

performing a pair of complementary data transformations of said source test data to produce resultant test data, by;

(a) performing a first data transformation of said pair of complementary data transformations according to a first public/private key encryption algorithm using said identity public key, said performing a first data transformation step being performed by said service provider, and (b) requesting said telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said telephone, and receiving the results of said second data transformation;

comparing said source test data to said resultant test data, said comparing step being performed by said service provider;

providing service to said telephone depending on whether said source test data matches said resultant test data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart chip protection system contains a unique public/private identity key pair and uses a separate public/private signature key pair. The internally stored identity private key can not be read outside the chip. An issuing entity generates a descriptor containing the identity public key, attribute data, and a digital signature of the two, using a signature private key known only to the issuer. The authenticity of the descriptor is verified by decrypting the signature using the signature public key, and comparing the result to source data. An object'"'"'s identity can be verified by requesting the smart chip to perform a data transformation using its identity private key, and performing the complement using the public key. An exemplary embodiment is a cellular telephone, in which a service provider verifies identity of the telephone and correct signature as a condition to providing service.

Citations

20 Claims

1. A method for providing telephone service in a telephone service provider, comprising the steps of:
- receiving an identity public key transmitted from a telephone to said service provider;
  
  providing source test data, said step of providing source test data being performed by said service provider;
  
  performing a pair of complementary data transformations of said source test data to produce resultant test data, by;
  
  (a) performing a first data transformation of said pair of complementary data transformations according to a first public/private key encryption algorithm using said identity public key, said performing a first data transformation step being performed by said service provider, and (b) requesting said telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said telephone, and receiving the results of said second data transformation;
  
  comparing said source test data to said resultant test data, said comparing step being performed by said service provider;
  
  providing service to said telephone depending on whether said source test data matches said resultant test data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method for providing telephone service of claim 1, further comprising the steps of:
    - receiving, in said service provider, attribute data and a digital signature of said identity public key and said attribute data, said attribute data and digital signature being transmitted from said telephone;
      
      verifying that said digital signature matches said identity public key and said attribute data; and
      
      providing service to said telephone depending on whether said digital signature matches said identity public key and said attribute data.
  - 3. The method for providing telephone service of claim 2, wherein said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key, and wherein said step of verifying that said digital signature matches said identity public key and said attribute data comprises:
    - decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key;
      
      comparing the decrypted digital signature to said data derived from said identity public key and said attribute data to verify said attribute data..
  - 4. The method for providing telephone service of claim 2, wherein said attribute data includes an identifier identifying said telephone.
  - 5. The method for providing telephone service of claim 4, wherein said identifier comprises a telephone number of said telephone.
  - 6. The method for providing telephone service of claim 1, wherein said first data transformation is an encryption of said source test data and said second data transformation is a decryption of said source test data encrypted by said first data transformation, said first data transformation being performed before said second data transformation.
  - 7. The method for providing telephone service of claim 1, wherein said second data transformation is an encryption of said source test data and said first data transformation is a decryption of said source test data encrypted by said second data transformation, said second data transformation being performed before said first data transformation.
  - 8. The method for providing telephone service of claim 1, wherein said telephone is a cellular telephone.
  - 9. The method for providing telephone service of claim 1, wherein said source test data is randomly generated data.
  - 10. The method for providing telephone service of claim 1, wherein said method is performed locally at a communication station in communication with said telephone.
  - 11. The method for providing telephone service of claim 1, wherein at least one step of said method is performed locally at a communication station in communication with said telephone, and at least one step of said method is performed at a service provider facility remote from said communication station.

12. A method in a telephone service provider for updating attribute data contained in a telephone, comprising the steps of:
- obtaining a descriptor associated with said telephone, said descriptor including an identity public key for transforming data according to a first public/private key encryption algorithm, attribute data, and a digital signature;
  
  verifying that said digital signature matches said attribute data and said identity public key;
  
  performing a pair of complementary data transformations of source test data to produce resultant test data, a first of said pair of complementary data transformations being performed by said service provider according to said first public/private key encryption algorithm using said identity public key, and a second of said pair of complementary data transformations being performed by requesting said telephone to perform said second data transformation according to said first public/private key encryption algorithm using an identity private key in said telephone and receiving data from said telephone responsive to said request, said identity private key corresponding to said identity public key according to said first public/private key encryption algorithm;
  
  comparing said source test data with said resultant test data;
  
  depending on the results of said step of comparing said source test data with said resultant test data, generating an updated descriptor, said updated descriptor comprising said identity public key, updated attribute data, and a digital signature of said identity public key and said updated attribute data; and
  
  transmitting said updated descriptor to said telephone.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method in a telephone service provider for updating attribute data contained in a telephone of claim 12, wherein said step of generating an updated descriptor comprises generating said digital signature by encrypting a derivation of said identity public key and said updated attribute data according to a second public/private key encryption algorithm using a signature private key.
  - 14. The method in a telephone service provider for updating attribute data contained in a telephone of claim 12, wherein said first of said pair of complementary data transformations is an encryption of said source test data and said second of said pair of complementary data transformations is a decryption of said source test data encrypted by said first transformation, said first transformation being performed before said second transformation.
  - 15. The method in a telephone service provider for updating attribute data contained in a telephone of claim 12, wherein said second of said pair of complementary data transformations is an encryption of said source test data and said first of said pair of complementary data transformations is a decryption of said source test data encrypted by said second transformation, said second transformation being performed before said first transformation.
  - 16. The method in a telephone service provider for updating attribute data contained in a telephone of claim 12, wherein said source test data is randomly generated data.
  - 17. The method in a telephone service provider for updating attribute data contained in a telephone of claim 12, wherein said telephone is a cellular telephone.

18. A computer program product for operating a communication station of a telephone service in a telephone service provider, comprising:
- a plurality of computer-executable instructions, wherein said instructions, when executed on at least one digital data processing system of a telephone service provider, cause the at least one digital data processing system to perform the steps of;
  
  receiving an identity public key transmitted from a telephone to said service provider;
  
  providing source test data;
  
  causing a pair of complementary data transformations of said source test data to be performed to produce resultant test data, by;
  
  (a) performing a first data transformation of said pair of complementary data transformations according to a first public/private key encryption algorithm using said identity public key, and (b) requesting said telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said telephone, and receiving the results of said second data transformation;
  
  comparing said source test data to said resultant test data; and
  
  providing service to said telephone depending on whether said source test data matches said resultant test data.
- View Dependent Claims (19, 20)
- - 19. The computer program product of claim 18, wherein said instructions further cause said digital data processing system to perform the steps of:
    - receiving attribute data and a digital signature of said identity public key and said attribute data, said attribute data and digital signature being transmitted from said telephone;
      
      verifying that said digital signature matches said identity public key and said attribute data; and
      
      providing service to said telephone depending on whether said digital signature matches said identity public key and said attribute data.
  - 20. The computer program product of claim 19, wherein said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key, and wherein said step of verifying that said digital signature matches said identity public key and said attribute data comprises:
    - decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key;
      
      comparing the decrypted digital signature to said data derived from said identity public key and said attribute data to verify said attribute data..

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lewis, David Otto, Remfert, Jeffrey Earl

Granted Patent

US 7,797,541 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/84   Vehicles

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links