MANIPULATION AND RESTORATION OF AUTHENTICATION CHALLENGE PARAMETERS IN NETWORK AUTHENTICATION PROCEDURES
First Claim
1. A mobile device, comprising:
- a memory configured to store a binding key associated with a network authentication module of the mobile device; and
a processor communicatively connected to the memory, the processor configured to;
propagate, toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with the network authentication module of the mobile device;
receive an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter;
determine, based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and
decrypt the encrypted authentication challenge parameter, using the binding key, to recover the original authentication challenge parameter.
8 Assignments
0 Petitions
Accused Products
Abstract
A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.
21 Citations
20 Claims
-
1. A mobile device, comprising:
-
a memory configured to store a binding key associated with a network authentication module of the mobile device; and a processor communicatively connected to the memory, the processor configured to; propagate, toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with the network authentication module of the mobile device; receive an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter; determine, based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and decrypt the encrypted authentication challenge parameter, using the binding key, to recover the original authentication challenge parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
storing, by a memory of a mobile device, a binding key associated with a network authentication module of the mobile device; propagating, by a processor of the mobile device from the mobile device toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with a network authentication module of the mobile device; receiving, by the processor of the mobile device, an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter; determining, by the processor of the mobile device based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and decrypting, by the processor of the mobile device using the binding key, the encrypted authentication challenge parameter to recover the original authentication challenge parameter. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification