MANIPULATION AND RESTORATION OF AUTHENTICATION CHALLENGE PARAMETERS IN NETWORK AUTHENTICATION PROCEDURES

US 20170093588A1
Filed: 12/12/2016
Published: 03/30/2017
Est. Priority Date: 06/20/2012
Status: Abandoned Application

First Claim

Patent Images

1. A mobile device, comprising:

a memory configured to store a binding key associated with a network authentication module of the mobile device; and

a processor communicatively connected to the memory, the processor configured to;

propagate, toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with the network authentication module of the mobile device;

receive an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter;

determine, based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and

decrypt the encrypted authentication challenge parameter, using the binding key, to recover the original authentication challenge parameter.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.

21 Citations

View as Search Results

20 Claims

1. A mobile device, comprising:
- a memory configured to store a binding key associated with a network authentication module of the mobile device; and
  
  a processor communicatively connected to the memory, the processor configured to;
  
  propagate, toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with the network authentication module of the mobile device;
  
  receive an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter;
  
  determine, based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and
  
  decrypt the encrypted authentication challenge parameter, using the binding key, to recover the original authentication challenge parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The mobile device of claim 1, wherein the binding key comprises one of a pre-provisioned random number or string, a string provisioned during a bootstrapping procedure, an output of a hash function, a string, or a number.
  - 3. The mobile device of claim 1, wherein the processor is configured to:
    - propagate, toward the network authentication module of the mobile device, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter.
  - 4. The mobile device of claim 3, wherein the processor is configured to:
    - receive, from the network authentication module of the mobile device, an authentication response computed by the network authentication module of the mobile device based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
      
      propagate the authentication response toward the wireless access network.
  - 5. The mobile device of claim 1, wherein the mobile device further comprises the network authentication module of the mobile device, wherein the network authentication module of the mobile device is configured to:
    - receive, from the processor, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter;
      
      compute an authentication response based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
      
      propagate the authentication response toward the processor.
  - 6. The mobile device of claim 5, wherein the network authentication module of the mobile device is configured to:
    - compute a session key based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
      
      propagate the session key toward the processor.
  - 7. The mobile device of claim 1, wherein the processor is configured to:
    - prior to receiving the authentication challenge;
      
      propagate, toward the wireless access network, a request to attach to the wireless access network;
      
      wherein the request to attach to the wireless access network includes the equipment identity of the mobile device and the subscriber identity of the network authentication module of the mobile device.
  - 8. The mobile device of claim 1, wherein the equipment identity of the mobile device comprises an International Mobile Equipment Identity (IMEI) or a Mobile Equipment Identifier (MEID).
  - 9. The mobile device of claim 1, wherein the mobile device further comprises the network authentication module of the mobile device.
  - 10. The mobile device of claim 9, wherein the network authentication module of the mobile device comprises one of:
    - a device configured to be inserted within the mobile device and removed from the mobile device;
      
      ora software module stored in the memory of the mobile device.

11. A method, comprising:
- storing, by a memory of a mobile device, a binding key associated with a network authentication module of the mobile device;
  
  propagating, by a processor of the mobile device from the mobile device toward a wireless access network, an equipment identity of the mobile device and a subscriber identity associated with a network authentication module of the mobile device;
  
  receiving, by the processor of the mobile device, an authentication challenge comprising an encrypted authentication challenge parameter, wherein the encrypted authentication challenge parameter is an encrypted version of an original authentication challenge parameter, wherein the original authentication challenge parameter is encrypted, using the binding key, to form the encrypted authentication challenge parameter;
  
  determining, by the processor of the mobile device based on the subscriber identity associated with the network authentication module of the mobile device, that the encrypted authentication challenge parameter is encrypted; and
  
  decrypting, by the processor of the mobile device using the binding key, the encrypted authentication challenge parameter to recover the original authentication challenge parameter.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the binding key comprises one of a pre-provisioned random number or string, a string provisioned during a bootstrapping procedure, an output of a hash function, a string, or a number.
  - 13. The method of claim 11, further comprising:
    - propagating, by the processor of the mobile device toward the network authentication module of the mobile device, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter.
  - 14. The method of claim 13, further comprising:
    - receiving, by the processor of the mobile device from the network authentication module of the mobile device, an authentication response computed by the network authentication module of the mobile device based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
      
      propagating, by the processor of the mobile device, the authentication response toward the wireless access network.
  - 15. The method of claim 11, wherein the mobile device further comprises the network authentication module of the mobile device, the method further comprising:
    - receiving, by the network authentication module from the processor, the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter;
      
      computing, by the network authentication module, an authentication response based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
      
      propagating, by the network authentication module toward the processor, the authentication response.
  - 16. The method of claim 15, further comprising:
    - computing, by the network authentication module, a session key based on the original authentication challenge parameter recovered based on decryption of the encrypted authentication challenge parameter; and
      
      propagating, by the network authentication module toward the processor, the session key.
  - 17. The method of claim 11, further comprising:
    - prior to receiving the authentication challenge;
      
      propagating, by the processor of the mobile device toward the wireless access network, a request to attach to the wireless access network;
      
      wherein the request to attach to the wireless access network includes the equipment identity of the mobile device and the subscriber identity of the network authentication module of the mobile device.
  - 18. The method of claim 11, wherein the equipment identity of the mobile device comprises an International Mobile Equipment Identity (IMEI) or a Mobile Equipment Identifier (MEID).
  - 19. The method of claim 11, wherein the mobile device further comprises the network authentication module of the mobile device.
  - 20. The method of claim 19, wherein the network authentication module of the mobile device comprises one of:
    - a device configured to be inserted within the mobile device and removed from the mobile device;
      
      ora software module stored in the memory of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Mizikovsky, Semyon, Broustis, Ioannis, Cakulev, Violeta

Application Number

US15/375,684
Publication Number

US 20170093588A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/48   using secure binding, e.g. ...

H04W 12/72   Subscriber identity

MANIPULATION AND RESTORATION OF AUTHENTICATION CHALLENGE PARAMETERS IN NETWORK AUTHENTICATION PROCEDURES

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

MANIPULATION AND RESTORATION OF AUTHENTICATION CHALLENGE PARAMETERS IN NETWORK AUTHENTICATION PROCEDURES

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others