Service provision authentication protocol

US 5,153,919 A
Filed: 09/13/1991
Issued: 10/06/1992
Est. Priority Date: 09/13/1991
Status: Expired due to Term

First Claim

Patent Images

1. A method, carried out by a customer unit that maintains a code sequence, for establishing a communications channel with a base station, comprising the steps of:

receiving from the base station a digital signal sequence;

developing a string which includes the code sequence, the digital signal sequence, and a sequence of bits that is characteristic of the customer unit;

hashing the string to develop a hashed string; and

using the hashed string in further communications with the base station.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol for authenticating a cellular telephone to a service provider for the purpose of preventing the piracy of cellular services. A service provider assigns a unique "secret", along with other information such as a telephone number, to each cellular telephone when the telephone service is established with the service provider. Each base station of a service provider continuously broadcasts a periodically changing random number to all of the cellular telephones within the base station'"'"'s jurisdiction. When a cellular telephone first enters the jurisdiction of a base station, it registers itself with the base station by concatenating a secret password and the most recently broadcast random number, along with other information, and passing the concatenated information to a hash function. The cellular telephone then sends the output of the hash function, along with other identifying information to the service provider. The service provider, upon learning of the cellular telephone'"'"'s identity, feeds the secret assigned to that cellular telephone and the random number, along with other information, into the same hash function. When the result of the hashing performed by the service provider matches that provided by the cellular telephone, authentication for that cellular telephone is complete. Thereupon, the provider sends the cell a shared secret data field which is known to the mobile unit, and subsequent authentication processes are carried out between the mobile unit and the cell itself.

183 Citations

39 Claims

1. A method, carried out by a customer unit that maintains a code sequence, for establishing a communications channel with a base station, comprising the steps of:
- receiving from the base station a digital signal sequence;
  
  developing a string which includes the code sequence, the digital signal sequence, and a sequence of bits that is characteristic of the customer unit;
  
  hashing the string to develop a hashed string; and
  
  using the hashed string in further communications with the base station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein said sequence of bits that is characteristic of the customer unit includes a bit string that is unique to the customer unit hardware (ESN designation) and a bit string that is assigned to said unit as a customer of a service provider (MIN designation).
  - 3. The method of claim 1 wherein said step of developing the hashed string is carried out pursuant to a directive from said base station.
  - 4. The method of claim 1 including a step of initiating the steps of receiving, developing, hashing and using said hashed string when said base station desires to direct said customer unit to create a replacement for said hashed string.
  - 5. The method of claim 1 further comprising the step of enciphering customer data signals with the aid of a portion of said hashed string.
  - 6. The method of claim 1 wherein said step of using the hashed string in further communication employs the hashed string in a plurality of communications sessions through the communication channel.
  - 7. The method of claim 1 further comprising the steps of:
    - creating a challenge string,transmitting the challenge string,forming an authentication string that comprises the challenge string, said sequence of bits that is characteristic of the customer unit, and at least a portion of the hashed string;
      
      hashing the authentication string to form a hashed authentication string;
      
      receiving a verification string in response to said step of transmitting the challenge string;
      
      comparing the received verification string with the hashed authentication string; and
      
      transmitting results of said step of comparing.
  - 8. The method of claim 1 further comprising a step of verifying that the base station recognizes the hashed string developed by said customer unit to be a valid hashed string.
  - 9. The method of claim 8 wherein said step of verifying comprises the steps of:
    - developing a challenge sequence;
      
      sending said challenge sequence to said base station;
      
      forming an authentication string from a concatenation of said challenge sequence, said hashed string and selected other information;
      
      hashing said authentication string to form a hashed authentication string;
      
      receiving a hashed signal from said base station that is related to said challenge sequence sent to said base station;
      
      comparing said hashed authentication string with said hashed signal; and
      
      reporting to said base station results of said step of comparing.

10. A method, carried out by a customer unit that maintains a code sequence, for establishing a communications channel with a base station, comprising the steps of:
- receiving from the base station a digital signal sequence;
  
  developing a string which includes the digital signal sequence, a sequence of bits that is characteristic of said customer unit and a key derived from the code sequence;
  
  hashing the string to develop a hashed string; and
  
  sending the hashed string to the base station.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10 wherein said base station has no knowledge of said code sequence.
  - 12. The method of claim 10 wherein the sequence of bits is nonsecret.
  - 13. The method of claim 10 wherein the customer unit is mobile and the base station is non-mobile.
  - 14. The method of claim 10 wherein the established communication channel is a wireless communication channel.
  - 15. The method of claim 10 wherein the established communication channel is a cellular radio communication channel.
  - 16. The method of claim 10 further comprising the steps of determining that the mobile customer unit has entered the jurisdiction of the base station.
  - 17. The method of claim 10 wherein said step of sending the hashed string also sends at least a portion of said string.
  - 18. The method of claim 10 including a step of initiating the steps of receiving, developing, hashing and sending said hashed string when said customer unit desires to initiate a call.
  - 19. The method of claim 10 including a step of initiating the steps of receiving, developing, hashing and sending said hashed string when said base station desires to activate said customer unit to receive a call.
  - 20. The method of claim 10 including a step of initiating the steps of receiving, developing, hashing and sending said hashed string when said base station desires to re-authenticate said customer unit.

21. A method, carried out by a customer unit that maintains a code sequence, for establishing a communications channel with a base station that has no knowledge of said code sequence, comprising the steps of:
- (a) receiving from said base station a digital signal sequence;
  
  (b) developing a string which includes(1) a substring containing a sequence of bits that is characteristic of said customer unit,(2) a substring that is related to a specified action to be taken by said customer unit, which substring is selected from a set comprising(i) a null string,(ii) a string of bits corresponding to a number assigned to said customer unit, and(iii) a string corresponding to the number of another customer unit to which connection is sought,(3) a substring containing said digital signal sequence, and(4) a substring containing a key derived from said code sequence;
  
  (c) hashing said string to develop a hashed string; and
  
  (d) sending said hashed string to said base station.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21 further comprising a step of receiving from said base station an indication of the action to be taken by said customer unit.
  - 23. The method of claim 21 wherein the sequence of bits that is characteristic of the customer units comprises the customer unit'"'"'s phone number.
  - 24. The method of claim 21 wherein the sequence of bits that is characteristic of the customer units comprises the customer unit'"'"'s electronic serial number.

25. A customer unit for communicating with a system, said customer unit including first means (200) for developing call initiation control signals and call progress control signals second means (210, 230, 240) responsive to said call initiation control signals and call progress control signals for establishing and maintaining a communication channel with said system in accordance with a protocol third means (200) for creating data signals, and fourth means (220) for applying the data signals and the call control signals to said communication channel, said second means CHARACTERIZED BY:
- a processor responsive to said third means and said fourth means;
  
  means A (a register in block
  
  240) for developing an identifier signal that is unique to said customer unit;
  
  means B for storing (240) a temporary string signal (RAND) received from said system;
  
  means C for storing (232) an identifier signal (MIN) supplied by an owner of said system, a code sequence key signal (A-key) supplied by said owner of said system, an authentication key signal (SSD-A), and a speech encryption key signal (SSD-B);
  
  means D (231) responsive to said processor for hashing an applied string and developing thereby a hashed output;
  
  means E for applying said authentication key to means D.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The customer unit of claim 25 wherein said temporary string maintained in means B is repetitively updated from a signal provided by said fourth means.
  - 27. The customer unit of claim 26 wherein the time duration between successive updates of said temporary string is less than the expected time duration between the application of call initiation control signals.
  - 28. The customer unit of claim 25 wherein said processor, upon receipt of a signal from said fourth means that directs the creation of a new authentication key signal and a new speech key signal, applies hashed output signals of means D to means C to modify said authentication key signal and said speech key signal.
  - 29. The customer unit of claim 28 wherein the hashed output of means D is a multi-bit binary word, one portion of said binary word constitutes said authentication key signal, and another portion of said binary word constitutes said speech key signal.
  - 30. The customer unit of claim 25 wherein at least the portion of means C that stores the code sequence key signal is in a removable module.
  - 31. The customer unit of claim 30 wherein said module is adapted to be connected to said processor via electrical contacts.
  - 32. The customer unit of claim 30 wherein said module is adapted to be connected to said processor via electromagnetically coupled connections.

33. A method carried out by a communications system for establishing a communications channel with a customer unit comprising the steps of:
- maintaining an authentication key of said customer unit;
  
  receiving a first hashed authentication string from said customer unit;
  
  forming a local authentication string by combining said authentication key with other information;
  
  hashing said local authentication string to form a local hashed authentication string; and
  
  comparing said local hashed authentication string with the first hashed authentication string.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The method of claim 33 further comprising the step of maintaining a designation of said customer unit that is provided to said system and is unique to said unit (MIN) and a code sequence designation of said customer unit (A-key).
  - 35. The method of claim 34 further comprising the step of maintaining an ESN designation of said unit.
  - 36. The method of claim 35 further comprising the steps of:
    - developing a number;
      
      transmitting said number;
      
      developing said authentication key by hashing a string comprising said number, said ESN designation and said code sequence designation of said customer unit in accordance with a hashing function.
  - 37. The method of claim 33 further comprising the steps ofdeveloping a number;
    - andbroadcasting said number to said customer unit.
  - 38. The method of claim 37 wherein said number is pseudorandom.
  - 39. The method of claim 37 wherein said number is random.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
AT&T, Inc.
Inventors
Reeds, James A. III, Treventi, Philip A.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/759,311
Time in Patent Office

389 Days
Field of Search

380/23, 380/25, 380/21, 380/44
US Class Current

380/44
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

Service provision authentication protocol

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

183 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Service provision authentication protocol

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links