Cellular verification and validation system
First Claim
1. A method for the generation of parameters used in enhancing the security of communication in a communications network in which a mobile station is assigned a unique multi-digit permanent key and is also associated with a changeable multi-digit rolling key, said method comprising:
- receiving at a location in each of the mobile station and the network a plurality of multi-digit input signals including a signal representative of an authentication inquiry by the network, along with the multi-digit permanent key of the mobile station and the multi-digit rolling key associated with said mobile station at that particular time;
arranging at least some of the digits of said input signals in a first grouping;
calculating from said first grouping of input signals and said permanent key digits a first output value in accordance with a first algorithm;
selecting from blocks of at least some of the digits comprising said first output value a first set of parameters used within said network including a first authentication response to be used by said mobile station to replay to the authentication inquiry by the network;
arranging at least some of the digits of said input signals in a second grouping;
calculating from said second grouping of input signals and said permanent and rolling key digits a second output value in accordance with a second algorithm;
selecting from blocks of at least some of the digits comprising said second output value a second set of parameters used within said network including a second authentication response used by the mobile station to reply to the authentication inquiry by the network; and
combining said first and second authentication responses into a single authentication response signal.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for the validation and verification of base stations and mobile stations within a cellular radio communications network. The system includes a fixed key and a changeable key which are applied as inputs to an authentication algorithm. The algorithm generates key-dependent responses, at least one of which is independent of the changeable key. The responses generated by a particular mobile station are compared to the responses generated by the network and the presence of fraudulent users may be detected.
-
Citations
70 Claims
-
1. A method for the generation of parameters used in enhancing the security of communication in a communications network in which a mobile station is assigned a unique multi-digit permanent key and is also associated with a changeable multi-digit rolling key, said method comprising:
-
receiving at a location in each of the mobile station and the network a plurality of multi-digit input signals including a signal representative of an authentication inquiry by the network, along with the multi-digit permanent key of the mobile station and the multi-digit rolling key associated with said mobile station at that particular time; arranging at least some of the digits of said input signals in a first grouping; calculating from said first grouping of input signals and said permanent key digits a first output value in accordance with a first algorithm; selecting from blocks of at least some of the digits comprising said first output value a first set of parameters used within said network including a first authentication response to be used by said mobile station to replay to the authentication inquiry by the network; arranging at least some of the digits of said input signals in a second grouping; calculating from said second grouping of input signals and said permanent and rolling key digits a second output value in accordance with a second algorithm; selecting from blocks of at least some of the digits comprising said second output value a second set of parameters used within said network including a second authentication response used by the mobile station to reply to the authentication inquiry by the network; and combining said first and second authentication responses into a single authentication response signal. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for the generation of parameters used in enhancing the security of communication in a communications network in which a mobile station is assigned a unique multi-digit permanent key and is also associated with a changeable multi-digit rolling key, said system comprising:
-
means for receiving at a location in each of the mobile station and the network a plurality of multi-digit input signals including a signal representative of an authentication inquiry by the network, along with the multi-digit permanent key of the mobile station and the multi-digit rolling key associated with said mobile station at that particular time; means for arranging at least some of the digits of said input signals in a first grouping; means for calculating from said first grouping of input signals and said permanent key digits a first output value in accordance with a first algorithm; means for selecting from blocks of at least some of the digits comprising said first output value a first set of parameters used within said network including a first authentication response to be used by said mobile station to reply to the authentication inquiry by the network; means for arranging at least some of the digits of said input signals in a second grouping; means for calculating from said second grouping of input signals and said permanent and rolling key digits a second output value in accordance with a second algorithm; means for selecting from blocks of at least some of the digits comprising said second output value a second set of parameters used within said network including a second authentication response used by the mobile station to reply to the authentication inquiry by the network; and means for combining said first and second authentication responses into a single authentication response signal. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for the generation of parameters used in the authentication of a mobile station to a communications network wherein the mobile station is assigned a unique multi-digit permanent key and is also associated with a changeable multi-digit rolling key, both said permanent key and said rolling key being accessible to said mobile station and the network, and wherein a limited degree of authentication of the mobile station is achieved even when the value of said rolling key accessed by the mobile station is different from the value of the rolling key accessed by the network, said method comprising:
-
providing in each of the mobile station and the network a plurality of multi-digit input signals including a signal representative of an authentication inquiry by the network, along with the multi-digit permanent key of said mobile station and the multi-digit rolling key associated with said particular mobile station at that particular time; arranging at least some of the digits of said input signals in a grouping; calculating from said grouping of input signals and said permanent key digits a first output value in accordance with an algorithm; selecting from blocks of at least some of the digits comprising said first output value a first set of parameters used within said network including a first authentication response to be used by said mobile station to reply to the authentication inquiry by the network; calculating from said grouping of input signals and both said permanent key and said rolling key digits a second output value in accordance with said algorithm; selecting from blocks of at least some of the digits comprising said second output value a second set of parameters used within said network including a second authentication response used by the mobile station to reply to the authentication inquiry by the network; and grouping said first and second authentication responses into a single authentication response signal for enabling authentication of the mobile station to the network when both the permanent and rolling keys accessed by the mobile station and the network, respectively, are identical, and limited authentication when only the respective permanent keys are identical. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for the generation of parameters used in the authentication of a mobile station to a communications network wherein the mobile station is assigned a unique multi-digit permanent key and is also associated with a changeable multi-digit rolling key, both said permanent key and said rolling key being accessible to said mobile station and the network, and wherein a limited degree of authentication of the mobile station is achieved even when the value of said rolling key accessed by the mobile station is different from the value of the rolling key accessed by the network, said system comprising:
-
means for providing in each of the mobile station and the network a plurality of multi-digit input signals including a signal representative of an authentication inquiry by the network, along with the multi-digit permanent key of said mobile station and the multi-digit rolling key associated with said particular mobile station at that particular time; means for arranging at least some of the digits of said input signals in a grouping; means for calculating from said grouping of input signals and said permanent key digits a first output value in accordance with an algorithm; means for selecting from blocks of at least some of the digits comprising said first output value a first set of parameters used within said network including a first authentication response used by said mobile station to reply to the authentication inquiry by the network; means for calculating from said grouping of input signals and both said permanent key and said rolling key digits a second output value in accordance with said algorithm; means for selecting from blocks of at least some of the digits comprising said second output value a second set of parameters used within said network including a second authentication response used by the mobile station to reply to the authentication inquiry by the network; and means for grouping said first and second authentication responses into a single authentication response signal for enabling authentication of the mobile station to the network when both the permanent and rolling keys accessed by the mobile station and the network, respectively, are identical, and limited authentication when only the respective permanent keys are identical. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A method of authenticating a mobile station within a radio network by providing two degrees of authentication, a full authentication and a partial authentication, said method comprising:
-
providing in each of the mobile station and the network, a unique multi-digit permanent key and a multi-digit changeable rolling key; sending an authentication inquiry signal from the network to the mobile station and an identification signal from the mobile station to the network; calculating in each of the mobile station and the network a first authentication response value from an algorithm based upon input values which include the authentication inquiry signal, the identification signal, and the permanent key; calculating in each of the mobile station and the network a second authentication response value from said algorithm based upon input values which include the authentication inquiry signal, the identification signal, and both the permanent key and the rolling key; joining in each of the mobile station and the network at least some parts of each of said first and second authentication response values to form a composite authentication response signal having a first and a second portion; sending the composite authentication response signal formed in the mobile station to the network; comparing the composite authentication response signal formed in the mobile station with the composite authentication response signal formed in the network; and detecting a full authentication of the mobile station to the network in response to an indication that both the first and second portions of the composite authentication response signals formed in each of the mobile station and the network, respectively, are identical, and detecting a partial authentication of the mobile station to the network in response to an indication that only the first portions of the composite authentication response signals formed in each of the mobile station and the network, respectively, are identical. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for authenticating a mobile station within a radio network by providing two degrees of authentication, a full authentication and partial authentication, said system comprising:
-
means for providing in each of the mobile station and the network, a unique multi-digit permanent key and a multi-digit changeable rolling key; means for sending an authentication inquiry signal from the network to the mobile station and an identification signal from the mobile station to the network; means for calculating in each of the mobile station and the network a first authentication response value from an algorithm based upon input values which include the authentication inquiry signal, the identification signal, and the permanent key; means for calculating in each of the mobile station and the network a second authentication response value from said algorithm based upon input values which include the authentication inquiry signal, the identification signal, and both the permanent key and the rolling key; means for joining in each of the mobile station and the network at least some parts of each of said first and second authentication response values to form a composite authentication response signal having a first and a second portion; means for sending the composite authentication response signal formed in the mobile station to the network; means for comparing the composite authentication response signal formed in the mobile station with the composite authentication response signal formed in the network; and means for detecting a full authentication of the mobile station to the network in response to an indication that both the first and second portions of the composite authentication response signals formed in each of the mobile station and the network, respectively, are identical, and detecting a partial authentication of the mobile station to the network in response to an indication that only the first portions of the composite authentication response signal formed in each of the mobile station and the network, respectively, are identical. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. A method for the validation of a mobile station in a radio network in accordance with an authentication algorithm executed in each of said mobile station and said network, said method comprising the steps of:
-
transmitting a random challenge signal from said network to said mobile station; applying to said authentication algorithm a set of inputs including said random challenge signal transmitted from said network to said mobile station, and a fixed key value and a changeable key value; generating from said authentication algorithm a set of outputs including a first response signal which is dependent on said fixed key value and independent of said changeable key value, and a second response signal which is dependent on said changeable key value; transmitting the first and second response signals from said mobile station to said network; comparing said first and second response signals transmitted from said mobile station to said network with the first and second response signals generated in said network; and determining the validity of said mobile station based on whether there is a full match, partial match or no match between said first and second response signals transmitted from said mobile station to said network and the first and second response signals generated in said network. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A system for the validation of a mobile station in a radio network in accordance with an authentication algorithm executed in each of said mobile station and said network, said system comprising:
-
means for transmitting a random challenge signal from said network to said mobile station; means for applying to said authentication algorithm a set of inputs including said random challenge signal transmitted from said network to said mobile station, and a fixed key value and a changeable key value; means for generating from said authentication algorithm a set of outputs including a first response signal which is dependent on said fixed key value and independent of said changeable key value, and a second response signal which is dependent on said changeable key value; means for transmitting the first and second response signals generated in said mobile station to said network; means for comparing said first and second response signals generated in said mobile station and received in said network with the first and second response signals generated in said network; and means for determining the validity of said mobile station based on whether there is a full match, partial match or no match between said first and second response signals transmitted from said mobile station to said network and the first and second response signals generated in said network. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
61. A method for validating a remote station to a radio network comprising the steps of:
-
generating in each of said station and said network a first validation value from a fixed key value and a second validation value from a changeable key value; transmitting from said station to said network at least a portion of each of the first and second validation values generated in said station; and comparing the transmitted portions of the first and second validation values generated in said station with corresponding portions of the first and second validation values generated in said network to determine the validity of said station. - View Dependent Claims (62, 63, 64, 65)
-
-
66. A radio network comprising at least one exchange connected to at least one base station which communicates with at least one mobile station, and further comprising:
-
means for generating in each of said mobile station and said network a first validation value from a fixed key value and a second validation value from a changeable key value; means for transmitting from said mobile station to said network at least a portion of each of the first and second validation values generated in said mobile station; and means for comparing the transmitted portions of the first and second validation values generated in said mobile station; and means for comparing the transmitted portions of the first and second validation values generated in said mobile station with corresponding portions of the first and second validation values generated in said network to determine the validity of said mobile station. - View Dependent Claims (67, 68, 69, 70)
-
Specification