Rolling key resynchronization in cellular verification and validation system
First Claim
1. In a radio network providing service to a mobile station, a method for the resynchronization of a rolling key used as an input value among a plurality of input values to an authentication processor in each of said network and said mobile station, said method comprising the steps of:
- setting said network rolling key input value to a selected value;
commanding said mobile station to set said mobile station rolling key input value to said selected value; and
setting said mobile station rolling key input value to said selected value in response to said command.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for the resynchronization of a rolling key used as an input among a plurality of inputs to an authentication algorithm executed in a mobile station and in a radio network providing service to the mobile station. In one aspect of the system, the network rolling key input is set to a selected value and the mobile station is commanded to set the mobile station rolling key input to the same selected value. The mobile station will then set the mobile station rolling key input to the selected value in response to the command from the network.
257 Citations
70 Claims
-
1. In a radio network providing service to a mobile station, a method for the resynchronization of a rolling key used as an input value among a plurality of input values to an authentication processor in each of said network and said mobile station, said method comprising the steps of:
-
setting said network rolling key input value to a selected value; commanding said mobile station to set said mobile station rolling key input value to said selected value; and setting said mobile station rolling key input value to said selected value in response to said command. - View Dependent Claims (3, 4, 7, 8, 9)
-
-
2. A method according to claim wherein said selected value is a value known to said network and said mobile station and selected from the group consisting of a fixed value, a variable value or a combination of a fixed value and a variable value.
-
5. A method according to claim wherein said authentication algorithm generates a set of outputs, including a conversation key for enciphering communications between said network and said mobile station, and said method further comprises the steps of:
-
executing said authentication algorithm in each of said network and said mobile station with said rolling key input set to said selected value; and using said conversation key output, generated by said authentication algorithm with said rolling key input set to said selected value, to encipher said communications.
-
-
6. A method according to claim wherein said authentication algorithm generates a set of outputs, including a replacement rolling key for replacing the value of said rolling key input, and said method further comprises the steps of:
-
executing said authentication algorithm in each of said network and said mobile station with said rolling key input set to said selected value; and using said replacement rolling key output, generated by said authentication algorithm with said rolling key input set to said selected value, to replace said selected value as said rolling key input.
-
-
10. In a radio network providing service to a mobile station, a system for the resynchronization of a rolling key used as an input value among a plurality of input values to an authentication processor in each of said network and said mobile station, said system comprising:
-
means for setting said network rolling key input value to a selected value; means for commanding said mobile station to set said mobile station rolling key input value to said selected value; and means for setting said mobile station rolling key input value to said selected value in response to said command. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for controlling the resetting of a rolling key used in the validation of a mobile station and a serving radio network, said method comprising the steps of:
-
storing in memory the current value of said rolling key; setting the current value of said rolling key to a selected value; and resetting the current value of said rolling key to said stored rolling key value in response to an indication of a failure of said rolling key to be updated during a predetermined period of time. - View Dependent Claims (20, 21, 22)
-
-
23. A system for controlling the resetting of a rolling key used in the validation of a mobile station and a serving radio network comprising:
-
means for storing in memory the current value of said rolling key; means for setting the current value of said rolling key to a selected value; and means for resetting the current value of said rolling key to said stored rolling key value in response to an indication of a failure of said rolling key to be updated during a predetermined period of time. - View Dependent Claims (24, 25, 26)
-
-
27. In a system for the verification and validation of a mobile station and a radio network in accordance with an authentication algorithm executed on an authentication processor in each of said mobile station and said network, said mobile station authentication processor receiving a plurality of input values including a changeable key input value stored in a first location in memory and a fixed key input value, said mobile station authentication processor generating a plurality of output values including a ciphering key output value stored in a second location in memory and used to encipher a call, a changeable key output value and a network response output value, a method for linking the resetting of said changeable key input value in said mobile station to the validation of said network, said method comprising the steps of:
-
transmitting from said network to said mobile station a signal indicative of a changeable key reset; saving the changeable key input value stored in said first location to a third location in memory in response to the receipt of said changeable key reset signal; saving the ciphering key output value stored in said second location to a fourth location in memory in response to the receipt of said changeable key reset signal; setting the changeable key input value stored in said first location to a selected value; executing said authentication algorithm on said mobile station authentication processor a first time; setting the changeable key input value stored in said first location to the changeable key output value generated by said first execution of said authentication algorithm on said mobile station authentication processor; setting the ciphering key output value stored in said second location to the ciphering key output value generated by said first execution of said authentication algorithm on said mobile station authentication processor; transmitting from said network to said mobile station the network response output value generated in said network; executing said authentication algorithm on said mobile station authentication processor a second time in response to the receipt of the network response output value generated in said network; comparing the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor with the network response output value generated in said network; determining whether said network has transmitted to said mobile station a signal indicative of a changeable key update; setting the changeable key input value stored in said first location to the changeable key output value generated by said second execution of said authentication algorithm on said mobile station authentication processor in response to an indication that the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor matches the network response output value generated in said network and an indication that said mobile station has received said changeable key update signal from said network; setting the changeable key input value stored in said first location to the changeable key input value stored in said third location in response to an indication that the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor does not match the network response output value generated in said network or an indication that said mobile station has not received said changeable key update signal from said network; and setting the ciphering key output value stored in said second location to the ciphering key output value stored in said fourth location in response to said indication that the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor does not match the network response output value generated in said network or said indication that said mobile station has not received said changeable key update signal from said network. - View Dependent Claims (28, 29)
-
-
30. In a system for the verification and validation of a mobile station and a radio network in accordance with an authentication algorithm executed on an authentication processor in each of said mobile station and said network, said mobile station authentication processor receiving a plurality of input values including a changeable key input value stored in a first location in memory and a fixed key input value, said mobile station authentication processor generating a plurality of output values including a ciphering key output value stored in a second location in memory and used to encipher a call, a changeable key output value and a network response output value, a system for linking the resetting of said changeable key input value in said mobile station to the validation of said network comprising:
-
means for transmitting from said network to said mobile station a signal indicative of a changeable key reset; means for saving the changeable key input value stored in said first location to a third location in memory in response to the receipt of said changeable key reset signal; means for saving the ciphering key output value stored in said second location to a fourth location in memory in response to the receipt of said changeable key reset signal; means for setting the changeable key input value stored in said first location to a selected value; means for executing said authentication algorithm on said mobile station authentication processor a first time; means for setting the changeable key input value stored in said first location to the changeable key output value generated by said first execution of said authentication algorithm on said mobile station authentication processor; means for setting the ciphering key output value stored in said second location to the ciphering key output value generated by said first execution of said authentication algorithm on said mobile station authentication processor; means for transmitting from said network to said mobile station the network response output value generated in said network; means for executing said authentication algorithm on said mobile station authentication processor a second time in response to the receipt of the network response output value generated in said network; means for comparing the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor with the network response output value generated in said network; means for determining whether said network has transmitted to said mobile station a signal indicative of a changeable key update; means for setting the changeable key input value stored in said first location to the changeable key output value generated by said second execution of said authentication algorithm on said mobile station authentication processor in response to an indication that the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor matches the network response output value generated in said network and an indication that said mobile station has received said changeable key update signal from said network; means for setting the changeable key input value stored in said first location to the changeable key input value stored in said third location in response to an indication that the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor does not match the network response output value generated in said network or an indication that said mobile station has not received said changeable key update signal from said network; and means for setting the ciphering key output value stored in said second location to the ciphering key output value stored in said fourth location in response to said indication that the network response output value generated by said second execution of said authentication algorithm on said mobile station authentication processor does not match the network response output value generated in said network or said indication that said mobile station has not received said changeable key update signal from said network. - View Dependent Claims (31, 32)
-
-
33. In a radio network operating in a location register environment wherein a home location register stores mobile-specific information, including a rolling key assigned to a specific mobile station and used as an input value to an authentication processor in each of said mobile station and said network, and wherein said mobile station may be located in the service area of a visitor location register which stores callhandling information, a method for synchronizing the rolling key input value stored in said home location register with the rolling key input value used by said mobile station comprising the steps of:
-
setting the rolling key input value stored in said home location register to a selected value; ordering said mobile station to set the rolling key input value used by said mobile station to said selected value; and setting the rolling key input value used by said mobile station to said selected value in response to said order. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. In a radio network operating in a location register environment wherein a home location register stores mobile-specific information, including a rolling key assigned to a specific mobile station and used as an input value to an authentication processor in each of said mobile station and said network, and wherein said mobile station may be located in the service area of a visitor location register which stores callhandling information, a system for synchronizing the rolling key input value stored in said home location register with the rolling key input value used by said mobile station comprising:
-
means for setting the rolling key input value stored in said home location register to a selected value; means for ordering said mobile station to set the rolling key input value used by said mobile station to said selected value; and means for setting the rolling key input value used by said mobile station to said selected value in response to said order. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
-
49. A method for the resynchronization of a rolling key used as an input value to an authentication processor in each of a mobile station and a radio network which communicates with said mobile station, said method comprising the steps:
-
maintaining in said mobile station a counter value indicative of the number of times the rolling key input value in said mobile station has been updated; maintaining in said network a counter value indicative of the number of times the rolling key input value in said network has been updated; incrementing the counter value in said mobile station each time the rolling key input value in said mobile station is updated; incrementing the counter value in said network each time the rolling key input value in said network is updated; transmitting the current counter value in said mobile station to said network; comparing the current counter value received from said mobile station with the current counter value in said network; and setting the rolling key input value in said network to the current mobile station rolling key input value in response to an indication that the current counter value in said network is different from the current counter value received from said mobile station. - View Dependent Claims (50, 51, 52)
-
-
53. A system for the resynchronization of a rolling key used as an input value to an authentication processor in each of a mobile station and a radio network which communicates with said mobile station, said system comprising:
-
means for maintaining in said mobile station a counter value indicative of the number of times the rolling key input value in said mobile station has been updated; means for maintaining in said network a counter value indicative of the number of times the rolling key input value in said network has been updated; means for incrementing the counter value in said mobile station each time the rolling key input value in said mobile station is updated; means for incrementing the counter value in said network each time the rolling key input value in said network is updated; means for transmitting the current counter value in said mobile station to said network; means for comparing the current counter value received from said mobile station with the current counter value in said network; and means for setting the rolling key input value in said network to the current mobile station rolling key input value in response to an indication that the current counter value in said network is different from the current counter value received from said mobile station. - View Dependent Claims (54, 55, 56)
-
-
57. In a wireless communications system including a home network for a mobile station and first and second visited networks to which said mobile station may travel, a method for the resynchronization of a rolling key used as an input value to an authentication algorithm which is executed on an authentication processor in each of said mobile station and said home network, said authentication processor generating a plurality of security variables including a rolling key output value which replaces the rolling key input value when the rolling key is updated, said method comprising the steps of:
-
maintaining in said mobile station a counter value indicative of the number of times the rolling key input value to said authentication processor in said mobile station has been updated; maintaining in said home network a counter value indicative of the number of times the rolling key input value to said authentication processor in said home network has been updated; successively executing said authentication algorithm on said authentication processor is said home network a number of times to calculate a number of successive sets of security variables; updating the rolling key input value to said authentication processor in said home network at least once while calculating said successive sets of security variables; incrementing the counter value in said home network whenever the rolling key input value to said authentication processor is updated while calculating said successive sets of security variables; sending said successive sets of security variables and at least one rolling key update indicator from said home network to said first visited network; using at least a portion of said plurality of security variables and said at least one rolling key update indicator in the authentication of said mobile station in said first visited network; detecting the presence of said mobile station in said second visited network; determining whether said mobile station has updated the rolling key input value to said authentication processor in said mobile station while in said first visited network as often as said home network has updated the rolling key input value to said authentication processor in said home network while calculating said successive sets of security variables; and setting the rolling key input value in said home network to the current rolling key input value in said mobile station in response to an indication that said mobile station has not updated the rolling key input value to said authentication processor in said mobile station as often as said home network has updated the rolling key input value to said authentication processor in said home network while calculating said successive sets of security variables. - View Dependent Claims (58, 59, 60, 61, 62, 63)
-
-
64. In a wireless communications system including a home network for a mobile station and first and second visited networks to which said mobile station may travel, a system for the resynchronization of a rolling key used as an input value to an authentication algorithm which is executed on an authentication processor in each of said mobile station and said home network, said authentication processor generating a plurality of security variables including a rolling key output value which replaces the rolling key input value when the rolling key is updated, said method comprising:
-
means for maintaining in said mobile station a counter value indicative of the number of times the rolling key input value to said authentication processor in said mobile station has been updated; means for maintaining in said home network a counter value indicative of the number of times the rolling key input value to said authentication processor in said home network has been updated; means for successively executing said authentication algorithm on said authentication processor in said home network a number of times to calculate a number of successive sets of security variables; means for updating the rolling key input value to said authentication processor in said home network at least once while calculating said successive sets of security variables; means for incrementing the counter value in said home network whenever the rolling key input value to said authentication processor is updated while calculating said successive sets of security variables; means for sending said successive sets of security variables and at least one rolling key update indicator from said home network to said first visited network; means for using at least a portion of said plurality of security variables and said at least one rolling key update indicator in the authentication of said mobile station in said first visited network; means for detecting the presence of said mobile station in said second visited network; means for determining whether said mobile station has updated the rolling key input value to said authentication processor in said mobile station while in said first visited network as often as said home network has updated the rolling key input value to said authentication processor in said home network while calculating said successive sets of security variables; and means for setting the rolling key input value in said home network to the current rolling key input value in said mobile station in response to an indication that said mobile station has not update the rolling key input value to said authentication processor in said mobile station as often as said home network has updated the rolling key input value to said authentication processor in said home network while calculating said successive sets of security variables. - View Dependent Claims (65, 66, 67, 68, 69, 70)
-
Specification