Method of authentication with improved security for secrecy of authentication key
First Claim
1. A method of authentication for a mobile subscriber to receive a roaming service by moving from a first communication network owned by a first service provider to a second communication network owned by a second service provider, comprising the steps of:
- (a) transmitting a mobile station identifier uniquely assigned to the mobile subscriber by the first service provider, from the mobile subscriber to the second communication network, when the mobile subscriber moved from the first communication network to the second communication network;
(b) transmitting the mobile station identifier transmitted at the step (a) along with an authentication data indicative of a tentative authentication key to be used only in an authentication at the second communication network, from the second communication network to the first communication network;
(c) transmitting an enciphered authentication data obtained at the first communication network by enciphering the authentication data transmitted at the step (b) by using a permanent authentication key shared by the first communication network and the mobile subscriber, from the first communication network to the mobile subscriber via the second communication network;
(d) deciphering the enciphered authentication data transmitted at the step (c) by using the permanent authentication key to obtain the tentative authentication key at the mobile subscriber; and
(e) carrying out the authentication at the second communication network by using the tentative authentication key obtained at the step (d) on the mobie subscriber side.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of subscriber authentication suitable for a roaming service in a telecommunication capable of realizing an improved security for the secrecy of the authentication key. In this method, an authentication data Indicative of a tentative authentication key to be used only in the authentication at the second network is transmitted from the second network to the first network, and the first network enciphers this authentication data by using a permanent authentication key shared between the first network and the mobile subscriber, and transmits this enciphered authentication data to the mobile subscriber via the second network, such that the mobile subscriber can decipher this enciphered authentication data by using the permanent authentication key to obtain the tentative authentication key and subsequently carry out the authentication at the second network by using the obtained tentative authentication key, wlthout explicitly disclosing the permanent authentication key to the second service provider.
-
Citations
10 Claims
-
1. A method of authentication for a mobile subscriber to receive a roaming service by moving from a first communication network owned by a first service provider to a second communication network owned by a second service provider, comprising the steps of:
-
(a) transmitting a mobile station identifier uniquely assigned to the mobile subscriber by the first service provider, from the mobile subscriber to the second communication network, when the mobile subscriber moved from the first communication network to the second communication network; (b) transmitting the mobile station identifier transmitted at the step (a) along with an authentication data indicative of a tentative authentication key to be used only in an authentication at the second communication network, from the second communication network to the first communication network; (c) transmitting an enciphered authentication data obtained at the first communication network by enciphering the authentication data transmitted at the step (b) by using a permanent authentication key shared by the first communication network and the mobile subscriber, from the first communication network to the mobile subscriber via the second communication network; (d) deciphering the enciphered authentication data transmitted at the step (c) by using the permanent authentication key to obtain the tentative authentication key at the mobile subscriber; and (e) carrying out the authentication at the second communication network by using the tentative authentication key obtained at the step (d) on the mobie subscriber side. - View Dependent Claims (2, 3, 4, 5, 7, 8, 9)
-
-
6. The method of clalm 4, wherein the coincidence of the random number enciphered at the mobile subscriber and the random number generated at the second communication network is verified by enciphering the random number generated at the second communication network by using the tentative authentication key to obtain an enciphered original random number and comparing the enciphered random number with the enciphered origlnal random number.
-
10. The method of clalm 1, whereln the second communication network memorizes a correspondence between the tentative authentication key indicated by the authentication data transmitted at the step (b) and the mobile station identifier received at the step (a) in order to subsequently carry out the authentication at the second communication network.
Specification