Authentication method and communication terminal and communication processing unit using the method

US 5,390,252 A
Filed: 12/22/1993
Issued: 02/14/1995
Est. Priority Date: 12/28/1992
Status: Expired due to Fees

First Claim

Patent Images

1. In a communication system which includes a communication processing unit having a first authentication key Kb and performing communication processing, a communication terminal having a second authentication key Ka unique thereto and connected via a communication channel to said communication processing unit, and a storage storing said second authentication key Ka for authenticating said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, an authentication method whereby said communication processing unit verifies the validity of said communication terminal when receiving therefrom a communication request;

said authentication method including a step wherein said communication processing unit responds to a communication request signal from said communication terminal to determine if said communication request signal is a first one and if so, a first processing mode is executed and if not, a second processing mode is executed;

A. said first processing mode comprising the steps;

wherein said communication processing unit;

(a) responds to said communication request from said communication terminal to acquire said second authentication key Ka of said communication terminal from said storage; and

(b) generates authentication information Xbi enciphered by said first authentication key Kb and random information Yi and transmits an authentication request signal containing said pieces of information, to said communication terminal;

wherein said communication terminal;

(c) transmits information Ka[Yi] as an authentication response signal to said communication processing unit, said information Ka[Yi] being obtained by enciphering said random information Yi with said second authentication key Ka; and

(d) stores said enciphered authentication information Xbi; and

wherein said communication processing unit;

(e) verifies said authentication response signal using said second authentication key Ka; and

B. said second processing mode comprising the steps;

wherein said communication terminal;

(f) transmits to said communication processing unit a communication request signal containing said enciphered authentication information Xbi obtained by authentication processing executed in response to the previous communication request;

wherein said communication processing unit;

(g) deciphers said enciphered authentication information Xbi into a deciphered authentication key Kci;

(h) generates new random information Yi; and

(i) transmits an authentication request signal containing said random information Yi to said communication terminal;

wherein said communication terminal;

(j) enciphers said received random information Yi by said authentication key Kci and sends said enciphered random information as an authentication response signal to said communication processing unit; and

wherein said communication processing unit;

(k) verifies said received authentication response signal using said deciphered authentication key Kci.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a first processing mode for a first communication request, a communication processing unit responds to a communication request signal from a communication terminal to acquire an authentication key Ka corresponding thereto from a storage, generates pieces of enciphered authentication information Xai and Xbi enciphered by the authentication key Ka of the communication terminal and an authentication key Kb of the communication processing unit, respectively, and random information Yi and transmits these pieces of information Xai, Xbi and Yi as an authentication request signal to the communication terminal. The communication terminal sends, as an authentication response signal, information Ka[Yi] obtained by enciphering the received random information Yi with the authentication key Ka, back to the communication processing unit, and at the same time, the communication terminal stores the received enciphered pieces of authentication information Xai and Xbi. The communication processing unit verifies the authentication response signal by use of the authentication key Ka.

In a second processing mode, the communication terminal transmits previous enciphered authentication information Xb(i-1) as a communication request signal to the communication processing unit and deciphers previous information Xa(i-1) to generate an authentication key Kci. The communication processing unit deciphers the received enciphered authentication information Xbi to generate a deciphered authentication key Kci and transmits to the communication terminal an authentication request signal containing newly generated pieces of enciphered authentication information Xai and Xbi and the random information Yi. The communication terminal stores the received pieces of enciphered authentication information Xai and Xbi and enciphers the random information Yi by the authentication key Kci and sends it as an authentication response signal Kci[Yi] to the communication processing unit, which verifies the authentication response signal by the deciphered authentication key Kci.

Citations

22 Claims

1. In a communication system which includes a communication processing unit having a first authentication key Kb and performing communication processing, a communication terminal having a second authentication key Ka unique thereto and connected via a communication channel to said communication processing unit, and a storage storing said second authentication key Ka for authenticating said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, an authentication method whereby said communication processing unit verifies the validity of said communication terminal when receiving therefrom a communication request;
- said authentication method including a step wherein said communication processing unit responds to a communication request signal from said communication terminal to determine if said communication request signal is a first one and if so, a first processing mode is executed and if not, a second processing mode is executed;
  
  A. said first processing mode comprising the steps;
  
  wherein said communication processing unit;
  
  (a) responds to said communication request from said communication terminal to acquire said second authentication key Ka of said communication terminal from said storage; and
  
  (b) generates authentication information Xbi enciphered by said first authentication key Kb and random information Yi and transmits an authentication request signal containing said pieces of information, to said communication terminal;
  
  wherein said communication terminal;
  
  (c) transmits information Ka[Yi] as an authentication response signal to said communication processing unit, said information Ka[Yi] being obtained by enciphering said random information Yi with said second authentication key Ka; and
  
  (d) stores said enciphered authentication information Xbi; and
  
  wherein said communication processing unit;
  
  (e) verifies said authentication response signal using said second authentication key Ka; and
  
  B. said second processing mode comprising the steps;
  
  wherein said communication terminal;
  
  (f) transmits to said communication processing unit a communication request signal containing said enciphered authentication information Xbi obtained by authentication processing executed in response to the previous communication request;
  
  wherein said communication processing unit;
  
  (g) deciphers said enciphered authentication information Xbi into a deciphered authentication key Kci;
  
  (h) generates new random information Yi; and
  
  (i) transmits an authentication request signal containing said random information Yi to said communication terminal;
  
  wherein said communication terminal;
  
  (j) enciphers said received random information Yi by said authentication key Kci and sends said enciphered random information as an authentication response signal to said communication processing unit; and
  
  wherein said communication processing unit;
  
  (k) verifies said received authentication response signal using said deciphered authentication key Kci.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein said step (b) is a step wherein information Kb[Ka] produced by enciphering said second authentication key Ka by said first authentication key Kb is generated as said enciphered authentication information Xbi and wherein said communication terminal uses said second authentication key Ka as said authentication key Kci in said step (j) of said second processing mode.
  - 3. The method of claim 1 wherein:
    - said step (b) comprises a step of generating first and second random numbers Ri₁ and Ri₂ and a step of enciphering said first random number Ri₁ by said first and second authentication keys Kb and Ka to obtain first and second enciphered random numbers Kb[Ri₁ ] and Ka[Ri₁ ], said first enciphered random number Kb[Ri₁ ] being used as first authentication information for said communication processing unit, said second enciphered random number Ka[Ri₁ ] being as second enciphered authentication information for said communication terminal and said authentication request signal which is sent to said communication terminal containing said second random number Ri₂ as said random information Yi and said first and second enciphered authentication information Kb[Ri₁ ] and Ka[Ri₁ ], said i being 1 representing first authentication processing;
      
      said step (d) is a step of storing said second enciphered authentication information Ka[Ri₁ ] together with said first enciphered authentication information;
      
      said second processing mode includes a step wherein a first random number R(i-1)₁ obtained by deciphering previous second enciphered authentication information Kc[R(i-1)₁ ] stored in said communication terminal is updated as said authentication key Kci that said communication terminal is to use in authentication processing for the current communication request;
      
      said enciphered authentication information Xbi in said step (f) is first enciphered random number Kb[R(i-1)₁ ] obtained in authentication processing for the previous communication request, i being an integer equal to or greater than 2;
      
      said step (g) is a step wherein a first random number R(i-1)₁ obtained by deciphering said first enciphered authentication information Kb[R(i-1)₁ ] is obtained as said deciphered authentication key Kci;
      
      said step (h) comprises a step of generating new first and second random number Ri₁ and Ri₂, said second random number Ri₂ being obtained as a new version of said random information Yi and a step of enciphering said first random number Ri₁ by said first authentication key Kb and said deciphered authentication key Kci to generate first and second pieces of enciphered authentication information Kb[Ri₁ ] and Kci[Ri₁ ];
      
      said step (i) is a step wherein said second random number Ri₂ and said first and second pieces of enciphered authentication information Kb[Ri₁ ] and Kci[Ri₁ ] as said random information Yi are sent, as information contained in said authentication request signal, to said communication terminal; and
      
      said step (j) includes a step of storing said first and second pieces of enciphered authentication information Kb[Ri₁ ] and Kci[Ri₁ ] received from said communication processing unit.
  - 4. The method of claim 1 wherein:
    - said step (b) comprises a step of generating first and second random numbers Ri₁ and Ri₂ and a step of enciphering said first random number Ri₁ by said first and second authentication keys Kb and Ka to obtain first and second enciphered random numbers Kb[Ri₁ ] and Ka[Ri₁ ], said first enciphered random number Kb[Ri₁ ] being used as said first enciphered authentication information for said communication processing unit, said second enciphered random number Ka[Ri₁ ] being used as second enciphered authentication information for said communication terminal, said authentication request signal which is sent to said communication terminal containing said second random number Ri₂ as said random information Yi and said first and second pieces of enciphered authentication information Kb[Ri₁ ] and Ka[Ri₁ ], said i being 1 representing first authentication processing;
      
      said step (d) is a step of storing said second enciphered authentication information Ka[Ri₁ ] together with said first enciphered authentication information;
      
      said enciphered authentication information Xbi in said step (f) is a first enciphered random number Kb[R(i-1)₁ ] obtained in authentication processing for the previous communication request, said i being an integer equal to or greater than 2;
      
      said step (g) is a step of obtaining, as said deciphered authentication key Kci, a first random number R(i-1)₁ obtained by deciphering said first enciphered authentication information Kb[R(i-1)₁ ];
      
      said step (h) comprises a step of generating new first and second random numbers Ri₁ and Ri₂, said second random number Ri₂ being obtained as a new version of said random information Yi, and a step of enciphering said first random number Ri₁ by said first authentication key Kb and said deciphered authentication key Kci to generate first and second pieces of enciphered authentication information Kb[Ri₁ ] and Kci[Ri₁ ];
      
      said step (i) is a step wherein said second random number Ri₂ as said random information Yi and said first and second pieces of enciphered authentication information Kb[Ri₁ ] and Kci[Ri₁ ] are sent, as information contained in said authentication request signal, to said communication terminal;
      
      said step (j) includes a step of storing said first and second pieces of authentication information Kb[Ri₁ ] and Kci[Ri₁ ] received from said communication processing unit; and
      
      said second processing mode includes a step wherein a first random number Ri₁ obtained by deciphering said first enciphered random number Kci[Ri₁ ] received by said communication terminal in authentication processing for the current communication request is updated, in said communication terminal, as a deciphered authentication key Kci that said communication terminal is to use in authentication processing for the next communication request.
  - 5. The method of claim 1 wherein:
    - said step (b) comprises a step of generating a random number Ri and a step of enciphering said random number Ri by said first and second authentication keys Kb and Ka to obtain first and second enciphered random numbers Kb[Ri] and Ka[Ri], said first enciphered random number Kb[Ri] being used as said first enciphered authentication information for said communication processing unit, said second enciphered random number Ka[Ri] being used as said second enciphered authentication information for said communication terminal and said first enciphered random number Kb[Ri] being used also as said random information Yi, said i being 1 representing first authentication processing;
      
      said second processing mode includes a step wherein a random number R(i-1) obtained by deciphering previous enciphered authentication information Kci[R(i-1)] stored in said communication terminal is updated as a deciphered authentication key Kci that said communication terminal is to use in authentication processing for the current communication request;
      
      said first enciphered authentication information Xbi contained in said communication request signal in said step (f) is said first enciphered authentication information Kb[R(i-1)] obtained in authentication processing for the previous communication request;
      
      said step (g) is a step of deciphering said first enciphered authentication information Kb[R(i-1)] to obtain a random number R(i-1) as said deciphered authentication key Kci;
      
      said step (h) is a step of generating a random number Ri, enciphering said random number Ri by said first authentication key Kb and said deciphered authentication key Kci to obtain first and second enciphered random numbers Kb[Ri] and Kci[Ri] as new versions of said first and second pieces of enciphered authentication information, and obtaining said first enciphered authentication information Kb[Ri] as a new version of said random information Yi, said i being an integer equal to or greater than 2;
      
      said step (i) is a step of sending said authentication request signal containing said first enciphered authentication information to said communication terminal; and
      
      said step (j) is a step wherein information Kci[Kb[Ri]] obtained by enciphering said first enciphered random number Kb[Ri] using said deciphered authentication key Kci is sent back to said communication processing unit together with said authentication signal.
  - 6. The method of claim 1 wherein:
    - said step (b) comprises a step of generating a random number Ri and a step of enciphering said random number Ri by said first and second authentication keys Kb and Ka to obtain first and second enciphered random numbers Kb[Ri] and Ka[Ri], said first enciphered random number Kb[Ri] being used as said first enciphered authentication information for said communication unit, said second enciphered random number Ka[Ri] being used as second enciphered authentication information for said communication terminal and said first enciphered random number Kb[Ri] being used also as said random information Yi, said i being 1 representing first authentication processing;
      
      said first enciphered authentication information Xbi contained in said communication request signal in said step (f) is said first enciphered authentication information Kb[R(i-1)] obtained in authentication processing for the previous communication request;
      
      said step (g) is a step of deciphering said enciphered authentication information Kb[R(i-1)] to obtain a random number as said deciphered authentication key Kci;
      
      said step (h) is a step of generating a random number Ri, enciphering said random number ri by said first authentication key Kb and said deciphered authentication key Kci to obtain first and second enciphered random numbers Kb[Ri] and Kci[Ri] as new versions of said first and second pieces of enciphered authentication information, and obtaining said first enciphered authentication information Kb[Ri] as a new version of said random information Yi, said i being an integer equal to or greater than 2;
      
      said step (i) is a step of sending said authentication request signal containing said first enciphered authentication information Kb[Ri] to said communication terminal;
      
      said step (j) is a step wherein information Kci[Kb[Ri]] obtained by enciphering said first enciphered random number Kb[Ri] using said deciphered authentication key Kci is sent back to said communication processing unit together with said authentication response signal; and
      
      said second processing mode includes a step wherein a random number Ri obtained by deciphering said second enciphered random number Kci received by said communication terminal in authentication processing for the current communication request is updated as a deciphered authentication key Kci that said communication terminal is to use in authentication processing for the next communication request.
  - 7. The method of claim 1 wherein said step (e) of said first processing mode is a step of verifying that information obtained by deciphering said authentication response signal received from said communication terminal, using said second authentication key Ka, matches said random information Yi transmitted as said authentication request signal to said communication terminal match each other.
  - 8. The method of claim 1 wherein said step (k) of said second processing mode is a step of verifying that information obtained by deciphering said authentication response signal received from said communication terminal, through use of said deciphered authentication key Kci, matches said random information Yi transmitted as said authentication request signal to said communication terminal.
  - 9. The method of claim 1 wherein said step (e) of said first processing mode is a step of verifying that information obtained by enciphering said random information Yi sent as said authentication request signal to said communication terminal, through use of said second authentication key Ka, matches said authentication response signal.
  - 10. The method of claim 1 wherein said step (k) of said second processing mode is a step of verifying that information obtained by enciphering said random information Yi sent as said authentication request signal to said communication terminal, through use of said deciphered authentication key Kci, matches said authentication response signal.
  - 11. The method of claim 1 wherein said communication terminal is a portable station, said communication processing unit is a base station in a mobile telecommunication system, said communication request signal in said first processing mode is an originating call and said communication request signal in said second processing mode is a signal for requesting channel switching during communication.
  - 12. The method of claim 1 wherein said communication terminal is an IC card in an IC card system and said communication processing unit is a card reader.

13. In a telecommunication system which comprises a communication terminal having a unique second authentication key Ka, a communication processing unit having a first authentication key Kb, connected via a communication channel to said communication terminal and responsive to a communication request signal from said communication terminal to verify the validity of said communication terminal, and a storage storing said second authentication key Ka for the authentication of said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, said communication terminal comprising:
- means for receiving, as an authentication request signal from said communication processing unit, random information Yi and enciphered authentication information Xbi enciphered by said first authentication key Kb;
  
  means whereby said random information Yi contained in said authentication request signal received from said communication processing unit is enciphered with said second authentication key Ka to generate an authentication response signal to be sent back to said communication processing unit and said random information Yi contained in said authentication request signal received in response to a second or subsequent communication request is enciphered with an authentication key Kci to generate said authentication response signal;
  
  storage means for storing said enciphered authentication information contained in said authentication request signal; and
  
  means for sending a communication request signal containing identification information, in said first communication request, and for sending, in said second or subsequent communication request, a communication request signal containing said enciphered authentication information Xbi read out from said storage means.
- View Dependent Claims (15, 17, 18, 20, 21)
- - 15. The communication terminal of claim 13 wherein:
    - said random information Yi contained in said authentication request signal received from said communication processing unit is a random number Ri;
      
      said enciphered authentication information Xbi contained in said first communication request signal is information Kb[Ka] obtained by enciphering said second authentication key Ka with said first authentication key Kb;
      
      said authentication response signal generating means generates, as said authentication response signal, information Ka[Ri] obtained by enciphering said received random number Ri with said second authentication key Ka; and
      
      said communication request signal generating means generates a communication request signal containing identification information ID of said communication terminal in said first communication request and generates a communication request signal containing said enciphered information Kb[Ka] read out from said storage means in said second or subsequent communication request.
  - 17. The communication terminal of claim 13 wherein:
    - said authentication request signal received from said communication processing unit for each communication request comprises first and second enciphered random numbers Kb[Ri₁ ] and Kci[Ri₁ ] obtained by enciphering a first random number Ri_i with said first authentication key Kb and a deciphered authentication key Kci, as said first enciphered authentication information Xbi and second enciphered information Xai, and a second random number Ri₂ as said random information Yi;
      
      means is provided for obtaining a first random number R(i-1)₁ by deciphering said second enciphered random number Kci[R(i-1)₁ ] received from said communication processing unit in authentication processing for the previous communication request, said first random number R(i-1)₁ being used as the current deciphering authentication key Kci, where i≧
      
      2 and in the case of i=1, Kci=Ka;
      
      said storage means is means for storing said first and second pieces of enciphered information Kb[Ri₁ ] and Kci[Ri₁ ] contained in said authentication request signal received from said communication processing unit in response to an i-th communication request signal, where in the case of i=1, Kci=Ka;
      
      said communication request signal generating means is means whereby in said second or subsequent communication request, said first enciphered authentication information Kb[R(i-1)₁ ] stored in said storage means in the previous authentication processing is generated as said enciphered authentication information Xbi contained in said communication request signal; and
      
      said authentication response signal generating means is means whereby in an i-th communication request, information Kci[Ri₂ ] obtained by enciphering with said deciphered authentication key Kci said second random number contained in said authentication request signal received from said communication unit is generated as said authentication response signal, where in the case of i=1, Kci=Ka.
  - 18. The communication terminal of claim 13 wherein:
    - said communication request signal which is received from said communication processing unit for each communication request contains first and second enciphered random numbers Kb[Ri₁ ] and Kci[Ri₁ ] obtained by enciphering a first random number Ri₁ with said first authentication key Kb and a deciphered authentication key Kci, as said first enciphered authentication information Xbi and second enciphered authentication information Xai, respectively, and a second random number Ri₂ as said random information;
      
      said storage means is means for storing said first and second pieces of enciphered authentication information Kb[Ri₁ ] and Kci[Ri₁ ] contained in an authentication request signal received from said communication processing unit in response to an i-th communication request, where in the case of i=1, Kci=Ka;
      
      said communication request signal generating means is means whereby in said second or subsequent communication request, said first enciphered authentication information Kb[R(i-1)₁ ] stored in said storage means in the previous authentication processing is generated as said enciphered authentication information Xbi contained in said communication request signal;
      
      said authentication response signal generating means is means whereby in an i-th communication request, information Kci[Ri₂ ] obtained by enciphering, with said deciphered authentication key Kci, said second random number Ri₂ contained in said authentication request signal received from said communication processing unit is generated as said authentication response signal, where in the case of i=1, Kci=Ka; and
      
      means is provided whereby a first random number Ri₁ is obtained by deciphering said second enciphered authentication information Kci[Ri₁ ] from said communication processing unit through use of said deciphered authentication key Kci used for the generation of said authentication response signal and said first random number Ri₁ is updated as deciphered authentication key Kc(i+1) in authentication processing for the next communication request, where in the case of i=1, Kci=Ka.
  - 20. The communication terminal of claim 13 wherein:
    - said authentication request signal which is received from said communication processing unit for each communication request contains, as said first enciphered authentication information Xbi and second enciphered authentication information Xai, first and second enciphered random numbers Kb[Ri] and Kci[Ri] obtained by enciphering a random number Ri with said first authentication key Kb and said deciphered authentication key Kci, and said first enciphered random number Kb[Ri] is used also as said random information Yi;
      
      means is provided whereby said second enciphered random number Kci[R(i-1)] received from said communication processing unit in authentication processing for the previous communication request is deciphered to obtain a random number R(i-1) as the current deciphered authentication key Kci, where i≧
      
      2 and in the case of i=1, Kci=Ka;
      
      said storage means is means for storing said first and second pieces of enciphered authentication information Kb[Ri] and Kci[Ri] contained in an authentication request signal received from said communication processing unit in response to an i-th communication request signal, where in the case of i=1, Kci=Ka;
      
      said communication request signal generating means is means whereby, in said second or subsequent communication request, said first enciphered authentication information Kb[R(i-1)] stored in said storage means in the previous authentication processing is generated as said enciphered authentication information Xbi contained in said communication request signal; and
      
      said authentication response signal generating means is means whereby, in said i-th communication request, information Kci[Kb[Ri]], obtained by enciphering, with said deciphered authentication key Kci, said first enciphered random number Kb[Ri] contained in said authentication request signal received from said communication processing unit, is generated as said authentication response signal, where in the case of i=1, Kci=Ka.
  - 21. The communication terminal of claim 13 wherein:
    - said authentication request signal which is received from said communication processing unit for each communication request contains, as said first enciphered authentication information Xbi and second enciphered authentication information Xai, first and second enciphered random numbers Kb[Ri] and Kci[Ri] obtained by enciphering a random number Ri with said first authentication key Kb and said deciphered authentication key Kci, and said first enciphered random number Kb[Ri] is used also as said random information Yi;
      
      said storage means is means for storing said first and second pieces of enciphered authentication information Kb[Ri] and Kci[Ri] contained in an authentication request signal received from said communication processing unit in response to an i-th communication request signal, where in the case of i=1, Kci=Ka;
      
      said communication request signal generating means is means whereby, in said second or subsequent communication request, said first enciphered authentication information Kb[R(i-1)] stored in said storage means in the previous authentication processing is generated as said enciphered authentication information Xbi contained in said communication request signal;
      
      said authentication response signal generating means is means whereby, in said i-th communication request, information Kci[Kb[Ri]], obtained by enciphering, with said deciphered authentication key Kci, said first enciphered random number Kb[Ri] contained in said authentication request signal received from said communication processing unit, is generated as said authentication response signal, where in the case of i=1, Kci=Ka; and
      
      means is provided whereby a random number Ri is obtained by deciphering said second enciphered authentication information Kci[Ri] from said communication processing unit through use of said deciphered authentication key Kci used for the generation of said authentication response signal and said random number Ri is updated as deciphered authentication key Kc(i+1) in authentication processing for the next communication request, where in the case of i=1, Kci=Ka.

14. In a telecommunication system which comprises a communication terminal having a unique second authentication key Ka, a communication processing unit having a first authentication key Kb, connected via a communication channel to said communication terminal and responsive to a communication request signal from said communication terminal to verify the validity of said communication terminal, and a storage storing said second authentication key Ka for the authentication of said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, said communication processing unit comprising:
- means for determining if said communication request signal received from said communication terminal is a first communication request signal;
  
  means for obtaining said second authentication key Ka from said storage in the case of a first communication request;
  
  means responsive to each communication request to generate random information Yi;
  
  means responsive to said first communication request signal to generate enciphered authentication information Xbi enciphered by said first authentication key Kb of said communication processing unit;
  
  means for sending said enciphered authentication information Xbi as a first authentication request signal to said communication terminal and for sending at least said random information Yi as said second or subsequent authentication request signal to said communication terminal;
  
  means for receiving said second or subsequent communication request signal and for obtaining a deciphered authentication key Kci by deciphering said enciphered authentication information contained in said second or subsequent communication request signal and sent to said communication terminal in the previous authentication processing; and
  
  means for verifying the validity of an authentication response signal from said communication terminal through use of said deciphered authentication key Kci and said random information Yi.
- View Dependent Claims (16, 19, 22)
- - 16. The communication processing unit of claim 14 wherein:
    - said enciphered authentication information generating means is means for generating, as said enciphered authentication information Xbi, information Kb[Ka] obtained by enciphering said second authentication key Ka with said first authentication key Kb; and
      
      said authentication request signal sending means is means for sending said enciphered authentication information Kb[Ka] and said random information Yi as said first authentication request signal to said communication terminal and for sending said random information Yi as said second or subsequent authentication request signal to said communication terminal.
  - 19. The communication processing unit of claim 14 wherein:
    - said random information generating means has means for generating a pair of first and second random numbers Ri₁ and Ri₂ in response to each reception of said communication request signal and for outputting said second random number Ri₂ as said random information Yi;
      
      hen said communication request is a second or subsequent request, said communication request signal contains said first enciphered authentication information Kb[R(i-1)₁ ] as said enciphered authentication information Xbi sent to said communication terminal, said means for generating said deciphered authentication key Kci being means for deciphering said previous first enciphered authentication information Kb[R(i-1)₁ ] to obtain a first random number R(i-1)₁ as said deciphered authentication key Kci;
      
      said enciphered authentication information generating means is means whereby, in response to an i-th communication request, first and second enciphered random numbers Kb[Ri₁ ] and Kci[Ri₁ ], obtained by enciphering said first random number Ri₁ from said random information generating means with said first authentication key Kb and said deciphered authentication key Kci, are generated as said first and second pieces of enciphered authentication information Xbi and Xai, respectively, where in the case of i=1, Kci=Ka; and
      
      said verifying means is means whereby, in said first communication request, the validity of said authentication response signal Ka[Ri₂ ] received from said communication terminal is verified using said second authentication key Ka and said second random number Ri₂ and, in a second or subsequent communication request, the validity of said authentication response signal Kci[Ri₂ ] received from said communication terminal is verified using said deciphered authentication key Kci and said second random number Ri₂.
  - 22. The communication processing unit of claim 14 wherein:
    - said random information generating means has means for generating a random number Ri in response to each reception of said communication request signal;
      
      when said communication request is a second or subsequent request, said communication request signal contains said first enciphered authentication information Kb[R(i-1)] as said enciphered authentication information Xbi sent to said communication terminal, said means for generating said deciphered authentication key Kci being means for deciphering said previous first enciphered authentication information Kb[R(i-1)] to obtain a random number R(i-1) as said deciphered authentication key Kci;
      
      said enciphered authentication information generating means is means whereby, in response to an i-th communication request, first and second enciphered random numbers Kb[Ri] and Kci[Ri], obtained by enciphering said random number Ri from said random information generating means with said first authentication key Kb and said deciphered authentication key Kci, are generated as said first and second pieces of enciphered authentication information Xbi and Xai, respectively, said first enciphered random number Kb[Ri] being used also as said random information Yi which said random information generating means outputs, where in the case of i=1, Kci=Ka; and
      
      said verifying means is means whereby, in said first communication request, the validity of said authentication response signal Ka[Ri] received from said communication terminal is verified using said second authentication key Ka and said random number Ri and, in a second or subsequent communication request, the validity of said authentication response signal Kci[Ri] received from said communication terminal is verified using said deciphered authentication key Kci and said random number Ri.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Telegraph and Telephone Corporation
Original Assignee
Nippon Telegraph and Telephone Corporation
Inventors
Nohara, Tatsuo, Suzuki, Shigefusa
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/171,663
Time in Patent Office

419 Days
Field of Search

380/23-25, 380/49, 380/4, 379/201, 379/62, 902/2
US Class Current

380/247
CPC Class Codes

H04L 2209/80   Wireless

H04L 2463/062   applying encryption of the ...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3271   using challenge-response

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

Authentication method and communication terminal and communication processing unit using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and communication terminal and communication processing unit using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links