Process for improving public key authentication
First Claim
1. A method for authenticating, by an authentication center having a first processor contained therein, user terminals used by users of a communication service offered by a communication service provider, said communication service being accessible through at least one user terminal of said user terminals, said one user terminal including a second processor contained therein, said user terminal having equipment identification data (ID) associated therewith and having pre-encrypted messages including sequence numbers stored therein, said method comprising steps of:
- (a) obtaining by said first processor, said equipment ID for said one user terminal;
(b) obtaining by said first processor, said sequence numbers for said one user terminal;
(c) forming at said authentication center by said first processor, an encrypted block, said encrypted block including said equipment ID and said sequence numbers;
(d) storing said encrypted block in said one user terminal, said pre-encrypted messages comprising said encrypted block; and
(e) receiving a log-on message from said one user terminal to said communication service provider at least at initiation of a communication session, said log-on message including one of said pre-encrypted messages and said equipment ID.
3 Assignments
0 Petitions
Accused Products
Abstract
An environment which includes a communications network, user terminals, and an authentication center provides communication services only to legitimate subscribers. The authentication center receives an equipment ID for each terminal, generates a series of sequence numbers and uses a secret key to encrypt the sequence numbers and the equipment ID with a user ID and an error detection code to form an encrypted block. This block is programmed into an authentication module and sent to the subscriber for installation in the subscriber'"'"'s terminal. The authentication center sends a public key to network authentication nodes. When the subscriber operates the terminal to gain access to the network, a log-on message, which includes the encrypted block and an unencrypted version of the equipment ID, is sent to an authentication node. The node decrypts the encrypted block and evaluates the IDs and sequence number to determine whether to grant access to services.
140 Citations
32 Claims
-
1. A method for authenticating, by an authentication center having a first processor contained therein, user terminals used by users of a communication service offered by a communication service provider, said communication service being accessible through at least one user terminal of said user terminals, said one user terminal including a second processor contained therein, said user terminal having equipment identification data (ID) associated therewith and having pre-encrypted messages including sequence numbers stored therein, said method comprising steps of:
-
(a) obtaining by said first processor, said equipment ID for said one user terminal; (b) obtaining by said first processor, said sequence numbers for said one user terminal; (c) forming at said authentication center by said first processor, an encrypted block, said encrypted block including said equipment ID and said sequence numbers; (d) storing said encrypted block in said one user terminal, said pre-encrypted messages comprising said encrypted block; and (e) receiving a log-on message from said one user terminal to said communication service provider at least at initiation of a communication session, said log-on message including one of said pre-encrypted messages and said equipment ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating user terminals used by users of a communication service accessible through said user terminals, wherein said user terminals-have pre-encrypted messages stored therein, said pre-encrypted messages including sequence numbers and equipment identification data (ID) associated with said user terminals, said method comprising steps of:
-
(a) receiving from one of said user terminals, a log-on message at initiation of each calling session, said log-on message including an encrypted block and an identifying block, said encrypted block being one of said pre-encrypted messages and including a first equipment ID in an encrypted form and one of said Sequence numbers in an encrypted form, said identifying block including a second equipment ID in a non-encrypted form; (b) decrypting at a communication service provider, said encrypted block by a first processor to obtain said first equipment ID and said sequence number; (c) evaluating by said first processor, said first and second equipment IDs to detect correspondence therebetween; (d) evaluating by said first processor, said sequence number with a previously used sequence number to detect a correspondence therebetween; and (e) denying access to said communication service when said step (c) fails to detect said correspondence or said step (d) detects said correspondence. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for providing communication services only to authenticated user terminals for use by users through a communication network having a plurality of nodes, said communication services being provided through said user terminals having pre-encrypted messages stored therein, said pre-encrypted messages including sequence numbers and equipment identification data (ID) associated with said user terminals, said system comprising:
-
one or more authentication modules, each authentication module for combining with a corresponding one of said user terminals; and means, responsive to said equipment IDs, for producing said authentication modules, each of said authentication modules for storing an encrypted block of data therein, said encrypted block of data including said equipment ID in an encrypted form and a series of said sequence numbers in an encrypted form, said sequence numbers comprising a list of numbers in a particular order. - View Dependent Claims (19, 20, 21)
-
-
22. A method for authenticating user terminals for use by users using a communication service provided by a communication network in communication with an authentication center, said communication network accessible through said user terminals having pre-encrypted messages stored therein, said pre-encrypted messages including sequence numbers and equipment identification data (ID) associated therewith, said sequence numbers comprising a list of numbers in a particular order, said method comprising steps of:
-
(a) obtaining said equipment ID and said sequence numbers for one of said user terminals by a first processor; (b) forming an encrypted block, said encrypted block including said equipment ID and said sequence numbers; (c) storing said encrypted block in a memory in said one user terminal; (d) sending a log-on message from said one user terminal to said communication network at initiation of each calling session, said log-on message including said encrypted block and said equipment ID; (e) decrypting said encrypted block portion of said log-on message by said first processor to obtain an authentication equipment ID; (f) evaluating said authentication equipment ID by said first processor to detect correspondence between said authentication equipment ID and said equipment ID; (g) evaluating said sequence number by said first processor to determine if said sequence number is subsequent to previous sequence numbers used; and (h) denying said communication services to said one user terminal when said step (f) fails to detect said correspondence or said step (g) determines said sequence number is not subsequent to previous sequence numbers used. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A system for providing communication services only to authenticated users, said system comprising:
-
a user terminal having equipment identification data (EID) stored therein; and a removable user authentication module having sequence numbers and said EID stored therein in a pre-encrypted form, said sequence numbers comprising a list of numbers in a particular order, wherein said user terminal is adapted to receive said removable user authentication module.
-
-
28. An apparatus for authenticating a user terminal for use by a user to a system which provides communication services through said user terminal having pre-encrypted messages stored therein, said pre-encrypted messages including sequence numbers and equipment identification data associated therewith, said apparatus comprising:
-
a memory for storing said pre-encrypted messages, said pre-encrypted messages having a predetermined relationship to said equipment identification data, said predetermined relationship being expressed in accordance with an encryption key; and housing means coupled to said user terminal, said housing means for retaining said memory and to removably couple said memory to said user terminal. - View Dependent Claims (29, 30, 31)
-
-
32. A method of accessing a communication system through a subscriber unit, said subscriber unit including an authentication module which includes blocks of pre-encrypted information, said pre-encrypted information including an equipment ID associated with said subscriber unit, each of said blocks including a sequence number, said blocks being encrypted at an authentication center and stored in said authentication module in an encrypted form, said method comprising the steps of:
-
sending, by said subscriber unit, said equipment ID and one of said blocks of said pre-encrypted information to a communication service provider when access is desired to said communication system; and receiving notice of access to said communication service from said service provider when said service provide detects correspondence between said equipment ID and a decrypted equipment ID, and determines that said sequence number is subsequent to a previous sequence number, said communication service provider decrypting said one of said blocks to determine said equipment ID and said sequence number.
-
Specification