Method and apparatus for authentication in a communication system

US 5,537,474 A
Filed: 07/29/1994
Issued: 07/16/1996
Est. Priority Date: 07/29/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method of generating authentication information for use in authenticating a subscriber unit communicating via a communication unit of a visited communication system using a first authentication protocol, the subscriber unit and a home communication system of the subscriber unit each storing a subscriber unit identifier and a first secret key of the subscriber unit and an authentication algorithm, the method comprising:

in the home communication system, wherein the home communication system uses a home authentication protocol different from the first authentication protocol,(a) receiving the identifier and an indication of a request for service from the communication unit;

(b) in response to the request for service, generating an authentication challenge (RAND_H) in the home authentication protocol and obtaining the first secret key;

(c) processing the RAND_H into an authentication response (RESP_H) in the home authentication protocol using the home communication system stored first secret key and authentication algorithm;

(d) converting the RAND_H into an authentication challenge (RAND_V) in the first authentication protocol and converting the RESP_H into a response (RESP_V) in the first authentication protocol; and

(e) communicating the RAND_V and RESP_V to the communication unit for use in authenticating the subscriber unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating a roaming subscriber. In a preferred embodiment, a subscriber receives a challenge that is in a format of a local authentication protocol, and determines whether the local authentication protocol is the subscriber'"'"'s home system authentication protocol. If it is not, the subscriber converts the challenge into a format (e.g., bit length) compatible with its home system authentication protocol, and processes the converted challenge with the subscriber'"'"'s secret key and authentication algorithm into an authentication response. The authentication response is converted to be compatible with the local authentication protocol, and transmitted to a local system communication unit. The challenge and response is then forwarded to the subscriber'"'"'s home system for similar conversion and processing, and subscriber'"'"'s response is compared against a home system generated response.

220 Citations

61 Claims

1. A method of generating authentication information for use in authenticating a subscriber unit communicating via a communication unit of a visited communication system using a first authentication protocol, the subscriber unit and a home communication system of the subscriber unit each storing a subscriber unit identifier and a first secret key of the subscriber unit and an authentication algorithm, the method comprising:
- in the home communication system, wherein the home communication system uses a home authentication protocol different from the first authentication protocol,(a) receiving the identifier and an indication of a request for service from the communication unit;
  
  (b) in response to the request for service, generating an authentication challenge (RAND_H) in the home authentication protocol and obtaining the first secret key;
  
  (c) processing the RAND_H into an authentication response (RESP_H) in the home authentication protocol using the home communication system stored first secret key and authentication algorithm;
  
  (d) converting the RAND_H into an authentication challenge (RAND_V) in the first authentication protocol and converting the RESP_H into a response (RESP_V) in the first authentication protocol; and
  
  (e) communicating the RAND_V and RESP_V to the communication unit for use in authenticating the subscriber unit.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - in the subscriber unit,(a) receiving the RAND_V from the communication unit;
      
      (b) converting, in response to a determination that the first authentication protocol is different from a home authentication protocol used in the home communication system, the RAND_V into a further authentication challenge (RAND_H2) in the home authentication protocol;
      
      (c) obtaining the subscriber unit stored first secret key and processing the RAND_H2 into a further authentication response (RESP_H2) in the home authentication protocol using the first secret key and authentication algorithm;
      
      (d) converting the RESP_H2 into a further response (RESP_V2) in the first authentication protocol; and
      
      (e) sending the RESP_V2 to the communication unit.
  - 3. The method of claim 2 further comprising authenticating the subscriber unit by the communication unit by determining whether the RESP_V and the RESP_V2 were generated by a same secret key.
  - 4. The method of claim 3 further comprising authenticating the subscriber unit by the communication unit by determining whether the RESP_V and the RESP_V2 match.

5. A method of generating authentication information for use in authenticating a subscriber unit communicating via a communication unit of a visited communication system using a first authentication protocol, the subscriber unit and a home communication system of the subscriber unit each storing a subscriber unit identifier and a first secret key of the subscriber unit and an authentication algorithm, the method comprising:
- in the home communication system, wherein the home communication system uses a home authentication protocol different from the first authentication protocol,(a) receiving an authentication message including the identifier of the subscriber unit, and an authentication challenge (RAND_V) and response (RESP_V) to the RAND_V in the first authentication protocol from the communication unit;
  
  (b) in response to authentication message, converting the RAND_V into an authentication challenge (RAND_H) in the home authentication protocol;
  
  (c) obtaining the first secret key and processing the RAND_H into an authentication response (RESP_H) in the home authentication protocol using the first secret key and authentication algorithm;
  
  (d) determining whether the RESP_H and RESP_V are both derived from the first secret key; and
  
  (e) sending a message confirming authentication when it is determined the RESP_H and RESP_V are both derived from the first secret key.
- View Dependent Claims (6)
- - 6. The method of claim 5 wherein step (d) further comprises converting the RESP_H into a RESP_V2 in the first authentication protocol and determining whether the RESP_H and RESP_V2 match.

7. A method of generating an authentication message for a subscriber unit communicating via a communication unit of a visited communication system using a first authentication protocol, the subscriber unit having a subscriber identity unit, and the subscriber identity unit and a home communication system of the subscriber identity unit each storing a subscriber identity unit identifier and a first secret key of the subscriber identity unit and an authentication algorithm, the method comprising:
- in the subscriber unit,(a) receiving a first authentication challenge (RAND_V) in the first authentication protocol from the communication unit;
  
  (b) converting, in response to a determination that the first authentication protocol is different from a home authentication protocol used in the home communication system, the RAND_V into an authentication challenge (RAND_H) in the home authentication protocol;
  
  (c) obtaining the subscriber identity unit stored first secret key and processing the RAND_H into an authentication response (RESP_H) in the home authentication protocol using the subscriber identity unit stored first secret key and authentication algorithm;
  
  (d) converting the RESP_H into a response (RESP_V) in the first authentication protocol; and
  
  (e) sending the RESP_V to the communication unit.
- View Dependent Claims (8)
- - 8. The method of claim 7 wherein step (d) comprises inserting pseudo random filler bits in the RESP_H to result in the RESP_V having a same bit length compatible with authentication responses in the first authentication protocol.

9. A method of authenticating a subscriber unit via a temporary subscriber unit terminal in a visited communication system using a first authentication protocol, the subscriber unit and a home communication system of the subscriber unit each storing a subscriber unit identifier and a first secret key of the subscriber unit and an authentication algorithm, the method comprising:
- in the terminal,(a) establishing a proximity communication link with the subscriber unit;
  
  (b) establishing a communication channel with a communication unit of the visited communication system, and requesting and receiving from the communication unit a first authentication challenge (RAND_V) in the first authentication protocol from the visited communication system;
  
  (c) converting, in response to a determination that the first authentication protocol is different from a home authentication protocol used in the home communication system of the subscriber unit, the RAND_V into an authentication challenge (RAND_H) in the home authentication protocol, and sending the RAND_H to the subscriber unit;
  
  (d) receiving an authentication response (RESP_H) from the subscriber unit, and converting the RESP_H into a response (RESP_V) in the first authentication protocol;
  
  (e) sending the RESP_V to the communication unit; and
  
  (f) receiving an authentication message notifying the terminal to activate a temporary subscriber unit when the RESP_V, converted into the home authentication protocol, is determined to match a further response calculated from the RAND_V, converted into the home authentication protocol, and the first secret key using the authentication algorithm.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9 wherein the subscriber unit comprises a subscriber identity unit and the terminal includes an subscriber identity unit interface device, and step (a) comprises receiving the subscriber identity unit and establishing an electromagnetic communication channel with the subscriber identity unit.
  - 11. The method of claim 9 wherein the subscriber unit includes electrical contacts and the terminal includes an subscriber unit interface device having complementary electrical contacts, and step (a) comprises interfacing the subscriber unit in the subscriber unit interface device to establish a communication channel with the subscriber unit via the electrical and complementary electrical contacts.
  - 12. The method of claim 9 wherein the subscriber unit and terminal each have a light-frequency transceiver, and step (a) comprises establishing a light-frequency communication channel between the light-frequency transceivers of the subscriber unit and terminal.

13. A subscriber unit adapted for interfacing with a subscriber identity unit and for communicating via a communication unit of a local communication system and being authenticated by a home communication system, wherein the subscriber identity unit includes a memory having a subscriber identifier, a first secret key and an authentication algorithm, the subscriber unit comprising:
- (a) communications means for sending and receiving signals to and from the communication unit;
  
  (b) determining means for determining that the local communication system uses a local system authentication protocol different from a home system authentication protocol used in the subscriber identity unit, and for activating a converting means in response to such a determination;
  
  (c) the converting means, coupled to the determining means and communications means, being operable for converting a first authentication challenge (RAND_V) from the communication unit in the local system authentication protocol into a home authentication challenge (RAND_H) in the home authentication protocol; and
  
  (d) interface means, coupled to the converting means and the subscriber identity unit when the subscriber identity unit is interfaced with the subscriber unit, for inputting the RAND_H into the subscriber identity unit for processing by the subscriber identity unit into a response (RESP_H) and first encryption key using the first secret key and home system authentication algorithm, and for receiving the RESP_H and first encryption key from the subscriber identity unit;
  
  wherein the converting means is further operable for converting the RESP_H into a first response (RESP_V) in the local system authentication protocol and outputting the RESP_V to the communication means for transmission to the communication unit.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The subscriber unit of claim 13 wherein the converting means comprises:
    - means for storing further RAND_V s received via the communication means until n further RAND_V s are stored, where n is a predetermined whole number, and then converting the n further RAND_V s into a further RAND_H for input into the subscriber identity unit.
  - 15. The subscriber unit of claim 13 wherein the converting means comprises:
    - means for storing further RAND_V s received via the communication means in a register, and converting the RAND_V and further RAND_V s by (i) when the stored RAND_V and further RAND_V s have a total number of bits less than a number of bits of a standard authentication challenge of the home authentication protocol, inserting filler bits to form the RAND_H ; and
      
      (ii) when the stored RAND_V and further RAND_V s have a total number of bits greater than a number of bits of a standard authentication challenge of the home authentication protocol, using first bits, of the stored RAND_V and further RAND_V s most recently stored and having a same number as the number of bits of said standard authentication challenge of the home authentication protocol, to form the RAND_H.
  - 16. The subscriber unit of claim 13 wherein the determining means is a switch circuit responsive to a user input activating the subscriber unit for communication within the local communication system.
  - 17. The subscriber unit of claim 13 wherein the determining means and converting means together comprise a processor adapted for comparing a predetermined parameter of the received RAND_V against stored predetermined parameters, each corresponding to a system authentication protocol, to determine whether the local system authentication protocol differs from the home system authentication protocol, and when the local system authentication protocol differs converting the RAND_V to the RAND_H.
  - 18. The subscriber unit of claim 17 wherein the predetermined parameter is the bit length of the RAND_V, and the processor is further adapted for, when the local system authentication protocol differs from the home system authentication protocol, converting the RAND_V by either truncating or adding additional bits such that the RAND_H has a same bit length as the stored predetermined parameter bit length corresponding to the home system authentication protocol.

19. A subscriber unit for communicating via a communication unit of a local communication system and being authenticated by a home communication system, wherein the subscriber unit includes a memory having a subscriber identifier, a first secret key and an authentication algorithm, the subscriber unit comprising:
- (a) communications means for sending and receiving signals to and from the communication unit;
  
  (b) determining means for determining that the local communication system uses a local system authentication protocol different from a home system authentication protocol used in the subscriber unit, and for activating an authentication means in response to such a determination; and
  
  (c) the authentication means, coupled to the determining means and communications means, being operable for (i) converting a first authentication challenge (RAND_V) from the communication unit in the local system authentication protocol into a home authentication challenge (RAND_H) in the home authentication protocol, (ii) processing the RAND_H into a response (RESP_H) and first encryption key using the first secret key and authentication algorithm, and for converting the RESP_H into a first response (RESP_V) in the local system authentication protocol and outputting the RESP_V to the communication means for transmission to the communication unit.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The subscriber unit of claim 19 wherein the determining means is a switch circuit responsive to a user input activating the subscriber unit for communication within the local communication system.
  - 21. The subscriber unit of claim 19 wherein the first secret key is a temporary secret key generated from a second secret key also stored in the memory, and the subscriber unit further comprises an encryption means for encrypting and decrypting information communicated via the communication unit using the temporary secret key.
  - 22. The subscriber unit of claim 19 wherein the determining means and authentication means together comprise a processor adapted for comparing a predetermined parameter of the received RAND_V against stored predetermined parameters, each corresponding to a system authentication protocol, to determine whether the local system authentication protocol differs from the home system authentication protocol, and when the local system authentication protocol differs converting the RAND_V to the RAND_H.
  - 23. The subscriber unit of claim 22 wherein the predetermined parameter is the bit length of the RAND_V, and the processor is further adapted for, when the local system authentication protocol differs from the home system authentication protocol, converting the RAND_V by either truncating or adding additional bits such that the RAND_H has a same bit length as the stored predetermined parameter bit length corresponding to the home system authentication protocol.
  - 24. The subscriber unit of claim 19 further comprising second communication means, coupled to the determining means and authentication means, for establishing a proximity communication channel with a temporary subscriber unit terminal and communicating at least one further challenge, at least one further authentication response generated for each further challenge, the subscriber identifier and a service request between the subscriber unit and the terminal.
  - 25. The subscriber unit of claim 24, wherein the determining means is further operable for determining whether the at least one further challenge is in the home system authentication protocol, and wherein the authentication means is further operable for (i) generating at least one further authentication response for each further challenge using the first secret key and outputting each at least one further authentication response for communication to the terminal, when the at least one further challenge is in the home system protocol;
    - and (ii) converting the at least one further challenge into the home authentication protocol, processing each converted at least one further challenge into a further authentication response and further encryption key using the first secret key and authentication algorithm, and converting each said response to each converted at least one further challenge into the local system authentication protocol and outputting the each converted response to the second communication means for communication to the terminal.
  - 26. The subscriber unit of claim 24 wherein the second communications means comprises a light frequency transceiver adapted for communicating with a light frequency transceiver on the terminal.
  - 27. The subscriber unit of claim 26 wherein the light frequency transceivers are infrared transceivers.

28. A subscriber identity unit adapted for being received in a subscriber unit communicating via a communication unit of a local communication system, wherein the subscriber identity unit includes a memory having a subscriber identifier, a first secret key and at least one authentication algorithm, the subscriber identity unit comprising:
- (a) interface means for sending and receiving information to and from the subscriber unit;
  
  (b) determining means for determining whether a challenge (RAND) received from the subscriber unit is in a home system authentication protocol or a visited system authentication protocol different from the home system authentication protocol, and for activating a converting means in response to such a determination that the RAND is in a visited system authentication protocol;
  
  (c) the converting means, coupled to the determining means and interface means, being operable for converting a first authentication challenge (RAND_V) from the communication unit in the visited system authentication protocol into a home authentication challenge (RAND_H) in the home system authentication protocol; and
  
  (d) processing means, coupled to the converting means, for inputting the RAND_H and calculating a response (RESP_H) using the RAND_H, the first secret key and the authentication algorithm;
  
  wherein the converting means is further operable for receiving and converting the RESP_H into a first response (RESP_V) in the visited system authentication protocol and outputting the RESP_V to the SU.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- - 29. The subscriber identity unit of claim 28 wherein the converting means comprises:
    - means for storing further RAND_V s received via the communication means until n further RAND_V s are stored, where n is a predetermined whole number, and then converting the n further RAND_V s into a further RAND_H for input to the processing means.
  - 30. The subscriber identity unit of claim 28 wherein the processing means is further operable for calculating a first privacy key (K_H) using the RAND_H, the first secret key and the authentication algorithm, and wherein the converting means is further operable for receiving and converting the first K_H into a first privacy key in the visited system authentication protocol (K_V) and outputting the K_V to the subscriber unit.
  - 31. The subscriber identity unit of claim 28 wherein the determining means is a switch circuit responsive to a user input activating the subscriber unit for communication within the local communication system.
  - 32. The subscriber unit of claim 28 wherein the determining means, converting means and processing means together comprise a processor adapted for comparing a predetermined parameter of the received RAND against stored predetermined parameters, each corresponding to a system authentication protocol, to determine whether a local system authentication protocol is the visited system authentication protocol, and if so converting the RAND_V to the RAND_H, calculating the RESP_H, and converting the RESP_H into the RESP_V.
  - 33. The subscriber unit of claim 32 wherein the predetermined parameter is the bit length of the RAND, and the processor is further adapted for, when the local system authentication protocol is the visited system authentication protocol, converting the RAND_V by either truncating or adding additional bits such that the RAND_H has a same bit length as the stored predetermined parameter bit length corresponding to the home system authentication protocol.
  - 34. The subscriber identity unit of claim 32 further comprising communication means, coupled to the processor, for establishing a proximity communication channel with a temporary subscriber unit terminal and communicating at least one further challenge, at least one further authentication response generated for each further challenge, the subscriber identifier and a service request between the subscriber identity unit and the terminal.
  - 35. The subscriber unit of claim 34, wherein the determining means is further operable for determining whether the at least one further challenge is in the home system authentication protocol, and wherein the processor is further operable for (i) generating at least one further authentication response for each further challenge using the first secret key and outputting each at least one further authentication response for communication to the terminal, when the at least one further challenge is in the home system protocol;
    - and (ii) converting the at least one further challenge into the home authentication protocol, processing each converted at least one further challenge into a further authentication response and further encryption key using the first secret key and authentication algorithm, and converting each said response to each converted at least one further challenge into the visited system authentication protocol and outputting the each converted response to the communication means for communication to the terminal.

36. A subscriber terminal, for providing communication services to a subscriber having an authentication unit including a communications interface, a processor and a memory storing a subscriber identifier, a secret key and an authentication algorithm, and for communicating information between the authentication unit and a communication unit of a local communication system and authenticating the authentication unit by a home communication system of the authentication unit, the terminal comprising:
- (a) communications means for sending and receiving information to and from the communication unit, and for sending and receiving information to and from the authentication unit via the communications interface;
  
  (b) determining means for determining that the authentication unit uses a home system authentication protocol different from a local system authentication protocol used in the communication unit, and for activating a converting means in response to such a determination;
  
  (c) the converting means, coupled to the determining means and communications means, being operable for converting a first authentication challenge (RAND_V) in the local system authentication protocol into a home authentication challenge (RAND_H) in the home authentication protocol, and for converting a first response (RESP_H) to the RAND_H from the authentication unit in the home system authentication protocol into a response (RESP_V)in the local system authentication protocol;
  
  wherein the communications means is further operable for communicating the RAND_H to the authentication unit and receive the RESP_H from the authentication unit, and for communicating the RESP_V to the communication unit.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 37. The subscriber terminal of claim 36 further comprising:
    - (d) storage means for storing a temporary subscriber unit; and
      
      (e) release means, coupled to the storage means and communication means, for determining the authentication unit is authenticated by the home communication system and in response thereto releasing the temporary subscriber unit.
  - 38. The subscriber terminal of claim 37 wherein the release means further comprises temporary subscriber unit interface means for inputting at least one further RAND_V /RESP_V pair into the temporary subscriber unit for use in authenticating the temporary subscriber unit in the local communication system.
  - 39. The subscriber terminal of claim 37 wherein the release means further comprises temporary subscriber unit interface means for inputting at least one further privacy key (K_V) into the temporary subscriber unit for use in encrypting information to and from the temporary subscriber unit when communicating via the local communication system.
  - 40. The subscriber terminal of claim 37 wherein the release means further comprises temporary subscriber unit interface means for inputting at least one user parameter into the temporary subscriber unit for limiting the operation of the temporary subscriber unit, and wherein the at least one use parameter includes information specifying the period of time after which the temporary subscriber unit is deactivated and any subscriber-specific information stored therein erased.
  - 41. The subscriber terminal of claim 36 further comprising:
    - (d) storage means for storing a temporary subscriber identity unit; and
      
      (e) release means, coupled to the storage means and communication means, for determining the authentication unit is authenticated by the home communication system and in response thereto releasing the temporary subscriber identity unit.
  - 42. The subscriber terminal of claim 36 wherein the authentication unit is a subscriber identity unit smart card, and the communications means includes a smart card reader for sending and receiving information to and from the authentication unit via the communications interface.
  - 43. The subscriber terminal of claim 36 wherein the authentication unit is a subscriber unit and the communications interface includes electrical contacts, and the communication means further comprises contact means adapted for receiving the subscriber unit electrical contacts and sending and receiving the information to and from the subscriber unit via the electrical contacts.
  - 44. The subscriber terminal of claim 36 wherein the authentication unit is a subscriber unit and the communications interface includes an enclosed rf transmission chamber having an antenna, and the communication means further comprises means adapted for transceiving to and from the subscriber unit using a home communication system air interface.
  - 45. The subscriber terminal of claim 36 wherein the communications means further comprises a means for establishing a proximity-only communication channel with the communications interface of the authentication unit.
  - 46. The subscriber terminal of claim 45 wherein the communications interface includes a light frequency transceiver, and the means for establishing a proximity-only communication channel includes a light frequency transceiver.
  - 47. The subscriber terminal of claim 45 further comprising:
    - (d) storage means for storing a temporary subscriber unit; and
      
      (e) release means, coupled to the storage means and communication means, for determining the authentication unit is authenticated by the home communication system and in response thereto releasing the temporary subscriber unit.
  - 48. The subscriber terminal of claim 45 further comprising a user interface coupled to the communication means, wherein the communication means is further operable for determining the authentication unit is authenticated by the home communication system and in response thereto connecting a communication channel to the user interface.
  - 49. The subscriber terminal of claim 48 wherein the user interface is one of the group consisting of a video terminal, an audio input/output device, a facsimile device and a data modem.
  - 50. The subscriber terminal of claim 36 wherein the local communication system is the home communication system of the authentication unit and the authentication unit is authenticated at a second communication unit in the home communication system, and the communications means further comprises a means for establishing a proximity-only communication channel with the communications interface of the authentication unit.

51. A temporary subscriber unit for communicating user information via a local communication system, comprising:
- (a) a temporary memory;
  
  (b) interface means, coupled to the temporary memory, for receiving and inputting authentication information and at least one use parameter into the temporary memory, wherein the at least one use parameter includes information specifying an amount of communications services allowed after which further communications with the temporary subscriber unit are inhibited;
  
  (c) communications means, coupled to the temporary memory, for using the authentication information to authenticate the temporary subscriber unit, and communicating the user information, with a local system for the specified amount of communications services; and
  
  (d) deactivation means for to inhibit the communication means and erase the authentication information and any subscriber-specific information following the specified amount of communications services.
- View Dependent Claims (52)
- - 52. The temporary subscriber unit of claim 51 wherein the communications means further comprises a means for establishing a proximity-only communication channel with a subscriber authentication unit.

53. A communication unit of a home communication system of a subscriber unit capable of operation in a second local communication system, wherein the communication unit and subscriber unit each have a memory including an authentication algorithm, a stored first secret key and a subscriber identifier of the subscriber unit, the communication unit comprising:
- (a) communication means for receiving and sending authentication information for the subscriber unit, wherein the authentication information includes at least a challenge (RAND) and a response to the challenge (RESP) by the subscriber unit;
  
  (b) determining means for determining that the authentication information from the local communication system is in a local system authentication protocol different from a home system authentication protocol used in the subscriber unit; and
  
  (c) authentication means, coupled to the determining means and communications means, for (i) converting a first authentication challenge (RAND_V) from the local communication system in the local system authentication protocol into a home authentication challenge (RAND_H) in the home authentication protocol, (ii) processing the RAND_H into a response (RESP_H) using the first secret key and authentication algorithm, and for converting the RESP_H into a first response (RESP_V) in the local system authentication protocol and outputting the RESP_V to the communication means for transmission to the local communication system.
- View Dependent Claims (54, 55)
- - 54. The communication unit of claim 53 wherein the authentication means is further operable for processing the RAND_H into a first encryption key using the first secret key and an encryption algorithm, and for converting the first encryption key into a converted encryption key in the local system authentication protocol and outputting the converted encryption key to the communication means for transmission to the local communication system.
  - 55. The communication unit of claim 53 wherein the authentication means is further operable (i) for generating a further home authentication challenge (RAND_H) in the home authentication protocol, (ii) for processing the further RAND_H into n responses using the first secret key and authentication algorithm, where n is a predetermined whole number greater than 1 and each of the n responses is in the local system authentication protocol, and processing the further RAND_H into a shared encryption key using the first secret key and an encryption algorithm and for converting the shared encryption key into a converted shared encryption key in the local system authentication protocol, and (iii) for outputting the further RAND_H, n responses and converted shared encryption key to the communication means for transmission to the local communication system.

56. A communication unit of a home communication system of a subscriber unit capable of operation in a second local communication system, wherein the communication unit and subscriber unit each have a memory including an authentication algorithm, a stored first secret key and a subscriber identifier of the subscriber unit, the communication unit comprising:
- (a) communication means for receiving a request for authentication of the subscriber unit from the local communication system;
  
  (b) determining means, coupled to the communication means, for determining, following receipt of the request for authentication, that the local communication system uses a local system authentication protocol different from a home system authentication protocol used in the subscriber unit;
  
  (c) authentication means, coupled to the determining means and communications means, for generating authentication information in the local system authentication protocol for outputting to the communications means, the authentication means comprising means for generating a challenge and a response and means for converting the challenge and response from the home system authentication protocol into a challenge and response in the local system authentication protocol.
- View Dependent Claims (57, 58)
- - 57. The communication unit of claim 56 wherein the communications means is operable to send the RAND_V and RESP_V as the authentication information to the local communication system.
  - 58. The communication unit of claim 57 wherein the generating means is further operable for generating an encryption key using the authentication algorithm and first secret key, and the conversion means are further operable for converting the encryption key from the home system authentication protocol into a converted encryption key in the local system authentication protocol;
    - wherein the communications means is further operable to send the converted encryption key along with the authentication information to the local communication system.

59. A communication system including a first subscriber unit, a home system having at least one home communication unit using a first authentication protocol and having memory for storing an identifier and first secret key of the first subscriber unit, wherein the home communication unit is operable for processing an authentication challenge into a response using the authentication challenge and first secret key, the communication system comprising:
- (a) a second local system having a local communication unit using a second authentication protocol, wherein the subscriber unit is operable for communicating with both the home system and local system;
  
  (b) interworking means, coupled to at least one of the local communication unit and home communication unit, for converting a first authentication challenge (RAND_V) in the second authentication protocol into a home authentication challenge (RAND_H) in the home authentication protocol, and converting a response to the RAND_H (RESP_H) in the home authentication protocol into a response (RESP_V) in the second authentication protocol; and
  
  (c) communication means for coupling the local communication unit to the home communication unit for communicating between the local communication unit and home communication unit one of the group consisting of the RAND_V and the RAND_H and one of the group consisting of the RESP_H and the RESP_V.
- View Dependent Claims (60, 61)
- - 60. The communication system of claim 59 wherein the local communication unit is adapted for sending the RAND_V and RESP_V to the home communication unit via the communication means;
    - the interworking means is coupled to the home communication unit and operable for converting the RAND_V into the RAND_H and the RESP_H into the RESP_V ;
      
      the home communication unit includes an authentication means for receiving the RAND_H, processing the RAND_H into a further response using the RAND_H and first secret key, and determining if the further response matches the RESP_H.
  - 61. The communication system of claim 59 wherein the home communication unit includes an authentication means for generating, in response to a request for authentication of the subscriber unit via the local communication unit, the RAND_H and processing the RAND_H into the RESP_H using the RAND_H and first secret key;
    - the interworking means is coupled to the home communication unit and operable for converting the RAND_V into the RAND_H and the RESP_H into the RESP_V ; and
      
      the home communication unit is further adapted for sending the RAND_V and RESP_V to the local communication unit via the communication means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Brown, Daniel P., Finkelstein, Louis D.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/282,832
Time in Patent Office

718 Days
Field of Search

380/23, 380/30, 380/49, 379/62
US Class Current

380/248
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/3271   using challenge-response

H04M 3/382   using authorisation codes o...

H04M 3/42229   Personal communication serv...

H04W 12/069   using certificates or pre-s...

H04W 8/12   between location registers ...

H04W 8/183   Processing at user equipmen...

H04W 8/205   Transfer to or from user eq...

H04W 88/06   adapted for operation in mu...

Method and apparatus for authentication in a communication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

220 Citations

61 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for authentication in a communication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

220 Citations

61 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others