Process of combined authentication of a telecommunication terminal and of a user module

US 5,661,806 A
Filed: 03/27/1995
Issued: 08/26/1997
Est. Priority Date: 03/29/1994
Status: Expired due to Fees

First Claim

Patent Images

1. Process for controlling access to a telecommunications network by means of a terminal operating together with a user module, in which a session key is calculated, on the one hand by the user module and on the other hand by the network, on the basis of data which include a user identification key held secretly in a memory of the user module and a first random number provided by the network, the network retrieving the user identification key on the basis of a user identification parameter issued by the terminal, wherein the terminal calculates an authentication key on the basis of data which include the session key calculated by the user module, a terminal identification key held secretly in a memory of the terminal and a second random number provided by the network, wherein the network calculates in the same way the authentication key on the basis of data which include the session key calculated by the network, the terminal identification key retrieved by the network on the basis of a terminal identification parameter issued by the terminal and the second random number, and wherein the terminal is authorized to access the network in the event of concordance between the authentication keys calculated by the terminal and by the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The terminal and the user module are authenticated in a combined manner on the basis of an authentication key calculated on the one hand by the terminal and on the other hand by the network. A session key is firstly calculated by the user module on the basis of a secret user key, of a terminal identification parameter and of a first random number. Calculation of the authentication key by the terminal involves this session key calculated by the user module, a secret terminal identification key and a second random number. The network calculates in the same way the session key and the authentication key by retrieving the secret keys on the basis of the identification parameters transmitted by the terminal. The terminals can then be authenticated by the network independently of the associated user modules.

Citations

6 Claims

1. Process for controlling access to a telecommunications network by means of a terminal operating together with a user module, in which a session key is calculated, on the one hand by the user module and on the other hand by the network, on the basis of data which include a user identification key held secretly in a memory of the user module and a first random number provided by the network, the network retrieving the user identification key on the basis of a user identification parameter issued by the terminal, wherein the terminal calculates an authentication key on the basis of data which include the session key calculated by the user module, a terminal identification key held secretly in a memory of the terminal and a second random number provided by the network, wherein the network calculates in the same way the authentication key on the basis of data which include the session key calculated by the network, the terminal identification key retrieved by the network on the basis of a terminal identification parameter issued by the terminal and the second random number, and wherein the terminal is authorized to access the network in the event of concordance between the authentication keys calculated by the terminal and by the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. Process according to claim 1, wherein the network including an access system and at least one user management unit, the calculations of session keys by the network are performed at user management unit level, whereas the calculations of authentication keys by the network are performed at access system level.
  - 3. Process according to claim 1, wherein the data on the basis of which the session key is calculated further include the terminal identification parameter.
  - 4. Process according to claim 1, wherein the terminal stores the user identification parameter and the session key calculated by the user module, and wherein the network stores the user identification parameter and the terminal identification parameter which are received from the terminal as well as the session key calculated by the network.
  - 5. Process according to claim 1, wherein, when a plurality of user modules have been presented in succession to the terminal, and when access to the network by the terminal has been authorized for each of said plurality of user modules, the terminal stores the user identification parameters relating to each of said plurality of modules and at least one session key calculated by one of said plurality of modules, and the network stores the user identification parameters relating to each of said plurality of modules, the terminal identification parameter and at least the session key calculated by the network in relation to said one of said plurality of modules.
  - 6. Process according to claim 4, further comprising a subsequent authentication procedure which includes the following steps:
    - the terminal sends the network its identification parameter and the user identification parameter or parameters which it stores;
      
      the network sends the terminal a random number;
      
      the terminal calculates an authentication key on the basis of data which include the session key which it has held in memory, its identification key and the random number which it has just received from the network; and
      
      the terminal sends said authentication key to the network;
      
      the network calculates in the same way the authentication key on the basis of data which include the session key which it has held in memory in connection with the identification parameters received from the terminal, the terminal identification key retrieved on the basis of the terminal identification parameter and the random number; and
      
      the network compares the authentication key which it has received from the terminal with that which it has calculated in order to authorize the terminal to access the network in the event of concordance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Campana, Mireille, Nevoux, Rola
Primary Examiner(s)
Cain, David C.

Application Number

US08/411,206
Time in Patent Office

883 Days
Field of Search

380/4, 380/23, 380/25, 380/21
US Class Current

380/247
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0853   using an additional device,...

H04L 9/0844   with user authentication or...

H04L 9/0877   using additional device, e....

H04W 12/069   using certificates or pre-s...

H04W 88/02   Terminal devices

Process of combined authentication of a telecommunication terminal and of a user module

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Process of combined authentication of a telecommunication terminal and of a user module

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links