Method and apparatus for encrypting radio traffic in a telecommunications network
First Claim
1. A method for encrypting communications traffic between a mobile communications network and a communications terminal, comprising the steps of:
- storing a public key and a first identifier associated with said mobile communications network at said communications terminal;
comparing said first identifier stored at said communications terminal with a second identifier received from said mobile communications network;
generating a secret key at said communications terminal when the first identifier matches the second identifier;
encrypting said secret key with said stored public key at said communications terminal;
transmitting said encrypted secret key from said communications terminal;
receiving said encrypted secret key at said mobile communications network;
decrypting said received encrypted secret key with a private key, said private key associated with said public key;
encrypting said communications traffic with said secret key; and
maintaining said encrypted communications traffic between said mobile communications network and said communications terminal when the mobile communications network does not know an identity of said communications terminal.
2 Assignments
0 Petitions
Accused Products
Abstract
A generic communications network provides an encrypted communications interface between service networks and their subscribers. When communications are initiated between a subscribing communications terminal and the generic network, the terminal compares a stored network identifier associated with a stored public key, with a unique identifier broadcast by the generic network. If a match is found, the terminal generates a random secret key, encrypts the secret key with the stored public key, and transmits the encrypted secret key. The generic communications network decrypts the secret key using a private key associated with the public key. The secret key is used thereafter by the terminal and the generic network to encrypt and decrypt the ensuing radio traffic. Consequently, the network can maintain secure communications with the terminal without ever knowing the terminal'"'"'s identity.
234 Citations
46 Claims
-
1. A method for encrypting communications traffic between a mobile communications network and a communications terminal, comprising the steps of:
-
storing a public key and a first identifier associated with said mobile communications network at said communications terminal; comparing said first identifier stored at said communications terminal with a second identifier received from said mobile communications network; generating a secret key at said communications terminal when the first identifier matches the second identifier; encrypting said secret key with said stored public key at said communications terminal; transmitting said encrypted secret key from said communications terminal; receiving said encrypted secret key at said mobile communications network; decrypting said received encrypted secret key with a private key, said private key associated with said public key; encrypting said communications traffic with said secret key; and maintaining said encrypted communications traffic between said mobile communications network and said communications terminal when the mobile communications network does not know an identity of said communications terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 42, 43, 44, 45, 46)
-
-
26. A method for encrypting traffic between a generic communications network and a first communications terminal, comprising the steps of:
-
broadcasting a public key from said generic communications network to a plurality of communications terminals, said plurality of communications terminals including said first communications terminal; generating a secret key at said first communications terminal; encrypting said secret key with said public key at said first communications terminal; transmitting said encrypted secret key from said first communications terminal; receiving said encrypted secret key at said generic communications network; decrypting said received encrypted secret key with a private key, said private key associated with said public key; encrypting said traffic with said secret key; and maintaining said encrypted traffic between said generic communications network and said first communications terminal when the generic communications network does not know an identity of said first communications terminal. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method for encrypting communications traffic between a mobile communications network and a communications terminal, comprising the steps of:
-
storing two numbers associated with a Diffie-Hellman exponential key exchange algorithm and a first identifier associated with said mobile communications network at said communications terminal; comparing said first identifier stored at said communications terminal with a second identifier received from said mobile communications network; generating a first random number at said communications terminal when the first identifier matches the second identifier; generating a second random number at said mobile communications network when the first identifier matches the second identifier; and using said first and second random numbers as inputs to said Diffie-Hellman exponential key exchange algorithm, generating a third number to be used as a secret key by said communications terminal and said mobile communications network; encrypting said communications traffic with said secret key; and maintaining said encrypted communications traffic between said mobile communications network and said communications terminal when the mobile communications network does not know an identity of said communications terminal. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for encrypting traffic between a generic communications network and a first communications terminal, comprising the steps of:
-
broadcasting two numbers associated with an exponential key exchange algorithm from said generic communications network to a plurality of communications terminals, said plurality of communications terminals including said first communications terminal; generating a first random number at said first communications terminal; generating a second random number at said generic communications network; using said first and second random numbers as inputs to said exponential key exchange algorithm, generating a third number to be used as a secret key by said first communications terminal and said generic communications network; encrypting said traffic with said secret key; and maintaining said encrypted traffic between said generic communications network and said first communications terminal when the generic communications network does not know an identity of said first communications terminal.
-
-
40. A system for use in encrypting traffic between a generic communications network and a communications terminal, comprising:
-
an access network included in said generic communications network; and access network means coupled to said communications terminal and associated with said access network, for storing a public encryption key associated with said generic communications network, generating a secret key, encrypting said secret key with said stored public encryption key, transmitting said encrypted secret key to said generic communications network;
encrypting said traffic with said secret key, and maintaining said encrypted traffic between said generic communications network and said communications terminal when the generic communications network does not know an identity of said communications terminal.
-
-
41. A system for use in encrypting traffic between a generic communications network and a communications terminal, comprising:
-
first network means for storing a private encryption key, distributing a public encryption key, and decrypting an encrypted secret session key; second network means connected to said first network means, for broadcasting said distributed public encryption key, said first and second network means associated with an access network of said generic communications network; and access network means coupled to said communications terminal and associated with said access network of said generic communications network, for receiving said broadcast public encryption key, generating a secret key, encrypting said secret key with said received public encryption key, transmitting said encrypted secret key to said generic communications network;
encrypting said traffic with said secret key; and
maintaining said encrypted traffic between said generic communications network and said communications terminal when the generic communications network does not know an identity of said communications terminal.
-
Specification