Secure authentication-key management system and method for mobile communications

US 5,970,144 A
Filed: 01/31/1997
Issued: 10/19/1999
Est. Priority Date: 01/31/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a first mobile station comprising the steps of:

receiving an authentication request in a secure authentication center (SAC), said authentication request including a first authentication signal generated by the first mobile station;

transmitting a request signal from said SAC to a secure authentication-key management system (SAMS), said request signal identifying the first mobile station;

generating a response signal in the SAMS, said response signal generated using authentication information signals not available to the SAC;

transmitting said response signal from said SAMS to said SAC;

generating a second authentication signal using said response signal and additional non-sensitive authentication information signals;

comparing said first authentication signal and said second authentication signal;

generating a authentication result signal in response to said comparing step, said authentication result identifying whether the mobile station has been successfully authenticated.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enabling sensitive authentication information to be under the control of the service provider and transmitting only non-sensitive authentication information to the AC, for providing a secure technique for generating sensitive authentication information and for securely transmitting to and storing the information in the mobile system (MS) and a storage device controlled by the service provider, and for enabling a mobile station to utilize features supported by the visited system even if the MS home system does not support the feature. The present invention utilizes a secure authentication center (SAC) and a secure A-key management system (SAMS) to perform authentication. The SAC can be positioned locally in a home system, or it can be centrally located, for example, between systems. The SAC can be connected to many SAMS. Each SAMS stores sensitive authentication information for a group of MS'"'"'s. During authentication, the SAC generates a request signal to the appropriate SAMS which generates a unique signal based upon the secret authentication data and other data stored therein. However, the sensitive authentication data is not sent to the SAC. The SAC performs authentication using the unique signal transmitted by the SAMS.

Citations

35 Claims

1. A method for authenticating a first mobile station comprising the steps of:
- receiving an authentication request in a secure authentication center (SAC), said authentication request including a first authentication signal generated by the first mobile station;
  
  transmitting a request signal from said SAC to a secure authentication-key management system (SAMS), said request signal identifying the first mobile station;
  
  generating a response signal in the SAMS, said response signal generated using authentication information signals not available to the SAC;
  
  transmitting said response signal from said SAMS to said SAC;
  
  generating a second authentication signal using said response signal and additional non-sensitive authentication information signals;
  
  comparing said first authentication signal and said second authentication signal;
  
  generating a authentication result signal in response to said comparing step, said authentication result identifying whether the mobile station has been successfully authenticated.

2. A system for generating a shared data signal for use in authenticating a first mobile station comprising:
- a first device, having a memory module, said memory module having a first secret data signal stored therein, said first device receiving a data request signal representing a request for the shared data signal to be used for authenticating the first mobile station, generating the shared data signal using said first secret data in response to said data request signal, transmitting said shared data signal, wherein said first secret data signal is stored only in said first device and the first mobile station.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 3. The system of claim 2, further comprising:
    - an authentication unit, disposed to communicate with the first mobile station, for authenticating said first mobile station, said authentication unit not having access to said first secret data signal.
  - 4. The system of claim 3, wherein said data request signal includes a first identification signal that identifies the first mobile station.
  - 5. The system of claim 4, wherein said first device uses an encryption algorithm to generate said shared data signal.
  - 6. The system of claim 5, wherein said encryption algorithm utilizes said first identification signal, said first secret data signal, and said first number signal to generate said shared data signal wherein said first number signal is signal representing one of a random number and a pseudo-random number.
  - 7. The system of claim 6, wherein said first device generates said first number signal.
  - 8. The system of claim 6, wherein said authentication unit generates said first number signal.
  - 9. The system of claim 3, wherein said authentication unit receives said shared data signal from said first device and a first authentication signal representing authentication information for said first mobile station;
    - wherein said authentication unit generates a second authentication signal using said shared data signal and compares said first and second authentication signal to authenticate said first mobile system.
  - 10. The system of claim 9, wherein said authentication unit receives a first signal representing one of a random number and a pseudo random number that is used to generate said first authentication signal wherein said authentication unit utilizes said first signal to generate said second authentication signal.
  - 11. The system of claim 2, wherein said data request signal includes a first identification signal that identifies the first mobile station.
  - 12. The system of claim 11, wherein said first device uses an encryption algorithm to generate said shared data signal.
  - 13. The system of claim 12, wherein said encryption algorithm utilizes said first identification signal, said first secret data signal, and said first number signal to generate said shared data signal wherein said first number signal represents one of a random number and a pseudo-random number.
  - 14. The system of claim 13, wherein said first device generates said first number signal.
  - 15. The system of claim 2, wherein said first device uses an encryption algorithm to generate said shared data signal.

16. A system for authenticating a first mobile station comprising:
- an authentication unit, disposed to communicate with the first mobile station, for authenticating said first mobile station; and
  
  a first device, having a memory module, said memory module having a first secret data signal stored therein, said first device receiving a data request signal representing a request for a shared data signal to be used for authenticating the first mobile station, generating a shared data signal using said first secret data in response to said data request signal, transmitting said shared data signal, wherein said first secret data signal is not available to said authentication unit.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The system of claim 16, wherein said authentication unit receives said shared data signal from said first device and a first authentication signal representing authentication information for said first mobile station;
    - wherein said authentication unit generates a second authentication signal using said shared data signal and compares said first and second authentication signal to authenticate said first mobile system.
  - 18. The system of claim 17, wherein said authentication unit receives a first signal representing one of a random number and a pseudo random number that is used to generate said first authentication signal wherein said authentication unit utilizes said first signal to generate said second authentication signal.
  - 19. The system of claim 18, wherein said data request signal includes a first identification signal that identifies the first mobile station.
  - 20. The system of claim 19, wherein said first device uses an encryption algorithm to generate said shared data signal.
  - 21. The system of claim 20, wherein said encryption algorithm utilizes said first identification signal, said first secret data signal, and said first number signal to generate said shared data signal wherein said first number signal is signal representing one of a random number and a pseudo-random number.
  - 22. The system of claim 21, wherein said first device generates said first number signal.
  - 23. The system of claim 21, wherein said authentication unit generates said first number signal.
  - 24. The system of claim 16, wherein said data request signal includes a first identification signal that identifies the first mobile station.
  - 25. The system of claim 24, wherein said first device uses an encryption algorithm to generate said shared data signal.
  - 26. The system of claim 25, wherein said encryption algorithm utilizes said first identification signal, said first secret data signal, and said first number signal to generate said shared data signal wherein said first number signal is signal representing one of a random number and a pseudo-random number.
  - 27. The system of claim 26, wherein said first device generates said first number signal.
  - 28. The system of claim 26, wherein said authentication unit generates said first number signal.

29. A method for generating a shared data signal in a first device having a memory module having a first secret data signal stored therein, for authenticating a first mobile station comprising the steps of:
- receiving a data request signal representing a request for a shared data signal to be used for authenticating the first mobile station;
  
  generating a shared data signal using a first secret data in response to said data request signal; and
  
  transmitting said shared data signal, wherein said first secret data signal is stored only in said first device and the first mobile station.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The method of claim 29 further comprising the step of:
    - authenticating said first mobile station by an authentication unit not having access to said first secret data signal.
  - 31. The method of claim 30, wherein said data request signal includes a first identification signal that identifies the first mobile station.
  - 32. The method of claim 31, wherein said step of generating a shared data signal includes the step of using an encryption algorithm to generate said shared data signal.
  - 33. The method of claim 32, wherein said encryption algorithm utilizes said first identification signal, said first secret data signal, and said first number signal to generate said shared data signal wherein said first number signal is signal representing one of a random number and a pseudo-random number.
  - 34. The method of claim 30, further comprising the steps of:
    - receiving said shared data signal from said first device and a first authentication signal representing authentication information for said first mobile station at said authentication unit;
      
      generating a second authentication signal using said shared data signal; and
      
      comparing said first and second authentication signal to authenticate said first mobile system.
  - 35. The method of claim 34, further comprising the steps of:
    - receiving a first signal representing one of a random number and a pseudo random number that is used to generate said first authentication signal; and
      
      utilizing said first signal to generate said second authentication signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synacom Technology, Inc.
Original Assignee
Synacom Technology, Inc.
Inventors
Gallagher, Michael D., Snyder, Randall A., Lee, Ming J., Chan, Yick Man, Grencions, Vilnis G.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/791,992
Time in Patent Office

991 Days
Field of Search

380/23, 380/25, 380/30, 380/49, 380/45
US Class Current

380/247
CPC Class Codes

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/065   Continuous authentication

Secure authentication-key management system and method for mobile communications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Secure authentication-key management system and method for mobile communications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links